A helpful home is
a private home

Our commitments to privacy and security
We live by the same core privacy and security principles that guide all of Google’s work. This guide explains how we respect your privacy and keep your connected home devices and services secure.
Our commitment to privacy in the home — outlined in this guide — applies to our connected home devices and services that use Google Accounts and carry the Google Nest, Google Home, Nest, Google Wifi, or Chromecast brand. This means it will also apply to people who migrate from Nest Accounts to Google Accounts. In addition, Google’s Privacy Policy also applies to the devices and services listed above; for example, it describes how we use service providers, how we may share non-personally identifiable information, and how and when we may store and share your information for legal reasons — none of which are affected by the commitments below. Also, note that you can use many other Google services with your connected home devices, such as YouTube, Google Maps, and Google Duo. When you use these other Google services, what data those services collect and how that data is used are determined by the terms of those individual services and Google’s Privacy Policy.
We want you, your family, and your guests to feel comfortable using these devices and services, since their purpose is to help and to provide peace of mind. We also recognize that we’re a guest in your home, and we respect and appreciate that invitation. Technology in the home is dynamic and evolving, so we’ll approach our work with humility, a commitment to seeking out many points of view, and an eagerness to learn and adapt.

Technical Specifications Transparency

Published Sensors Guide

Responsible Advertising Practices

Independent Security Assessment

Invest in Security Research
Why it matters
This industry practice provides monetary rewards and public recognition for external security researchers who disclose vulnerabilities to the Nest Security team. We want responsible security researchers to examine our products and we pay monetary rewards only after the disclosed vulnerabilities are fixed. Through this program, the Nest Security team can learn about and address vulnerabilities before they can be exploited.
If someone outside of Google discovers a security vulnerability in one of our devices, we want to know about it. To qualify for a monetary award, the researcher must wait for Google to patch the vulnerability before disclosing it to anyone else. This program creates an incentive for security researchers around the world to help us make our devices more secure.
We have dedicated security teams that analyze the hardware and software of each device before it’s available to the public, and we do our best to make sure our devices are secure. After the initial verification is performed, we also continue to analyze risks and security threats after devices are introduced and provide automatic, critical security updates for at least 5 years.

Google Account Security
Why it matters
We help keep your Google Account secure with:
- Suspicious activity detection sends you notifications whenever we detect unusual or potentially dangerous activity, such as suspicious sign-ins to your account.
- Security Checkup helps you secure your account and manage your online security through personalized guidance.
- 2-step verification strengthens your account security, by adding a second verification step when you sign in, like a prompt from a trusted device or the use of a physical security key.
Google looks for activity that seems like it isn’t being performed by you. For example, if there’s an attempt to sign into your account from an unrecognized device.
2-step verification makes it harder for someone to sign into your account, even if they have your password. When 2-step verification is enabled, anyone signing in to your account will need to complete a second step, or “factor,” before signing in. You can choose from multiple second factors, including a text message, a code from the Google Authenticator app, or a notification from an installed Google app.
Migrating to a Google Account gives you new benefits, like:
- Automatic security protections such as suspicious activity detection, 2-step verification, and Security Checkup.
- Your Google Nest devices and services work together. For example, if you have a Nest Cam and a Chromecast, just say, “Hey Google, show me the backyard camera” to cast your camera stream to your TV without any setup.
- One account to sign into both the Nest and Google Home apps.
-
Your homes and home members are aligned across the Nest
and Google Home apps.
Anyone with an existing Nest Account can migrate to a Google Account. To migrate your account, in the Nest app, go to Account settings, and then select Migrate to a Google Account.

Automatic Security Updates
Why it matters
We employ many layered defenses to protect users, however, technology changes and new threats arise. So we commit to providing automatic software security updates that address critical issues known to Google Nest. We will publish a list of devices and how long we commit to providing updates for them.
We publish a list of Google devices showing the minimum committed date range for critical security updates.
Security updates don’t address vulnerabilities that result from a device being used in a way that it wasn’t intended, or that might compromise its security. For example:
-
Devices that aren’t properly
factory reset
before being given to someone else
-
Accounts that don’t use
2-step verification
- Devices made by other manufacturers that haven't been assessed by Google and may have access to your network and Google Nest devices

Verified Software
Why it matters
We take steps to help prevent malicious software from being installed on Google Nest devices. This helps make sure that no one has access to your account or control of your devices without your permission.
First, we cryptographically verify software, making sure it’s signed by Google before it’s installed. Second, our hardware released after 2019 uses Verified Boot to check that it’s running the right software every time the device restarts.

Device Transparency
Why it matters
All the devices that you’re signed into will show up in your Google Account device activity page. That way, you can make sure your account is connected only to the devices it should be.
Any time you use your Google Account to sign into a phone, computer, app, or connected home device, they’re connected. Make sure you sign out of devices you don’t own or control, and check your Google Account for devices you don’t recognize.
Sign out of the device or home to revoke access and change your password.

Cameras
For all our connected home devices with cameras, we commit to you:
You can review and delete stored video footage either through the Nest app (in the case of Nest Cam recordings) or My Activity (for interactions with Google Assistant).
Yes, but only as part of the Face Match setup process, and not after you’ve completed setup. When you set up Face Match on your Nest Hub Max, you use your phone to capture several photos that are combined to create a unique model of your face. These photos are sent to Google, and you can review or delete them anytime by visiting My Activity. After this setup process, Face Match does not send any video or images to Google. And Quick Gestures does not require sending any video or images to Google at all. In addition, we keep the video and images that power these features separate from advertising and don’t use them for ad personalization.
Some models of our cameras support recording video footage while offline. For these cameras, video footage will be uploaded when the camera goes back online after the video footage has been recorded. That means you may not see a visual indicator when your camera is sending the video footage to our servers — but in those instances, a visual indicator would have been visible when the camera was actually recording the video footage.

Microphones
For all our connected home devices with microphones, we commit to you:
You can review and delete stored audio recordings either through the Nest app (in the case of Nest Cam recordings) or My Activity (for interactions with the Google Assistant). You can also delete your Google Assistant activity with voice commands.
We keep your audio recordings separate from advertising and don’t use them for ad personalization — but when you interact with your Assistant by voice, we may use the text of those interactions to inform your interests for ad personalization. You can always review your Google settings to control the ads you see, including opting out of ad personalization completely. Learn more about Google Assistant and the choices available to you here.
Sometimes, such as when it is faster to fulfill your Google Assistant request locally, on the device, your audio recording will be transmitted to Google servers only after the visual indicator has turned off and your request has been fulfilled. In these instances, the visual indicator will be visible when the microphone is active, as opposed to when the audio data is transmitted to Google servers.

Home sensors
For all our connected home devices with these environmental and activity sensors, we commit to you:
Our devices include environmental and activity sensors that detect information about your home’s environment and what’s happening in it, such as motion, whether or not someone is home, ambient light, temperature, and humidity. Data from these sensors, which is regularly sent to Google, serves a variety of purposes, such as helping your home take better care of you, helping us make your devices and services better, and keeping you informed. For example:
- The temperature and humidity sensors in your Nest Learning Thermostat help keep your home comfortable while saving energy.
- Home/Away Assist uses activity sensors across multiple Nest devices in your home to automatically switch the behavior of Nest devices in your home when you leave and when you come back.
- We used ambient light and temperature sensor data aggregated from thermostats across our customers to determine that direct sunlight can cause thermostats to think it’s warmer than it actually is, so we introduced Sunblock, a new feature, to help your thermostat adjust for this so it sets the correct temperature.
- We use sensor data to help us troubleshoot and improve the performance, safety, and reliability of our devices and services — for example, we use temperature and humidity data from our devices to measure the impact of environmental conditions on battery life.
- We may also use sensor data to keep you informed of updates on Google services, including connected home services we think may interest you, such as energy and home safety programs — but we’ll always respect your choice about whether or not you want to receive promotional emails from Google.
- We do not use environmental and activity sensor data for ad personalization. For example we don’t use sleep data from your Nest Hub (2nd. gen) for ad personalization. (Remember that to fulfill some requests related to your connected home devices — for example, “Hey Google, what’s the temperature inside?” — your Assistant can retrieve a sensor reading. Learn more about the Google Assistant and the choices available to you here.)
- When you delete your account, this sensor data is deleted from our servers as explained in our retention policy.
One example of this is you can choose to share data with utility companies in order to benefit from energy savings programs and services like Rush Hour Rewards.

Wifi data
For Google Wifi devices, we commit to you:
Google Wifi collects and uses data as explained here, including information about the types of connected devices you have and their network usage. The cloud services, Wifi point stats, and app stats data described here (which we refer to as “Wi-Fi network performance data”) is not used for ad personalization. We may use this data to keep you informed about updates on Google services, including connected home devices and services we think may help you — such as an additional Wifi point to improve your internet connectivity. You can opt out from certain portions of this data collection as explained here.
Google Wifi does not track the websites you visit, nor does it monitor the content of traffic on your Wi-Fi network. Google Wifi sets your default DNS provider to “Automatic,” which uses Google Public DNS or your Internet Service Provider’s (ISP) DNS if certain conditions are met. More info on what Google Public DNS collects can be found here. You can change your DNS provider in the Advanced Networking settings of the Google Home app at any time.
