Google API Services User Data Policy

Google API Services User Data Policy · Accurately represent your identity and intent · Be transparent about the data you access with clear and prominent privacy ... Language English BahasaIndonesia Deutsch Español Français Português–Brasil Русский 中文–简体 日本語 한국어 Signin Guides GoogleAPIsTermsofService GoogleAPIServicesUserDataPolicy SiteTermsofService SitePolicies GoogleAPIServicesUserDataPolicy LastupdatedMay18,2022 GoogleAPIServices,includingGoogleSign-In,arepartofanauthenticationand authorizationframeworkthatgivesyou,thedeveloper,theabilitytoconnect directlywithGoogleuserswhenyouwouldliketorequestaccesstoGoogleuser data.Thepolicybelow,aswellastheGoogleAPIsTermsofService, governtheuseofGoogleAPIServiceswhenyourequestaccesstoGoogleuser data.Pleasecheckbackfromtimetotimeasthesepoliciesareoccasionally updated. Accuratelyrepresentyouridentityandintent IfyouwishtoaccessGoogleuserdatayoumustprovideGoogleusersandGoogle withclearandaccurateinformationregardingyouruseofGoogleAPIServices. Thisincludes,withoutlimitation,requirementstoaccuratelyrepresent: WhoisrequestingGoogleuserdata?Allpermissionrequestsmust accuratelyrepresenttheidentityoftheapplicationthatseeksaccesstouser data.IfyouhaveobtainedauthorizedclientcredentialstoaccessGoogleAPI Services,keepthesecredentialsconfidential. Whatdataareyourequesting?Youmustprovideclearandaccurate informationexplainingthetypesofdatabeingrequested.Inaddition,ifyou plantoaccessoruseatypeofuserdatathatwasnotoriginallydisclosedin yourprivacypolicy(orin-productdisclosures)whenaGoogleuserinitially authorizedaccess,youmustupdateyourprivacypolicyandprompttheuserto consenttoanychangesbeforeyoumayaccessthatdata. WhyareyourequestingGoogleuserdata?Behonestandtransparentwith userswhenyouexplainthepurposeforwhichyourapplicationrequestsuser data.Ifyourapplicationrequestsdataforonereasonbutthedatawillalso beutilizedforasecondarypurpose,youmustnotifyGoogleusersofbothuse cases.Asageneralmatter,usersshouldbeabletoreadilyunderstandthe valueofprovidingthedatathatyourapplicationrequests,aswellasthe consequencesofsharingthatdatawithyourapplication. Betransparentaboutthedatayouaccesswithclearandprominentprivacydisclosures Youmustpublishaprivacypolicythatfullydocumentshowyourapplication interactswithuserdata.YoumustlisttheprivacypolicyURLinyourOAuth clientconfigurationwhenyourapplicationismadeavailabletothepublic. YourPrivacyPolicyandallin-productprivacynotificationsshouldbe accurate,comprehensive,andeasilyaccessible.Yourprivacypolicyand in-productprivacynotificationsmustthoroughlydisclosethemannerinwhich yourapplicationaccesses,uses,stores,orsharesGoogleuserdata.Youruseof Googleuserdatamustbelimitedtothepracticesexplicitlydisclosedinyour publishedprivacypolicy,butyoushouldconsidertheuseofadditionalin- productnotificationstoensurethatusersunderstandhowyourapplicationwill handleuserdata.IfyouchangethewayyourapplicationusesGoogleuserdata, youmustnotifyusersandpromptthemtoconsenttoanupdatedprivacypolicy beforeyoumakeuseofGoogleuserdatainanewwayorforadifferentpurpose thanoriginallydisclosed. Disclosuresaboutdatauseshouldbeprominentandtimely.Your privacypolicyandanyin-productnotificationsregardingdatauseshouldbe prominentlydisplayedinyourapplicationinterfacesothatuserscanfindthis informationeasily.Wherepossible,disclosuresaboutdatauseshouldbetimely andshownincontext. Requestrelevantpermissions Permissionrequestsshouldmakesensetousers,andshouldbelimitedtothe criticalinformationnecessarytoimplementyourapplication. Don'trequestaccesstoinformationthatyoudon'tneed.Onlyrequest accesstotheminimal,technicallyfeasiblescopeofaccess thatisnecessarytoimplementexistingfeaturesorservicesinyour application,andlimitaccesstotheminimumamountofdataneeded.Don't attemptto"futureproof"youraccesstouserdatabyrequestingaccessto informationthatmightbenefitservicesorfeaturesthathavenotyetbeen implemented. Requestpermissionsincontextwherepossible.Requestaccesstouser dataincontext(viaincrementalauth)wheneveryoucan,sothatusers understandwhyyouneedthedata. DeceptiveorunauthorizeduseofGoogleAPIServicesisprohibited Youarestrictlyprohibitedfromengaginginanyactivitythatmaydeceiveusers orGoogleaboutyouruseofGoogleAPIServices.Thisincludeswithout limitationthefollowingrequirements: DonotmisrepresentwhatdataiscollectedorwhatyoudowithGoogleuser data.Beupfrontwithuserssothattheycanmakeaninformeddecisionto grantauthorization.Youmustdisclosealluserdatathatyouaccess,use, store,delete,orshare,aswellasanyactionsyoutakeonauser'sbehalf. Youarenotpermittedtoaccess,aggregate,oranalyzeGoogleuserdataifthe datawillbedisplayed,sold,orotherwisedistributedtoathirdparty conductingsurveillance. OverallthereshouldbenosurprisesforGoogleusers:hiddenfeatures, services,oractionsthatareinconsistentwiththemarketedpurposeofyour applicationmayleadGoogletosuspendyourabilitytoaccessGoogleAPI Services. DonotmisleadGoogleaboutanapplication'soperatingenvironment. Youmustaccuratelyrepresenttheenvironmentinwhichtheauthenticationpage appears.Forexample,don'tclaimtobeanAndroidapplicationintheuseragent headerifyourapplicationisrunningoniOS,orrepresentthatyour application'sauthenticationpageisrenderedinadesktopbrowserifinstead theauthenticationpageisrenderedinanembeddedwebview. DonotuseundocumentedAPIswithoutexpresspermission.Don't reverseengineerundocumentedGoogleAPIServicesorotherwiseattempttoderive orusetheunderlyingsourcecodeofundocumentedGoogleAPIServices.Youmay onlyaccessdatafromGoogleAPIServicesaccordingtothemeansstipulatedin theofficialdocumentationofthatAPIService,asprovidedonGoogle's developersite. Donotmakefalseormisleadingstatementsaboutanyentitiesthathave allegedlyauthorizedormanagedyourapplication.Youmustaccurately representthecompany,organization,orotherauthoritythatmanagesyour application.MakingfalserepresentationsaboutclientcredentialstoGoogleor Googleusersisgroundsforsuspension. Child-directedapps TheChildren'sOnlinePrivacyProtectionAct,orCOPPA,appliesto websites,apps,andservicesdirectedtochildrenundertheageof13and generalaudienceapps,websites,orserviceswithusersknowntobeunderthe ageof13.Whilechild-directedappsmayusesomeGoogleservices, developersareresponsibleforusingtheseservicesaccordingtotheir obligationsunderthelaw.PleasereviewtheFTC'sguidanceonCOPPA(including informationaboutthedifferencesbetweenmixedaudienceappsandappsdirected primarilytochildrenfromtheFTC'swebsite)andconsultwithyour ownlegalcounsel. Child-directedapps:Ifyourapplicationisdirectedprimarilyat children,itshouldnotuseGoogleSign-InoranyotherGoogleAPIServicethat accessesdataassociatedwithaGoogleAccount.ThisrestrictionincludesGoogle PlayGamesServicesandanyotherGoogleAPIServiceusingtheOAuthtechnology forauthenticationandauthorization. Mixedaudienceapps:Applicationsthataremixedaudienceshouldn't requireuserstosignintoaGoogleAccount,butcanoffer,forexample,Google Sign-InorGooglePlayGamesServicesasanoptionalfeature.Inthesecases, usersmustbeabletoaccesstheapplicationinitsentiretywithoutsigning intoaGoogleAccount. Maintainasecureoperatingenvironment Youmusttakereasonableandappropriatestepstoprotectallapplicationsor systemsthatmakeuseofGoogleAPIServicesagainstunauthorizedorunlawful access,use,destruction,loss,alteration,ordisclosure. AdditionalRequirementsforSpecificAPIScopes Moreinformationabouttheassessmentrequirementstoobtain(orkeep)access toRestrictedScopesisavailableinthe OAuthApplicationVerificationFAQ. ForGmailRestrictedScopes: EnforcementoftheGmailrequirementsinthissectionbeganonJanuary15, 2019.ApplicationsthathadaccesstoGmailRestrictedScopespriortoJanuary 15,2019mustobtaintheirfirstLetterofAssessmentnolaterthanDecember 31,2019tokeepaccesstoGmailRestrictedScopes.Allotherappsmustfirst beverifiedandobtaintheletterpriortobeinggrantedaccesstoGmail RestrictedScopes. ForDriveRestrictedScopes: TolearnmoreaboutthenewDriverequirements,readourblogpost, EnhancingsecuritycontrolsforGoogleDrivethird-partyapps. ForGoogleFitRestrictedScopes: EnforcementoftheGoogleFitrequirementsinthissectionbeganonMay18, 2022.ApplicationsthathadaccesstoGoogleFitRestrictedReadHealthScopes priortotheenforcementstartdatewillbeinformedbyGooglewhentoobtain theirfirstLetterofAssessmenttokeepaccesstoGoogleFit RestrictedReadHealthScopes.Allotherappsmustfirstbeverifiedandobtain theletterpriortobeinggrantedaccesstoGoogleFitRestrictedReadHealth Scopes.TolearnmoreaboutthenewGoogleFitrequirements,readthe GoogleFitDeveloperandUserDataPolicy. CertainGoogleOAuthAPIScopes(the"RestrictedScopes")are subjecttoadditionalrequirementsinthissection. Note:Ifyourappisonlyusedbyuserswithinyourowndomain,thenthese requirementsdonotapply.Aswell,GSuiteadministratorscan controlaccesstoconnectedapplications viawhitelisting.Learnmore aboutbestpracticesformanagingyourenterpriseOAuth ecosystem. RestrictedScopes: Gmail-AnyGmailAPIscopethatpermitsanapplicationto Read,create,ormodifymessagebodies(includingattachments),metadata,or headers;or Controlmailboxaccess,emailforwarding,oradminsettings. Drive-AnyDriveAPIscopethatpermitsanapplicationtoread,modify, ormanagethecontentormetadataofauser’sDrivefiles,withouttheuser individuallygrantingfile-by-fileaccess. GoogleFit-AnyGoogleFitAPIscopethatpermitsanapplicationtoread orwriteauser'shealthandfitnessdatatypes,whichincludeactivity,blood glucose,bloodpressure,bodytemperature,bodymeasurementdata(bodyfat percentage,height,weight),heartrate,location,nutrition,oxygensaturation, reproductivehealth,andsleepdata. HereisalistoftheRestrictedScopes. ApplicationType:Onlycertainapplicationtypesmayaccess RestrictedScopesforeachproduct. Product PermittedApplicationTypes Gmail Nativeandwebemailclientsthatallowusersto compose,send,read,andprocessemailviaauserinterface Applicationsthatautomaticallybackupemail Applicationsthatenhancetheemailexperiencefor productivitypurposes(suchasapplicationsforcustomer relationshipmanagement,delayedsendingofemail,ormailmerge) Applicationsthatuseinformationfromemailstoprovide reportingormonitoringservicesforthebenefitofusers(such asapplicationsthatautomatetravelitinerariesortrackflightor packagedeliverystatuses) Drive Nativeandwebappsthatprovidelocalsyncorautomatic backupofusers’Drivefiles Productivityandeducationalapplications(including taskmanagement,notetaking,workgroupcommunications,andclassroom collaborationapplications)thatonlyuseRestrictedScopestohandle Drivefiles(ortheirmetadataorpermissions)viatheapplication’s userinterface Fit Applicationsorserviceswithoneormorefeaturesdesignedtobenefit users’healthandfitnessviaauserinterfaceallowingusersto directlyjournal,report,monitor,and/oranalyzetheirphysical activity,sleep,mentalwell-being,nutrition,healthmeasurements, physicaldescriptions,and/orotherhealthorfitness-relateddescriptions andmeasurements. Applicationsorserviceswithoneormorefeaturesdesignedtobenefit users’healthandfitnessviaauserinterfaceallowinguserstosync theirphysicalactivity,sleep,mentalwell-being,nutrition,health measurements,physicaldescriptions,and/orotherhealthor fitness-relateddescriptionsandmeasurements. LimitedUse:YouruseofdataobtainedviatheRestrictedScopesmust complywiththeserequirements: Limityouruseofdatatoprovidingorimprovinguser-facingfeaturesthat areprominentintherequestingapplication'suserinterface.Allotheruses ofthedataareprohibited; Onlytransferthedatatoothersifnecessarytoprovideorimprove user-facingfeaturesthatareprominentintherequestingapplication'suser interface.Youmayalsotransferdataasnecessarytocomplywithapplicable laworaspartofamerger,acquisition,orsaleofassetswithnoticeto users.Allothertransfersorsalesoftheuserdataareprohibited; Don'tuseortransferthedataforservingads,includingretargeting, personalized,orinterest-basedadvertising;and Don'tallowhumanstoreadthedata,unless Youfirstobtainedtheuser'saffirmativeagreementtoviewspecific messages,files,orotherdata,withthelimitedexceptionofusecases approvedbyGoogleunderadditionaltermsapplicabletotheNestDevice Accessprogram; Itisnecessaryforsecuritypurposes(suchasinvestigatingabugor abuse); Itisnecessarytocomplywithapplicablelaw;or Youruseislimitedtointernaloperationsandthedata(including derivations)havebeenaggregatedandanonymized. TheseprohibitionsapplytotherawdataobtainedfromRestrictedScopesand dataaggregated,anonymized,orderivedfromthem.Youmustensurethatyour employees,agents,contractors,andsuccessorscomplywiththisGoogleAPI Services:UserDataPolicy. SecureDataHandling:ApplicationsaccessingRestrictedScopesmust demonstratethattheyadheretocertainsecuritypractices.DependingontheAPI beingaccessedandnumberofusergrantsorusers,applicationsmustpassan annualsecurityassessmentandobtainaLetterofAssessmentfroma Google-designatedthirdparty.Localclientapplicationsthatonlyallow user-configuredtransmissionsofRestrictedScopedatafromthedevicemaybe exemptfromthisrequirement. Enforcement YoumustaccessGoogleAPIServicesinaccordancewiththeGoogleAPIsTermsof Service.IfyouarefoundtobeoutofcompliancewiththeGoogleAPIs TermsofService,thisGoogleAPIServices:UserDataPolicy,orany GoogleproductpoliciesthatareapplicabletotheGoogleAPIServiceyouare using,GooglemayrevokeorsuspendyouraccesstoGoogleAPIServicesandother Googleproductsandservices.YouraccesstoGoogleAPIServicesmayalsobe revokedifyourapplicationenablesend-usersorotherpartiestoviolatethe GoogleAPIsTermsofServiceand/orGooglepolicies. Exceptasotherwisenoted,thecontentofthispageislicensedundertheCreativeCommonsAttribution4.0License,andcodesamplesarelicensedundertheApache2.0License.Fordetails,seetheGoogleDevelopersSitePolicies.JavaisaregisteredtrademarkofOracleand/oritsaffiliates. [{ "type":"thumb-down", "id":"missingTheInformationINeed", "label":"MissingtheinformationIneed" },{ "type":"thumb-down", "id":"tooComplicatedTooManySteps", "label":"Toocomplicated/toomanysteps" },{ "type":"thumb-down", "id":"outOfDate", "label":"Outofdate" },{ "type":"thumb-down", "id":"samplesCodeIssue", "label":"Samples/codeissue" },{ "type":"thumb-down", "id":"otherDown", "label":"Other" }] [{ "type":"thumb-up", "id":"easyToUnderstand", "label":"Easytounderstand" },{ "type":"thumb-up", "id":"solvedMyProblem", "label":"Solvedmyproblem" },{ "type":"thumb-up", "id":"otherUp", "label":"Other" }] Connect Blog Facebook Medium Twitter YouTube Programs WomenTechmakers GoogleDeveloperGroups GoogleDevelopersExperts Accelerators GoogleDeveloperStudentClubs Developerconsoles GoogleAPIConsole GoogleCloudPlatformConsole GooglePlayConsole FirebaseConsole ActionsonGoogleConsole CastSDKDeveloperConsole ChromeWebStoreDashboard Android Chrome Firebase GoogleCloudPlatform Allproducts Terms Privacy SignupfortheGoogleDevelopersnewsletter Subscribe Language English BahasaIndonesia Deutsch Español Français Português–Brasil Русский 中文–简体 日本語 한국어