How Google uses Customer Match data

This article explains how we handle the data files that you upload for use in Customer Match.

Google Ads Customer Match lets you use the information that your customers shared with you to reach them where they are. Ads are shown to your customers based on the data that you share about these customers with Google.

We understand the importance and sensitivity of your customers’ data, and we're committed to protecting the confidentiality and security of the data that you share with us.

How we handle your data

The customer data files that you upload will only be used to match your customers to Google accounts and to ensure that your Google Ads Customer Match campaigns comply with our policies. We'll keep your data confidential and secure using the same industry-leading standards that we use to protect our own user data.

Google doesn’t receive actual email addresses. Google’s system transforms the contact information that we have for Google accounts, like email addresses and phone numbers, into hashed codes using the secure hashing algorithm SHA256, a one-way hashing mechanism that isn't unencrypted by Google.

Here is how we treat the data files that you upload:

  • Limited data use. We won’t use your data files for any purpose other than to create your Customer Match audiences and ensure compliance with our policies. We won’t use your data files to build or enhance profiles of your customers.
  • Limited data access. We won’t share your data files with other Google teams other than to create your Customer Match audiences and ensure compliance with our policies. We use employee access controls to protect your data files from unauthorised access.
  • Limited data sharing. We won’t share your data files with any third party, including other advertisers. Google may share this data to meet any applicable law, regulation, legal process or enforceable governmental request.
  • Limited data retention. We won’t retain your data files for any longer than necessary to create your Customer Match audiences and ensure compliance with our policies. Once those processes are complete, we'll promptly delete the data files that you uploaded via the Google Ads API.

We are also committed to ensuring that the systems that we use to store your data files remain secure and reliable. We have dedicated security engineering teams to protect against external threats to our systems. We store all your data files in an encrypted format to protect against unauthorised access.

We won’t use the fact that a Google user is in your Customer Match audiences to build or enhance profiles about that user, and we won’t share that a Google user is in your Customer Match audiences with any third party, including other advertisers. When generating your similar audiences, we may compare the profiles of the Google users in your Customer Match audience with the profiles of other Google users. As with other Google advertising products, we may use information derived from impressions or clicks on Customer Match ads to improve Google Ads and other Google products and services.

Data privacy and security certifications

ISO 27001

Google has earned ISO 27001 certification for the systems, applications, people, technology, processes and data centres serving a number of Google products, including Customer Match. Download the Google Ads/Analytics Scope Expansion Certificate – ISO27001 (PDF) or learn more about ISO 27001.

About the customer data matching process

Learn more about the upload process and how Google matches your customer data to Google accounts.

Last updated: April 2021

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu