Security & Privacy

Statement From Google:

Two of the most common topics of questions regarding Google in general, and Google Apps specifically, are security and privacy. We take both topics very seriously and truly believe that our offerings are a great option for customers on both fronts. Our business is built on our users' trust: trust in our ability to properly secure their data and our commitment respect the privacy of the information they place in our systems by not giving that information to others or using it inappropriately.

In order to help answer some of the many questions we receive and to dispel some common misconceptions we encounter; we have created this FAQ and the corresponding Google Apps security whitepaper. We hope this helps to answer some of your questions about Google's position on these important issues!

Privacy

• Who owns the data I put into your system?

• To put it simply, Google does not own your data. We do not take a position on whether the data belongs to the institution signing up for Apps, or the individual user (that's between the two of you), but we know it doesn't belong to us! The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things. We won't share your data with others except as noted in our Privacy Policy. We keep your data as long as you require us to keep it. Finally, you should be able to take your data with you if you choose to use external services in conjunction with Google Apps or stop using our services altogether.

• Are Google employees reading my emails and looking at my documents?

• Absolutely not. Google employees are not reading your email or other content.

• Does Google give third parties access to my data?

  • Google does not share or reveal private user content such as email or personal information with third parties except as required by law, on request by a user or system administrator, or to protect our systems. These exceptions include requests by users that Google's support staff access their email messages in order to diagnose problems; when Google is required by law to do so; and when we are compelled to disclose personal information because we reasonably believe it's necessary in order to protect the rights, property or safety of Google, its users and the public. For full details, please refer to the "Information Sharing" section of our Privacy Policy.

• What kind of scanning/indexing of user data is done?

  • User content is scanned and indexed in many cases. We scan the contents in order to provide a variety of services, such as spam filtering and virus detection. We also use this technology to display ads to users in some circumstances. Information from scanning is not shared with third parties. We also index some user data, such as email messages and documents, in order to provide the quality search across your content that you have come to expect from Google. This process is completely automated, involves no human interaction, the index is not part of the general google.com index and it is not shared with any other users.

• Where is the data stored?

• Locations of Google data centers are kept private and the buildings themselves are kept discrete for security. Access to data centers is very limited to only select Google employees. There is no guarantee which data center will house the data. Google does this to ensure that we can best handle security, scalability, usage spikes, and redundancy.

• How long does Google keep my data?

• We believe that you should have control over your data. Google keeps multiple backup copies of users content so that we can recover data and restore accounts in case of errors or system failure. When you ask us to delete messages and content, we will make reasonable efforts to remove deleted information from our systems as quickly as is practicable.

• How does Google handle law enforcement requests?

• Google complies with valid legal processes seeking account information, such as search warrants, court orders, or subpoenas.  We attempt to notify users before turning over their data whenever possible and legally permissible.

• I am outside the United States and need to comply with the European Commission Directive on Data Protection. Am I safe using Google's services?

• Yes, Google is a member of the EU Safe Harbor program.  The safe harbor -- approved by the EU in 2000 -- is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. By certifying safe harbor, Google has assured EU organizations that Google provides "adequate" privacy protection for you your data, as defined by the Directive.

• Where can I find more information on Google's Privacy Policy?

• All of our Privacy Policies are online and can be found here: http://www.google.com/privacy.html.  We have a general privacy policy, and then statements for each application.

Security

• Is my data safe from your other customers when it is running on the same servers?

• Yes. Data is virtually protected as if it were on its own server. Your competitors cannot access your data, and vice versa. In fact, all user accounts are protected via this virtual lock and key that ensures that one user cannot see another user's data. This is similar to how customer data is segmented in other shared infrastructures such as online banking applications.

• How do you protect your infrastructure against hackers and other threats?

  • Google, being one of the world's largest providers of web-based services has gone to great lengths to protect against threats.Google runs its data centers using custom hardware running a custom OS and filesystem.  Each of these systems has been optimized for security and performance. The Google Security Team is working with external parties to constantly test and enhance security infrastructure to ensure it is impervious to external attackers.  And because Google controls the entire stack running our systems, we are able to quickly respond to any threats or weaknesses that may emerge.

• How do you prevent and resolve security flaws in your applications?

• Google products and services are required to go through security review as part of the launch process. If a security flaw is found in an application or infrastructure component, the security team is called on to resolve the issue. Because we are hosting the applications in our data centers, we can quickly deploy these fixes to all our systems without requiring any action on your part.

• How do you protect against machine failures or natural disaster?

• The application and network architecture run by Google is designed for maximum reliability and uptime. Google's computing platform assumes ongoing hardware failure, and robust software fail-over withstands this disruption. All Google systems are inherently redundant by design, and each subsystem is not dependent on any particular physical or logical server for ongoing operation. Data is replicated multiple times across Google's clustered active servers, so, in the case of a machine failure, data will still be accessible through another system. We also replicate data to secondary data centers to ensure safety from data center failures.

• Is it safe to access my data over the internet?

• All Google Apps services provide the ability to access all data using encryption and customers can choose to require this option for their users. This helps ensure that no one except the user has access to his or her data. This is true for access to our mail, calendar, and chat data via our web applications. The mobile email client also uses encrypted access to ensure the privacy of communications. We do not offer encryption on the Start Page service at this time. We also require encryption for access to your mail data by third party clients.

• How do you protect me against spam, viruses and phishing attacks?

• Google has one of the best spam blockers in the business, and it's integrated into Google Apps. Spam is purged every 30 days. We have built in virus checking, and we enforce checking of documents before allowing a user to download any message. Most computer viruses are contained in executable files, so standard virus detectors scan messages for executable files that appear to be viruses. Google blocks viruses in the most direct possible way: by not allowing users to receive executable files (such as files ending in .exe) that could contain damaging executable code; even if they are sent in a compressed (.zip, .tar, .tgz, .taz, .z, .gz) format.