A helpful home is
a private home
Our commitments to privacy and security
We live by the same core privacy and security principles that guide all of Google’s work. This guide explains how we respect your privacy and keep your connected home devices and services secure.
Our commitment to privacy in the home — outlined in this guide — applies to our connected home devices and services that use Google Accounts and carry the Google Nest, Google Home, Nest, Google Wifi, or Chromecast brand. This means it will also apply to people who migrate from Nest Accounts to Google Accounts. In addition, Google’s Privacy Policy also applies to the devices and services listed above; for example, it describes how we use service providers, how we may share non-personally identifiable information, and how and when we may store and share your information for legal reasons — none of which are affected by the commitments below. Also, note that you can use many other Google services with your connected home devices, such as YouTube, Google Maps, and Google Duo. When you use these other Google services, what data those services collect and how that data is used are determined by the terms of those individual services and Google’s Privacy Policy.
We want you, your family, and your guests to feel comfortable using these devices and services, since their purpose is to help and to provide peace of mind. We also recognize that we’re a guest in your home, and we respect and appreciate that invitation. Technology in the home is dynamic and evolving, so we’ll approach our work with humility, a commitment to seeking out many points of view, and an eagerness to learn and adapt.
COMMITMENT
Technical Specifications Transparency
When our
connected home devices
include cameras, microphones, or environmental or activity sensors that
detect information about your home environment, we’ll list these hardware
features in the device’s technical specifications — whether or not they’re
enabled.
COMMITMENT
Published Sensors Guide
We will clearly explain what types of information these sensors send to
Google, as well as give examples of how we use that information in our
Sensors Guide, to help you better understand their purpose.
COMMITMENT
Responsible Advertising Practices
For all our
connected home devices and services, we will keep your video footage, audio recordings, and home environment
sensor readings separate from advertising, and we won’t use this data for ad
personalization. When you interact with your Assistant, we may use those
interactions to inform your interests for ad personalization. For example, if
you ask, “Hey Google, what’s the weather in Hawaii in July?” we may use the
text of that voice interaction (but not the audio recording itself) to show
you personalized ads. You can always review your Google settings to control the ads you see,
including opting out of ad personalization completely. Learn more about the
Google Assistant and the choices available to you
here.
COMMITMENT
Independent Security Assessment
Google Nest connected home devices
released in 2019 or later are validated using third-party,
industry-recognized security standards, and we publish the validation
results.
COMMITMENT
Invest in Security Research
Google Nest participates in the
Google vulnerability reward program.
Why it matters
This industry practice provides monetary rewards and public recognition for external security researchers who disclose vulnerabilities to the Nest Security team. We want responsible security researchers to examine our products and we pay monetary rewards only after the disclosed vulnerabilities are fixed. Through this program, the Nest Security team can learn about and address vulnerabilities before they can be exploited.
Why it matters
This industry practice provides monetary rewards and public recognition for external security researchers who disclose vulnerabilities to the Nest Security team. We want responsible security researchers to examine our products and we pay monetary rewards only after the disclosed vulnerabilities are fixed. Through this program, the Nest Security team can learn about and address vulnerabilities before they can be exploited.
If someone outside of Google discovers a security vulnerability in one of our devices, we want to know about it. To qualify for a monetary award, the researcher must wait for Google to patch the vulnerability before disclosing it to anyone else. This program creates an incentive for security researchers around the world to help us make our devices more secure.
We have dedicated security teams that analyze the hardware and software of each device before it’s available to the public, and we do our best to make sure our devices are secure. After the initial verification is performed, we also continue to analyze risks and security threats after devices are introduced and provide automatic, critical security updates for at least 5 years.
COMMITMENT
Google Account Security
We help keep your Google Account secure with tools and automatic protection
like suspicious activity detection, Security Checkup, and 2-step
verification.
Why it matters
We help keep your Google Account secure with:
Why it matters
We help keep your Google Account secure with:
- Suspicious activity detection sends you notifications whenever we detect unusual or potentially dangerous activity, such as suspicious sign-ins to your account.
- Security Checkup helps you secure your account and manage your online security through personalized guidance.
- 2-step verification strengthens your account security, by adding a second verification step when you sign in, like a prompt from a trusted device or the use of a physical security key.
Google looks for activity that seems like it isn’t being performed by you. For example, if there’s an attempt to sign into your account from an unrecognized device.
2-step verification makes it harder for someone to sign into your account, even if they have your password. When 2-step verification is enabled, anyone signing in to your account will need to complete a second step, or “factor,” before signing in. You can choose from multiple second factors, including a text message, a code from the Google Authenticator app, or a notification from an installed Google app.
Migrating to a Google Account gives you new benefits, like:
- Automatic security protections such as suspicious activity detection, 2-step verification, and Security Checkup.
- Your Google Nest devices and services work together. For example, if you have a Nest Cam and a Chromecast, just say, “Hey Google, show me the backyard camera” to cast your camera stream to your TV without any setup.
- One account to sign into both the Nest and Google Home apps.
-
Your homes and home members are aligned across the Nest
and Google Home apps.
Anyone with an existing Nest Account can migrate to a Google Account. To migrate your account, in the Nest app, go to Account settings, and then select Migrate to a Google Account.
COMMITMENT
Automatic Security Updates
We provide automatic,
critical
security updates for Google Nest devices for at least 5 years from the
date
we start selling them.
Why it matters
We employ many layered defenses to protect users, however, technology changes and new threats arise. So we commit to providing automatic software security updates that address critical issues known to Google Nest. We will publish a list of devices and how long we commit to providing updates for them.
Why it matters
We employ many layered defenses to protect users, however, technology changes and new threats arise. So we commit to providing automatic software security updates that address critical issues known to Google Nest. We will publish a list of devices and how long we commit to providing updates for them.
We publish a list of Google devices showing the minimum committed date range for critical security updates.
Security updates don’t address vulnerabilities that result from a device being used in a way that it wasn’t intended, or that might compromise its security. For example:
-
Devices that aren’t properly
factory reset
before being given to someone else
-
Accounts that don’t use
2-step verification
- Devices made by other manufacturers that haven't been assessed by Google and may have access to your network and Google Nest devices
COMMITMENT
Verified Software
So that Google Nest devices run only the software they’re supposed to, we
verify software before it’s installed. All our devices released in 2019 and
after use
verified boot.
Why it matters
We take steps to help prevent malicious software from being installed on Google Nest devices. This helps make sure that no one has access to your account or control of your devices without your permission.
Why it matters
We take steps to help prevent malicious software from being installed on Google Nest devices. This helps make sure that no one has access to your account or control of your devices without your permission.
First, we cryptographically verify software, making sure it’s signed by Google before it’s installed. Second, our hardware released after 2019 uses Verified Boot to check that it’s running the right software every time the device restarts.
COMMITMENT
Device Transparency
Your
Google Account device activity
page lists the Google Nest devices that are visible in your Google Home
app.
Why it matters
All the devices that you’re signed into will show up in your Google Account device activity page. That way, you can make sure your account is connected only to the devices it should be.
Why it matters
All the devices that you’re signed into will show up in your Google Account device activity page. That way, you can make sure your account is connected only to the devices it should be.
Any time you use your Google Account to sign into a phone, computer, app, or connected home device, they’re connected. Make sure you sign out of devices you don’t own or control, and check your Google Account for devices you don’t recognize.
Sign out of the device or home to revoke access and change your password.
Cameras
Cameras serve a variety of purposes in the home, such as capturing memories,
connecting with loved ones, and helping you feel secure. Devices like Nest Cam
use video to help you keep an eye on your home and alert you when things
happen, even when you’re not there.
For all our connected home devices with cameras, we commit to you:
For all our connected home devices with cameras, we commit to you:
You can review and delete stored video footage either through the Nest app (in the case of Nest Cam recordings) or My Activity (for interactions with Google Assistant).
Yes, but only as part of the Face Match setup process, and not after you’ve completed setup. When you set up Face Match on your Nest Hub Max, you use your phone to capture several photos that are combined to create a unique model of your face. These photos are sent to Google, and you can review or delete them anytime by visiting My Activity. After this setup process, Face Match does not send any video or images to Google. And Quick Gestures does not require sending any video or images to Google at all. In addition, we keep the video and images that power these features separate from advertising and don’t use them for ad personalization.
Some models of our cameras support recording video footage while offline. For these cameras, video footage will be uploaded when the camera goes back online after the video footage has been recorded. That means you may not see a visual indicator when your camera is sending the video footage to our servers — but in those instances, a visual indicator would have been visible when the camera was actually recording the video footage.
Microphones
Microphones serve a variety of purposes in the home, such as letting you
control devices throughout your home using just your voice, detecting
unexpected activity in your home when you’re not there, and making a voice
call using a smart speaker or display.
For all our connected home devices with microphones, we commit to you:
For all our connected home devices with microphones, we commit to you:
You can review and delete stored audio recordings either through the Nest app (in the case of Nest Cam recordings) or My Activity (for interactions with the Google Assistant). You can also delete your Google Assistant activity with voice commands.
We keep your audio recordings separate from advertising and don’t use them for ad personalization — but when you interact with your Assistant by voice, we may use the text of those interactions to inform your interests for ad personalization. You can always review your Google settings to control the ads you see, including opting out of ad personalization completely. Learn more about Google Assistant and the choices available to you here.
Sometimes, such as when it is faster to fulfill your Google Assistant request locally, on the device, your audio recording will be transmitted to Google servers only after the visual indicator has turned off and your request has been fulfilled. In these instances, the visual indicator will be visible when the microphone is active, as opposed to when the audio data is transmitted to Google servers.
Home sensors
Some of our devices include sensors that detect information about your home’s
environment and what’s happening in it, such as motion, whether or not someone
is home, ambient light, temperature, and humidity. These sensors serve a
variety of purposes, such as helping your home take better care of you — like
when your Nest Learning Thermostat turns itself down when you’re away — and
helping us make your devices and services better.
For all our connected home devices with these environmental and activity sensors, we commit to you:
For all our connected home devices with these environmental and activity sensors, we commit to you:
Our devices include environmental and activity sensors that detect information about your home’s environment and what’s happening in it, such as motion, whether or not someone is home, ambient light, temperature, and humidity. Data from these sensors, which is regularly sent to Google, serves a variety of purposes, such as helping your home take better care of you, helping us make your devices and services better, and keeping you informed. For example:
- The temperature and humidity sensors in your Nest Learning Thermostat help keep your home comfortable while saving energy.
- Home/Away Assist uses activity sensors across multiple Nest devices in your home to automatically switch the behavior of Nest devices in your home when you leave and when you come back.
- We used ambient light and temperature sensor data aggregated from thermostats across our customers to determine that direct sunlight can cause thermostats to think it’s warmer than it actually is, so we introduced Sunblock, a new feature, to help your thermostat adjust for this so it sets the correct temperature.
- We use sensor data to help us troubleshoot and improve the performance, safety, and reliability of our devices and services — for example, we use temperature and humidity data from our devices to measure the impact of environmental conditions on battery life.
- We may also use sensor data to keep you informed of updates on Google services, including connected home services we think may interest you, such as energy and home safety programs — but we’ll always respect your choice about whether or not you want to receive promotional emails from Google.
- We do not use environmental and activity sensor data for ad personalization. For example we don’t use sleep data from your Nest Hub (2nd. gen) for ad personalization. (Remember that to fulfill some requests related to your connected home devices — for example, “Hey Google, what’s the temperature inside?” — your Assistant can retrieve a sensor reading. Learn more about the Google Assistant and the choices available to you here.)
- When you delete your account, this sensor data is deleted from our servers as explained in our retention policy.
One example of this is you can choose to share data with utility companies in order to benefit from energy savings programs and services like Rush Hour Rewards.
Wifi data
Google Wifi devices are router systems that work with your modem and internet
service provider to create a whole-home Wi-Fi mesh network. These devices use
data about your network performance (for example, network speed and bandwidth
usage) to help provide and improve your Wi-Fi coverage and experience. It also
allows you to see which devices are connected and how much bandwidth they
use.
For Google Wifi devices, we commit to you:
For Google Wifi devices, we commit to you:
Google Wifi collects and uses data as explained here, including information about the types of connected devices you have and their network usage. The cloud services, Wifi point stats, and app stats data described here (which we refer to as “Wi-Fi network performance data”) is not used for ad personalization. We may use this data to keep you informed about updates on Google services, including connected home devices and services we think may help you — such as an additional Wifi point to improve your internet connectivity. You can opt out from certain portions of this data collection as explained here.
Google Wifi does not track the websites you visit, nor does it monitor the content of traffic on your Wi-Fi network. Google Wifi sets your default DNS provider to “Automatic,” which uses Google Public DNS or your Internet Service Provider’s (ISP) DNS if certain conditions are met. More info on what Google Public DNS collects can be found here. You can change your DNS provider in the Advanced Networking settings of the Google Home app at any time.
