Google employees and contractors may read and annotate the conversations you have with Gemini, even though Google states steps are taken to disconnect conversations from your account before review.
This analysis describes what Google Gemini's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The notice explicitly authorizes human access to conversation content, and the policy advises users not to submit anything they would not want reviewed, signaling that conversation content is not treated as fully private.
The updated privacy notice establishes that Google collects data from third-party services you connect to Gemini, including Model Context Protocol server tools, and that such connections are not monitored or secured by Google. The notice explicitly states that choosing to connect third-party apps may expose your data, passwords, devices, and accounts to unauthorized access. The revised terms also clarify that you can use temporary chats, which are not retained for AI improvement purposes with human reviewer assistance. You can manage connected app permissions through Gemini Spark settings.
View change record →The updated notice adds new disclosure sections explaining how data flows when using Gemini Spark (remote browser and computer access), how avatar creation collects and processes information, and clarifies that Google collects information about AI reasoning steps during task execution. The notice also refines language around subscription information to specify 'Google AI plan' rather than just generic 'paid subscription.' These changes do not establish new obligations but rather expand the transparency disclosures provided to users about existing and new features.
View change record →The updated notice now explicitly identifies Memory as a feature that operates on the basis of user consent, alongside Voice Match. The revised language removes prior geographic restrictions on personalization, meaning Gemini can now reference chat history to generate personalized insights for all users globally, not just those outside the EEA, Switzerland, and the UK. The removal of the statement 'Keep Activity must be on to use this feature' simplifies the operational requirement but does not establish a new obligation. You can learn how to turn the Memory feature on or off through the updated privacy notice.
View change record →Previous version had no excerpt text; current version provides detailed explanation of human review process, privacy protections, and reviewer composition.
View full change record →Any conversation content submitted to Gemini, including personal details, questions, or information shared in context, may be accessed and annotated by Google employees or contractors. The notice advises users to avoid submitting sensitive information they would not want reviewed.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Google Gemini has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"To help with safety and quality purposes, human reviewers read, annotate, and process your conversations with Gemini apps. These reviewers are Google employees and contractors, including specialized companies that Google works with. We take steps to protect your privacy as part of this process, including disconnecting your conversations from your Google Account before reviewers can access them. Please don't submit anything you wouldn't want reviewed or used.— Excerpt from Google Gemini's Gemini Apps Privacy Notice
REGULATORY LANDSCAPE: This provision implicates GDPR Articles 5 and 6 (lawful basis and purpose limitation), Article 13 (transparency obligations), and potentially Article 9 if special category data is incidentally submitted. The Irish Data Protection Commission is the lead EU supervisory authority for Google. For California users, CPRA provisions regarding sensitive personal information and the right to limit use may apply depending on the nature of conversation content. GOVERNANCE EXPOSURE: High. The disclosure that human reviewers access conversation content creates operational risk for organizations whose employees or customers submit confidential, legally privileged, or sensitive personal information through Gemini. The notice's own advisory to avoid submitting sensitive content acknowledges the scope of this access. JURISDICTION FLAGS: EU/EEA users have heightened exposure given GDPR purpose limitation and data minimisation requirements. Organizations in regulated industries (legal, healthcare, financial services) face additional exposure if employees submit client or patient information. The notice does not specify the geographic location of reviewers or subcontractors, which may be relevant for cross-border data transfer assessments under GDPR Chapter V. CONTRACT AND VENDOR IMPLICATIONS: Procurement and legal teams should determine whether Google's standard consumer terms or enterprise agreements govern Gemini use in their organization. The human review provision may conflict with confidentiality obligations in employment contracts, client agreements, or professional regulations. A Data Processing Agreement with Google may be required for business users under GDPR Article 28. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether acceptable use policies for AI tools adequately address the human review disclosure. Data protection impact assessments may be warranted for high-risk processing scenarios. Organizations should consider whether to issue guidance restricting the types of information employees may submit to Gemini.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The notice explicitly authorizes human access to conversation content, and the policy advises users not to submit anything they would not want reviewed, signaling that conversation content is not treated as fully private.
Any conversation content submitted to Gemini, including personal details, questions, or information shared in context, may be accessed and annotated by Google employees or contractors. The notice advises users to avoid submitting sensitive information they would not want reviewed.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Google Gemini.