When you use Gemini extensions connected to third-party services, your conversation content may be passed to those third parties, who handle it under their own separate privacy policies.
This analysis describes what Google Gemini's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The terms authorize sharing of conversation content with third-party extension providers, whose data practices are governed by their own policies rather than Google's, meaning users interacting with extensions should review each third party's privacy terms.
The updated notice adds new disclosure sections explaining how data flows when using Gemini Spark (remote browser and computer access), how avatar creation collects and processes information, and clarifies that Google collects information about AI reasoning steps during task execution. The notice also refines language around subscription information to specify 'Google AI plan' rather than just generic 'paid subscription.' These changes do not establish new obligations but rather expand the transparency disclosures provided to users about existing and new features.
View change record →The updated notice now explicitly identifies Memory as a feature that operates on the basis of user consent, alongside Voice Match. The revised language removes prior geographic restrictions on personalization, meaning Gemini can now reference chat history to generate personalized insights for all users globally, not just those outside the EEA, Switzerland, and the UK. The removal of the statement 'Keep Activity must be on to use this feature' simplifies the operational requirement but does not establish a new obligation. You can learn how to turn the Memory feature on or off through the updated privacy notice.
View change record →The updated privacy notice now discloses that Gemini can use data from connected Google apps and imported memory or chats from other AI platforms to personalize your experience and to improve services, including training generative AI models. This data is treated similarly to other Gemini activity. You can manage or delete your imported activity anytime through the Activity controls.
View change record →If you enable Gemini extensions, conversation data may be shared with those third-party services, and Google's privacy protections do not extend to how those parties handle your data. Users should review the privacy policies of any third-party extensions they enable.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Google Gemini has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you use extensions in Gemini apps, your conversations may be shared with the third-party services you interact with through those extensions. Those third-party services have their own privacy policies that govern how they handle your data.— Excerpt from Google Gemini's Gemini Apps Privacy Notice
REGULATORY LANDSCAPE: Third-party data sharing through extensions implicates GDPR Article 26 (joint controllers) or Article 28 (processor obligations) depending on the role of the third party, as well as CCPA provisions regarding disclosure of data sharing with third parties. The delineation of responsibility between Google and extension providers requires evaluation under applicable law. EU supervisory authorities and the FTC are relevant oversight bodies. GOVERNANCE EXPOSURE: Medium. The notice discloses that third parties govern their own data handling, which may create a gap in user protections when conversation content including personal data is shared through extensions. Organizations using Gemini in enterprise contexts should assess which extensions are enabled and whether third-party data handling meets their compliance requirements. JURISDICTION FLAGS: EU/EEA users face heightened exposure, as GDPR requires clear allocation of controller and processor responsibilities in data sharing arrangements. The notice's reference to third-party policies without specifying those parties or their data practices may be insufficient for GDPR transparency requirements in some contexts. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should identify which third-party extensions are in use and assess those providers' privacy and security practices as part of vendor management. The notice's acknowledgment that third parties operate under separate policies may require supplemental due diligence. COMPLIANCE CONSIDERATIONS: Organizations should inventory enabled Gemini extensions and assess whether third-party data handling practices are compatible with their data protection obligations. Data maps should be updated to reflect potential third-party flows when extensions are active.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The terms authorize sharing of conversation content with third-party extension providers, whose data practices are governed by their own policies rather than Google's, meaning users interacting with extensions should review each third party's privacy terms.
If you enable Gemini extensions, conversation data may be shared with those third-party services, and Google's privacy protections do not extend to how those parties handle your data. Users should review the privacy policies of any third-party extensions they enable.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Google Gemini.