Google updated its Gemini Apps Privacy Notice on July 1, 2026 to reflect expanded data collection and processing practices. The revised notice now explicitly discloses collection of data from third-party services connected through Model Context Protocol (MCP) server tools, adds a warning that Google does not monitor or secure data from custom third-party connected apps, and notes that users can employ temporary chats that are not used to improve Google AI. The notice also clarifies that users can manage settings through 'Gemini Spark settings' rather than 'Remote Browser Data settings'.
The updated privacy notice establishes that Google collects data from third-party services you connect to Gemini, including Model Context Protocol server tools, and that such connections are not monitored or secured by Google. The notice explicitly states that choosing to connect third-party apps may expose your data, passwords, devices, and accounts to unauthorized access. The revised terms also clarify that you can use temporary chats, which are not retained for AI improvement purposes with human reviewer assistance. You can manage connected app permissions through Gemini Spark settings.
The updated privacy notice expands disclosure of how data flows through third-party integrations and explicitly warns of security risks associated with custom app connections. These changes materially affect user understanding of data exposure and control, particularly for users who connect external tools or services to Gemini, and may influence vendor risk assessment for organizations incorporating Gemini into their technology stacks.
→ Review connected apps in Gemini Spark settings and disconnect any third-party services you no longer use.
→ Consider using temporary chats for sensitive conversations if you prefer they not be retained or used for AI training.
→ Third-party apps you have connected to Gemini will continue collecting and processing your data in ways that Google does not monitor or secure, consistent with the updated notice.
→ Your general conversation data will continue to be used for AI improvement purposes unless you explicitly use temporary chats as described.
ConductAtlas has recorded 5 material changes to this document over 99 days of monitoring (since March 2026). An additional minor or cosmetic changes were excluded.
3 of Google Gemini's significant changes have been classified as negative for consumers.
Updated notice explicitly discloses collection from Model Context Protocol server tools and warns that Google does not monitor or secure such data.
Clarified that temporary chats are not used for AI training or human review, providing a data-minimization option.
Reference updated from 'Remote Browser Data setting' to 'Gemini Spark settings,' creating ambiguity about scope of user control.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Google now explicitly tells you it collects data from third-party services you connect, not just from Google's own apps.
Google explicitly warns you that third-party apps you connect are not monitored or secured by Google and could expose your sensitive information.
+ 1 more obligation changes. Full breakdown available with Monitor.
Track changes →The July 1, 2026 update to Google's Gemini Apps Privacy Notice materially expands disclosure of third-party data processing and adds explicit language warning of security risks from custom app connections. Organizations using Google Gemini in vendor stacks should review whether the new disclosure of MCP server tool integration and the explicit security warning trigger updates to their own privacy notices, data processing agreements, or risk assessments. The addition of temporary chat functionality may also affect retention and training data policies reflected in customer-facing materials. No specific regulatory deadline is stated, but the change appears designed to address transparency and risk disclosure expectations under general privacy regimes.
GDPR (lawfulness of processing basis for third-party data; transparency requirements for data subjects), CCPA (disclosure of data sales or sharing to third parties), FTC Act Section 5 (unfair or deceptive practices; adequacy of security warnings).
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003384.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorGoogle Gemini updated its privacy notice on May 24, 2026 with two minor language corrections. The first change fixed the …
Google Gemini updated its privacy notice on May 19, 2026 to add new disclosure sections, clarify how data collection works …
Google Gemini updated its privacy notice on May 13, 2026 to expand the stated purpose of personalizing user experience. The …
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the …
TikTok's data collection extends to device sensors, clipboard content, geolocation, and cross-site tracking. Here is what their Privacy Pol…
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.