Google Chrome Privacy Notice
Last modified: 6 March 2018
Details about the Privacy Notice
In this Privacy Notice, we use the term "Chrome" to refer to all the products in the Chrome family listed above. If there are differences in our policy between products, we'll point them out.
"Beta," "Dev" or "Canary" versions of Chrome let you test new features still being created in Chrome. This Privacy Notice applies to all versions of Chrome, but might not be up to date for features still under development.
For step-by-step guides to managing your privacy preferences, read this overview of Chrome's privacy controls.
Table of contents:
- Browser modes
- Managing users in Chrome
- Safe Browsing policies
- Policy on using apps, extensions, themes, services and other add-ons
- Server log privacy information
- More information
You don't need to provide any personal information to use Chrome, but Chrome has different modes that you can use to change or improve your browsing experience. Privacy practices are different depending on the mode that you're using.
Basic browser mode
The basic browser mode stores information locally on your system. This information might include:
Browsing history information. For example, Chrome stores the URLs of pages that you visit, a cache of text, images and other resources from those pages and, if the network actions prediction feature is turned on, a list of some of the IP addresses linked from those pages.
Personal information and passwords, to help you fill out forms or sign in to sites you visit.
A list of permissions that you have granted to websites.
Thumbnail-sized screenshots of pages that you visit most often.
Cookies or data from websites that you visit.
Data saved by add-ons.
A record of what you downloaded from websites.
You can manage this information in several ways:
You can clear your cookies and site data by visiting the Cookies and Site Data dialogue at chrome://settings/clearBrowserData.
You can review stored passwords in Chrome settings. Find out more.
You can view and manage your stored Autofill information. Find out more.
The personal information that Chrome stores won't be sent to Google unless you choose to store that data in your Google Account by signing in to Chrome. Signing in enables Chrome’s synchronisation feature.
How Chrome handles your information
Information for website operators. Sites that you visit using Chrome will automatically receive standard log information, including your system’s IP address and data from cookies or similar technologies. In general, the fact that you use Chrome to access Google services, such as Gmail, does not cause Google to receive any additional, personally-identifying information about you. If Chrome detects signs that Google websites, and other websites that opt in, are being actively attacked by someone on the network (a \'man in the middle' attack\), Chrome may send information about that connection to Google or the website that you visited. This helps to determine the extent of the attack and how the attack functions. Google provides participating website owners with reports about attacks occurring on their sites.
Pre-rendering. To load web pages faster, Chrome has a setting that can look up the IP addresses of links on a web page and open network connections. Sites and Android apps can also ask the browser to pre-load the pages that you might visit next. Pre-loading requests from Android apps are controlled by the same setting as Chrome-initiated predictions. But pre-loading instructions from sites are always performed, regardless of whether Chrome’s network prediction feature is enabled. If pre-rendering is requested, whether by Chrome or by a site or app, the pre-loaded site is allowed to set and read its own cookies just as if you had visited it, even if you don’t end up visiting the pre-rendered page. Find out more.
Location. To get more geographically relevant information, Chrome gives you the option to share your location with a site. Chrome won't allow a site to access your location without your permission; however, on mobile devices, Chrome automatically shares your location with your default search engine if the Chrome app has permission to access your location and you haven’t blocked geolocation for the associated web site. Chrome uses Google Location Services to estimate your location. The information that Chrome sends to Google Location Services may include:
- The Wi-Fi routers closest to you
- Mobile IDs of the mobile phone base stations closest to you
- The strength of your Wi-Fi or mobile signal
- The IP address that is currently assigned to your device
Google doesn't have control over third-party websites or their privacy practices, so be cautious when sharing your location with a website.
Updates. Chrome periodically sends information to Google to check for updates, get connectivity status, validate the current time and to estimate the number of active users.
Search features. If Google is your default search engine, Chrome contacts Google when you start searching or when you change networks, so that you can get the best local web address for sending search queries. If you are signed in to a Google site or signed in to Chrome and Google is your default search engine, searches that you perform using the address bar in Chrome are stored in your Google account.
Search prediction service. To help you find information faster, Chrome uses the prediction service provided by your default search engine to offer likely completions to the text you are typing. When you search using the address bar in Chrome, the characters you type (even if you haven’t pressed "enter" yet) are sent to your default search engine. If Google is your default search engine, predictions are based on your own search history, topics related to what you’re typing and what other people are searching for. Find out more. Predictions can also be based on your browsing history. Find out more.
Navigation assistance. When you can’t connect to a web page, you can get suggestions for alternative pages similar to the one that you're trying to reach. In order to offer you suggestions, Chrome sends Google the URL of the page that you're trying to reach.
Autofill and password management. Chrome sends Google limited, anonymous information about the web forms that you encounter, including a hashed URL of the web page and details of the form's structure, so that we can improve our Autofill and password management services.
Payments. If you are signed in to the Chrome browser and you have credit cards stored in your Google payments account, then Chrome will offer you the option of filling those cards into web forms. In addition, if you enter a new credit card into a web form, Chrome will offer to save your credit card and related billing information to your Google payments account. If you use a card from Google Payments or choose to save your credit card in your Google Payments account for future use, Chrome will collect information about your computer and share it with Google Payments to protect you from fraud. On Android, if supported by the merchant, Chrome will also allow you to pay using Android Pay.
Language. In order to customise your browsing experience based on languages that you prefer to read, Chrome will keep count of the most popular languages of the sites that you visited. This language preference will be sent to Google to customise your experience in Chrome. If you are signed in to Chrome, this language profile will be associated with your Google account and, if you include Chrome history in your Google Web & App Activity, may be used to personalise your experience in other Google products. View Activity Controls.
Web Apps on Android. On Android devices, if you select "add to homescreen" for a website that has been optimised for fast, reliable performance on mobile devices, then Chrome will use a Google server to create a native Android package for that website on your device. The Android package allows you to interact with the web app as you would with an Android app. For example, the web app will appear in your list of installed apps. Find out more.
Usage statistics and crash reports. By default, usage statistics and crash reports are sent to Google to help us improve our products. Usage statistics contain information such as preferences, button clicks and memory usage. In general, usage statistics do not include web page URLs or personal information, but, if you are signed in to Chrome and syncing your browsing history in your Google account without a sync passphrase, then Chrome usage statistics include information about the web pages that you visit and your usage of them. For example, we may collect statistics to identify web pages that load slowly. We use this information to improve our products and services, and to give web developers insight into improving their pages. Crash reports contain system information at the time of the crash and may contain web page URLs or personal information, depending on what was happening at the time the crash report was triggered. We may share aggregated, non-personally identifiable information publicly and with partners – like publishers, advertisers or web developers. You can change whether usage statistics and crash reports are sent to Google at any time. Learn more. If Google Play apps are enabled on your Chromebook and Chrome usage statistics are enabled, then Android diagnostic and usage data is also sent to Google.
Media licences. Some websites encrypt media to protect against unauthorised access and copying. For HTML5 sites, this key exchange is done using the Encrypted Media Extensions API. In the process of allowing access to this media, session identifiers and licences may be stored locally. These identifiers can be cleared by the user in Chrome using Clear Browsing Data with "Media licences" enabled. For sites that use Adobe Flash Access, Chrome browser for Windows or Chrome OS provides a unique identifier to content partners and websites. The identifier is stored on your system. You can deny this access in the settings under Content Settings, Protected content, and reset the ID using Clear Browsing Data with "Media licences" enabled. If you access HD content on Chrome OS, a content provider may ask Chrome for a certificate to verify the eligibility of the device. To verify your device, your Chromebook will share data about its hardware attributes with the website, and will use Verified Access to certify that its cryptographic keys are protected by Chrome hardware. Chrome will prompt you to allow or deny this verification check. Find out more.
Other Google services. This notice describes the Google services that are enabled by default in Chrome. In addition, Chrome may offer other Google web services. For example, if you encounter a page in a different language, Chrome will offer to send the text to Google for translation. You will be notified of your options for controlling these services when you first use them. You can find more information in the Chrome Privacy Whitepaper.
Identifiers in Chrome
Chrome includes a number of identifiers necessary to power features. For example, if you use push messaging, an identifier is created in order to deliver notices to you. Where possible, we use non-unique identifiers and remove identifiers when they are no longer needed. Additionally, the following identifiers help us to develop, distribute and promote Chrome, but are not directly related to a Chrome feature.
Installation tracking. Each copy of the Windows desktop version of the Chrome browser includes a temporary randomly generated installation number that is sent to Google when you install and first use Chrome. This temporary identifier helps us estimate the number of installed browsers and will be deleted the first time Chrome updates. The mobile version of Chrome uses a variant of the device identifier on an ongoing basis to track the number of installations of Chrome.
Promotion tracking. In order to help us track the success of promotional campaigns, Chrome generates a unique token that is sent to Google when you first run and use the browser. In addition, if you received or reactivated your copy of the desktop version of the Chrome browser as part of a promotional campaign and Google is your default search engine, then searches from the omnibox will include a non-unique promotional tag. All mobile versions of the Chrome browser also include a non-unique promotional tag with searches from the omnibox. Chrome OS may also send a non-unique promotional tag to Google periodically (including during initial setup) and when performing searches with Google. Find out more.
Field trials. We sometimes conduct limited tests of new features. Chrome includes a seed number that is randomly selected on first run to assign browsers to experiment groups. Experiments may also be limited by country (determined by your IP address), operating system, Chrome version and other parameters. A list of field trials that are currently active on your installation of Chrome is included in all requests sent to Google. Find out more.
Signed-in Chrome mode
When you sign in to the Chrome browser or a Chromebook with your Google Account, your personal browsing data is saved on Google's servers and synced with your account. This type of information can include:
- Browsing history
- Passwords and Autofill information
- Other browser settings, such as installed extensions
These settings are automatically loaded for you any time you sign in to Chrome on other computers and devices. To customise the specific information that you synchronise, use the "Settings" menu. Find out more. You can see the amount of Chrome data stored for your Google account and manage it on the Chrome Sync Dashboard. On the Dashboard, except for Google accounts created through Family Link, you can also disable synchronisation completely and delete all the associated data from Google’s servers. Find out more. For children with Google Accounts created in Family Link, sign-in is required and Chrome Sync cannot be disabled because it provides parental management features, such as website restrictions. However, children with these accounts can still delete their data and disable synchronisation of most data types. Find out more. The Privacy Notice for Google Accounts created in Family Link applies to Chrome Sync data stored in those accounts.
How Chrome handles your signed-in information
When you sync Chrome with your Google account, we use your browsing data to improve and personalise your experience within Chrome. You can also personalise your experience on other Google products by allowing your Chrome history to be included in your Google Web & App Activity. Find out more.
You can change this setting on your Account History page or manage your private data whenever you like. If you don't use your Chrome data to personalise your Google experience outside of Chrome, Google will only use your Chrome data after it is anonymised and aggregated with data from other users. Google uses this data to develop new features, products and services and to improve the overall quality of existing products and services. If you would like to use Google's cloud to store and sync your Chrome data but you don't want Google to access the data, you can encrypt all of your synced data with your own sync passphrase. Find out more.
Incognito mode and guest mode
You can limit the information that Chrome stores on your system by using incognito mode or guest mode. In these modes, Chrome won't store certain information, such as:
- Basic browsing history information such as URLs, cached page text or IP addresses of pages linked from the websites that you visit
- Snapshots of pages that you visit
- Records of your downloads, although the files that you download will still be stored elsewhere on your computer or device
How Chrome handles your incognito or guest information
Cookies. Chrome won't share existing cookies with sites that you visit in incognito or guest mode. Sites may deposit new cookies on your system while you are in these modes, but they'll only be stored and transmitted until you close the last incognito or guest window.
Browser configuration changes. When you make changes to your browser configuration, such as bookmarking a web page or changing your settings, this information is saved. These changes are not affected by incognito or guest mode.
Permissions. Permissions that you grant in incognito mode are not saved to your existing profile.
Profile information. In incognito mode, you will still have access to information from your existing profile, such as suggestions based on your browsing history and saved passwords, while you are browsing. In guest mode, you can browse without seeing information from any existing profiles.
Managing Users in Chrome
Managing users for personal Chrome use
You can set up personalised versions of Chrome for users sharing one device or computer. Note that anyone with access to your device can view all the information in all profiles. To truly protect your data from being seen by others, use the built-in user accounts in your operating system. Find out more.
Managing users on Chrome for Enterprise
Some Chrome browsers or Chromebooks are managed by a school or company. In that case, the administrator has the ability to apply policies to the browser or Chromebook. Chrome contacts Google to check for these policies when a user first signs in to Chrome or starts browsing without signing in (except in guest mode). Chrome checks periodically for updates to policies.
An administrator can set up a policy for status and activity reporting for Chrome, including location information for Chrome OS devices. Your administrators may also have the ability to access, monitor, use or disclose data accessed from your managed device.
Safe Browsing practices
Google Chrome and certain third-party browsers, like some versions of Mozilla Firefox and Apple’s Safari, include Google's Safe Browsing feature. With Safe Browsing, information about suspicious websites is sent and received between the browser you are using and Google's servers.
How Safe Browsing works
Your browser contacts Google's servers periodically to download the most recent "Safe Browsing" list, which contains known phishing and malware sites. The most recent copy of the list is stored locally on your system. Google doesn't collect any account information or other personally identifying information as part of this contact. However, it does receive standard log information, including an IP address and cookies.
Each site you visit is checked against the Safe Browsing list on your system. If there's a match, your browser sends Google a hashed, partial copy of the site’s URL so that Google can send more information to your browser. Google cannot determine the real URL from this information. Find out more.
The following Safe Browsing features are specific to Chrome:
Some versions of Chrome feature Safe Browsing technology that can identify potentially harmful sites and potentially dangerous file types not already known by Google. The full URL of the site or potentially dangerous file might also be sent to Google to help determine whether the site or file is harmful.
Chrome uses Safe Browsing technology to scan your computer periodically, in order to detect unwanted software that prevents you from changing your settings or otherwise interferes with the security and stability of your browser. Find out more. If this kind of software is detected, Chrome might offer you the option to download the Chrome Cleanup Tool to remove it.
You can choose to send additional data to help improve Safe Browsing when you access a site that appears to contain malware or when Chrome detects unwanted software on your computer. Find out more.
If you use Chrome’s password manager, Safe Browsing checks with Google when you enter any saved password on an uncommon page to protect you from phishing attacks. In addition, Safe Browsing protects your Google Account password. If you enter it on a likely phishing site, Chrome will prompt you to change your Google account password. If you sync your browsing history, Chrome will also flag your Google account as likely phished.
If you are a Safe Browsing user and you are syncing your Chrome browsing history to your Google account, then, to improve the safety and utility of web feature permissions, Chrome may anonymously report the domains on which you grant, reject and revoke permissions, or ignore or dismiss permission prompts.
You can always choose to disable the Safe Browsing feature within Chrome.
Privacy practices of apps, extensions, themes, services and other add-ons
Before installing an add-on, you should review the requested permissions. Add-ons can have permission to do various things, like:
- Store, access and share data stored locally or in your Google Drive account
- View and access content on websites you visit
- Use notifications that are sent through Google servers
Chrome can interact with add-ons in a few different ways:
- Checking for updates
- Downloading and installing updates
- Sending usage indicators to Google about the add-ons
Some add-ons might require access to a unique identifier for digital rights management or for delivery of push messaging. You can disable the use of identifiers by removing the add-on from Chrome.
From time to time, Google might discover an add-on that poses a security threat, violates the developer terms for Chrome Web Store or violates other legal agreements, laws, regulations or policies. Chrome periodically downloads a list of these dangerous add-ons, in order to remotely disable or remove them from your system.
Google adheres to several self regulatory frameworks, including the EU-US Privacy Shield Framework. Learn more.
You may access some of our services by signing up for a Google Account and providing us with some personal information (typically your name, email address and a password). This account information will be used to authenticate you when you access Google services and protect your account from unauthorised access by others. You can edit or terminate your account at any time through your Google Account settings.
Like most websites, our servers automatically record the page requests made when you visit our sites. These "server logs" typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser.
Here is an example of a typical log entry where the search is for "cars", followed by a breakdown of its parts:
184.108.40.206 - 25/Mar/2003 10:15:32 -
Firefox 1.0.7; Windows NT 5.1 - 740674ce2123e969
220.127.116.11is the Internet Protocol address assigned to the user by the user’s ISP; depending on the user’s service, a different address may be assigned to the user by their service provider each time they connect to the Internet;
25/Mar/2003 10:15:32is the date and time of the query;
https://www.google.com/search?q=carsis the requested URL, including the search query;
Firefox 1.0.7; Windows NT 5.1is the browser and operating system being used; and
740674ce2123a969is the unique cookie ID assigned to this particular computer the first time it visited Google. (Cookies can be deleted by users. If the user has deleted the cookie from the computer since the last time s/he visited Google, then it will be the unique cookie ID assigned to the user the next time s/he visits Google from that particular computer).