How Google retains data we collect
Some data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When you delete data, we follow a deletion policy to make sure that your data is safely and completely removed from our servers or retained only in anonymized form. How Google anonymizes data
Information retained until you remove it
We offer a range of services that allow you to correct or delete data stored in your Google Account. For example, you can:
- Edit your personal info
- Delete items from My Activity
- Delete content like photos and documents
- Remove a product from your Google Account
- Delete your Google Account entirely
We’ll keep this data in your Google Account until you choose to remove it. And if you use our services without signing in to a Google Account, we also offer you the ability to delete some information linked to what you use to access our services, like a device, browser or app.
Data that expires after a specific period of time
In some cases, rather than provide a way to delete data, we store it for a predetermined period of time. For each type of data, we set retention timeframes based on the reason for its collection. For example, to ensure that our services display properly on many different types of devices, we may retain browser width and height for up to 9 months. We also take steps to anonymize or pseudonymize certain data within set time periods. For example, we anonymize advertising data in server logs by removing part of the IP address after 9 months and cookie information after 18 months. We may also retain pseudonymized data, such as queries that have been disconnected from users’ Google Accounts, for a set period of time.
Information retained until your Google Account is deleted
We keep some data for the life of your Google Account if it’s useful for helping us understand how users interact with our features and how we can improve our services. For example, if you delete an address you've searched for in Google Maps, your account may still store that you've used the directions feature. That way, Google Maps can avoid showing you how to use the directions feature in the future.
Information retained for extended time periods for limited purposes
Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. For example, when Google processes a payment for you, or when you make a payment to Google, we’ll retain this data for longer periods of time as required for tax or accounting purposes. Reasons we might retain some data for longer periods of time include:
- Security, fraud & abuse prevention
- Financial record-keeping
- Complying with legal or regulatory requirements
- Ensuring the continuity of our services
- Direct communications with Google
Enabling safe and complete deletion
When you delete data in your Google account, we immediately start the process of removing it from the product and our systems. First, we aim to immediately remove it from view and the data may no longer be used to personalize your Google experience. For example, if you delete a video you watched from your My Activity dashboard, YouTube will immediately stop showing your watch progress for that video.
We then begin a process designed to safely and completely delete the data from our storage systems. Safe deletion is important to protect our users and customers from accidental data loss. Complete deletion of data from our servers is equally important for users’ peace of mind. This process generally takes around 2 months from the time of deletion. This often includes up to a month-long recovery period in case the data was removed unintentionally.
Each Google storage system from which data gets deleted has its own detailed process for safe and complete deletion. This might involve repeated passes through the system to confirm all data has been deleted, or brief delays to allow for recovery from mistakes. As a result, deletion could sometimes take longer when extra time is needed to safely and completely delete the data.
Our services also use encrypted backup storage as another layer of protection to help recover from potential disasters. Data can remain on these systems for up to 6 months.
As with any deletion process, things like routine maintenance, unexpected outages, bugs, or failures in our protocols may cause delays in the processes and timeframes defined in this article. We maintain systems designed to detect and remediate such issues.
Security, fraud & abuse prevention
To protect you, other people, and Google from fraud, abuse, and unauthorized access.
For example, when Google suspects someone is committing ad fraud.
When Google is a party to a financial transaction, including when Google processes your payment or when you make a payment to Google. Lengthy retention of this information is often required for purposes such as accounting, dispute resolution and compliance with tax, escheatment, anti-money laundering, and other financial regulations.
Complying with legal or regulatory requirements
To meet any applicable law, regulation, legal process or enforceable governmental request, or is required to enforce applicable Terms of Service, including investigation of potential violations.
For example, if Google receives a lawful subpoena.
Ensuring the continuity of our services
To ensure continuity of service for you and other users.
For example, when you share information with other users (such as when you have sent an email to someone else), deleting it from your Google Account will not eliminate copies maintained by the recipients.
Direct communications with Google
If you have directly communicated with Google, through a customer support channel, feedback form, or a bug report, Google may retain reasonable records of those communications.
For example, when you send feedback within a Google app like GMail or Drive.