Google collects your prompts, uploaded documents, other inputs, and AI-generated outputs when you use NotebookLM, and this data is handled under Google's Privacy Policy.
This analysis describes what NotebookLM's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The terms confirm that prompts, uploaded files, and AI outputs are collected by Google and subject to its Privacy Policy; users who want to understand the full scope of data collection and retention should review both this document and the Google Privacy Policy.
Interpretive note: Full details of data retention, sharing, and deletion practices are governed by the Google Privacy Policy, which is incorporated by reference but not reproduced here; the operational scope of data use for service improvement purposes requires review of that separate document.
Every prompt, document upload, and AI-generated output in NotebookLM is collected by Google and used to provide and improve services, as stated in these terms. Users handling sensitive personal, business, or confidential information through NotebookLM should review the Google Privacy Policy to understand retention, sharing, and deletion practices for this data.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
NotebookLM has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our generative AI features are subject to the Google Privacy Policy. When you use generative AI features, Google collects information including your prompts, uploads, and other inputs, as well as outputs, to provide and improve the services.— Excerpt from NotebookLM's Google Generative AI Terms
REGULATORY LANDSCAPE: This provision directly engages GDPR for EU/EEA users regarding the collection and processing of personal data in prompts and uploads, CCPA for California residents regarding the collection and use of personal information, and potentially HIPAA if health information is submitted in uploads or prompts. The relevant enforcement authorities include EU data protection authorities, the California Privacy Protection Agency, and HHS OCR for health data. The FTC has general oversight authority over data practices. GOVERNANCE EXPOSURE: High for organizations whose employees may input personal data, client data, or regulated information into NotebookLM prompts or uploads. The collection of outputs as well as inputs is notable, as it means the full interaction record is retained. JURISDICTION FLAGS: GDPR creates heightened obligations for EU/EEA users, including rights of access, erasure, and data portability that must be honored. CCPA creates rights for California residents regarding the sale or sharing of personal information and access to collected data. Healthcare organizations subject to HIPAA should assess whether inputs to NotebookLM constitute protected health information. CONTRACT AND VENDOR IMPLICATIONS: Organizations should assess whether a GDPR Data Processing Agreement is in place with Google for NotebookLM use, and whether Google's standard DPA terms are adequate for their data categories. HIPAA-covered entities should evaluate Business Associate Agreement requirements before using NotebookLM for any health-related work. COMPLIANCE CONSIDERATIONS: Data mapping exercises should include NotebookLM as a data processing endpoint and document what categories of data are being inputted. Privacy impact assessments may be warranted for EU operations. Access and deletion rights under GDPR and CCPA should be verifiable through Google's account privacy tools.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The terms confirm that prompts, uploaded files, and AI outputs are collected by Google and subject to its Privacy Policy; users who want to understand the full scope of data collection and retention should review both this document and the Google Privacy Policy.
Every prompt, document upload, and AI-generated output in NotebookLM is collected by Google and used to provide and improve services, as stated in these terms. Users handling sensitive personal, business, or confidential information through NotebookLM should review the Google Privacy Policy to understand retention, sharing, and deletion practices for this data.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by NotebookLM.