How Google retains data that we collect
Some data can be deleted whenever you like, some data is deleted automatically and some data we retain for longer periods of time, when necessary. When you delete data, we follow a deletion policy to make sure that your data is safely and completely removed from our servers or retained only in an anonymous form. How Google anonymises data
Information retained until you remove it
We offer a range of services that allow you to correct or delete data stored in your Google Account. For example, you can:
- Edit your personal info
- Delete items from My Activity
- Delete content like photos and documents
- Remove a product from your Google Account
- Delete your Google Account entirely
We’ll keep this data in your Google Account until you choose to remove it. And if you use our services without signing in to a Google Account, we also offer you the ability to delete some information linked to what you use to access our services, such as a device, browser or app.
Data that expires after a specific period of time
In some cases, rather than provide a way to delete data, we store it for a predetermined period of time. For each type of data, we set retention time frames based on the reason for its collection. For example, to ensure that our services display properly on many different types of devices, we may retain browser width and height for up to nine months. We also take steps to anonymise or pseudonymise certain data within set time periods. For example, we anonymise advertising data in server logs by removing part of the IP address after nine months and cookie information after 18 months. We may also retain pseudonymised data, such as queries that have been disconnected from users’ Google Accounts, for a set period of time.
Information retained until your Google Account is deleted
We keep some data for the life of your Google Account if it’s useful for helping us understand how users interact with our features and how we can improve our services. For example, if you delete an address that you've searched for in Google Maps, your account may still store that you've used the directions feature. That way, Google Maps can avoid showing you how to use the directions feature in the future.
Information retained for extended time periods for limited purposes
Sometimes, business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. For example, when Google processes a payment for you, or when you make a payment to Google, we’ll retain this data for longer periods of time as required for tax or accounting purposes. Reasons we might retain some data for longer periods of time include:
- Security, fraud & abuse prevention
- Financial record-keeping
- Complying with legal or regulatory requirements
- Ensuring the continuity of our services
- Direct communications with Google
Enabling safe and complete deletion
When you delete data in your Google account, we immediately start the process of removing it from the product and our systems. First, we aim to immediately remove it from view and the data may no longer be used to personalise your Google experience. For example, if you delete a video that you watched from your My Activity dashboard, YouTube will immediately stop showing your watch progress for that video.
We then begin a process designed to safely and completely delete the data from our storage systems. Safe deletion is important to protect our users and customers from accidental data loss. Complete deletion of data from our servers is equally important for users’ peace of mind. This process generally takes around two months from the time of deletion. This often includes up to a month-long recovery period in case the data was removed unintentionally.
Each Google storage system from which data gets deleted has its own detailed process for safe and complete deletion. This might involve repeated passes through the system to confirm that all data has been deleted, or brief delays to allow for recovery from mistakes. As a result, deletion could sometimes take longer when extra time is needed to safely and completely delete the data.
Our services also use encrypted backup storage as another layer of protection to help recover from potential disasters. Data can remain on these systems for up to six months.
As with any deletion process, things such as routine maintenance, unexpected outages, bugs or failures in our protocols may cause delays in the processes and time frames defined in this article. We maintain systems designed to detect and remediate such issues.
Security, fraud & abuse prevention
To protect you, other people and Google from fraud, abuse and unauthorised access.
For example, when Google suspects someone is committing ad fraud.
When Google is a party to a financial transaction, including when Google processes your payment or when you make a payment to Google. Lengthy retention of this information is often required for purposes such as accounting, dispute resolution and compliance with tax, escheatment, anti-money laundering and other financial regulations.
Complying with legal or regulatory requirements
To meet any applicable law, regulation, legal process or enforceable governmental request, or is required to enforce applicable Terms of Service, including investigation of potential violations.
For example, if Google receives a lawful subpoena.
Ensuring the continuity of our services
To ensure continuity of service for you and other users.
For example, when you share information with other users (such as when you have sent an email to someone else), deleting it from your Google Account will not eliminate copies maintained by the recipients.
Direct communications with Google
If you have directly communicated with Google, through a customer support channel, feedback form or a bug report, Google may retain reasonable records of those communications.
For example, when you send feedback within a Google app such as Gmail or Drive.