Google Gemini · Gemini Apps Privacy Notice · View original document ↗

Conversation Data Retention Period

Medium severity High confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Google Gemini Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Google retains your Gemini conversations for up to 3 years by default. Even if you turn off Gemini Apps Activity, Google keeps conversations for up to 36 hours for safety and service reasons.

This analysis describes what Google Gemini's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The 3-year default retention period means conversation data, including any personal information submitted, is stored for an extended period unless the user actively manages deletion. The 36-hour retention window when activity controls are off means there is no option to prevent all retention of conversation content.

Recent Activity

This document changed recently

Medium Jul 1, 2026

The updated privacy notice establishes that Google collects data from third-party services you connect to Gemini, including Model Context Protocol server tools, and that such connections are not monitored or secured by Google. The notice explicitly states that choosing to connect third-party apps may expose your data, passwords, devices, and accounts to unauthorized access. The revised terms also clarify that you can use temporary chats, which are not retained for AI improvement purposes with human reviewer assistance. You can manage connected app permissions through Gemini Spark settings.

View change record →
Medium May 21, 2026

The updated notice adds new disclosure sections explaining how data flows when using Gemini Spark (remote browser and computer access), how avatar creation collects and processes information, and clarifies that Google collects information about AI reasoning steps during task execution. The notice also refines language around subscription information to specify 'Google AI plan' rather than just generic 'paid subscription.' These changes do not establish new obligations but rather expand the transparency disclosures provided to users about existing and new features.

View change record →
Medium Apr 30, 2026

The updated notice now explicitly identifies Memory as a feature that operates on the basis of user consent, alongside Voice Match. The revised language removes prior geographic restrictions on personalization, meaning Gemini can now reference chat history to generate personalized insights for all users globally, not just those outside the EEA, Switzerland, and the UK. The removal of the statement 'Keep Activity must be on to use this feature' simplifies the operational requirement but does not establish a new obligation. You can learn how to turn the Memory feature on or off through the updated privacy notice.

View change record →

Clause Stability Mostly Stable

1
Change
3
Months Monitored
May 12, 2026
First Seen
May 20, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.
This clause has changed once in 3 months of monitoring.

Change history

removed May 21, 2026

The removal of specific retention timeframes and the clarification that turning off Activity prevents model training use reduces transparency about actual data handling practices.

View full change record →
modified May 13, 2026

Renamed from '3-Year Conversation Data Retention' to 'Conversation Data Retention Period' and severity downgraded from high to medium; now includes detailed information about retention duration under different activity settings.

View full change record →

Consumer impact (what this means for users)

Conversations with Gemini are retained for up to 3 years by default, and even disabling Gemini Apps Activity does not eliminate retention, as the policy states conversations are still kept for up to 36 hours. Users who want to minimize retention should actively delete conversations and disable the activity setting.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Visit myactivity.google.com, select Gemini Apps activity, and delete conversations. You can also set an auto-delete schedule in your Google Account activity settings.

How other platforms handle this

Grindr Medium

We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.

Threads Medium

We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.

Hinge Medium

After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.

See all platforms with this clause type →

Monitoring

Google Gemini has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
By default, we store your Gemini Apps conversations for up to 3 years. If you turn off Gemini Apps Activity, your conversations are saved for up to 36 hours for safety purposes and to provide the service, and aren't used to improve Google products. You can delete your Gemini Apps Activity at any time.

— Excerpt from Google Gemini's Gemini Apps Privacy Notice

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: This provision implicates GDPR Article 5(1)(e), which requires personal data not be kept longer than necessary for the purposes for which it is processed (storage limitation principle). The Irish Data Protection Commission is the lead EU supervisory authority. UK GDPR imposes equivalent storage limitation requirements. CCPA/CPRA does not impose specific retention limits but requires disclosed retention periods, which this provision satisfies. GOVERNANCE EXPOSURE: Medium. A 3-year default retention period for unstructured conversational data containing potentially sensitive personal information requires a documented legitimate purpose under GDPR. The 36-hour retention floor even when controls are disabled may require evaluation against user expectations and applicable storage limitation requirements. JURISDICTION FLAGS: EU/EEA and UK users are most affected given storage limitation obligations. The notice does not specify the legal basis for the 3-year retention period, which may require further assessment under GDPR Article 6. Organizations in sectors with shorter mandatory data deletion requirements face additional compliance tension. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers using Gemini should verify whether their Google Workspace or Cloud agreements provide different retention terms, as consumer privacy notices may not reflect enterprise data handling commitments. Vendor assessment processes should confirm whether the 3-year retention period is configurable for business accounts. COMPLIANCE CONSIDERATIONS: Organizations should update data maps to reflect Gemini conversation data retained at Google for up to 3 years. Data subject access requests and erasure requests under GDPR must account for this retention period. Compliance teams should assess whether users can be directed to delete conversations as part of standard data management procedures.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC oversees data retention and consumer privacy practices of technology companies under its unfair and deceptive practices authority.
    File a complaint →

Applicable regulations

EU AI Act
European Union
CCPA/CPRA
California, USA
Colorado AI Act
US-CO
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
EU AI Act - High Risk Provisions
EU
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Gemini Apps Privacy Notice
Entity
Google Gemini
Document last updated
May 5, 2026
Tracking information
First tracked
May 10, 2026
Last verified
May 12, 2026
Record ID
CA-P-011636
Document ID
CA-D-00326
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
d426afff362d09899b216ff87ee56636f0153c90c344ada869c6a4501c1ef7ba
Analysis generated
May 10, 2026 08:54 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Google Gemini
Document: Gemini Apps Privacy Notice
Record ID: CA-P-011636
Captured: 2026-05-10 08:54:31 UTC
SHA-256: d426afff362d0989…
URL: https://conductatlas.com/platform/google-gemini/gemini-apps-privacy-notice/conversation-data-retention-period/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Google Gemini's Conversation Data Retention Period clause do?

The 3-year default retention period means conversation data, including any personal information submitted, is stored for an extended period unless the user actively manages deletion. The 36-hour retention window when activity controls are off means there is no option to prevent all retention of conversation content.

How does this clause affect you?

Conversations with Gemini are retained for up to 3 years by default, and even disabling Gemini Apps Activity does not eliminate retention, as the policy states conversations are still kept for up to 36 hours. Users who want to minimize retention should actively delete conversations and disable the activity setting.

Is ConductAtlas affiliated with Google Gemini?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Google Gemini.