CCPA

Hey there,

Thank you for reaching out on this!

Our existing contracts provide extensive privacy and security commitments. The data customers disclose to Google is subject to a written contract to provide Firebase and Cloud services. The existing definition of "Non-European Data Protection Legislation" in the DPA/DPST includes the CCPA and the DPA/DPST will apply to the processing of CA user data. In our contracts we commit to:

 Restrict the use of customer data
  • We only use customer data for the purposes specified in the contract.
  • For Firebase, see section 5.2 of the Firebase DPST (or Crashlytics and App Distribution DPST) which is incorporated into our Terms of Service.
  • For GCP, see section 5.2 of the DPST which is incorporated into the GCP Terms.
Restrict disclosure of customer data
  • We only disclose customer data to the Google group and subcontractors for the purpose of providing the Firebase services, and we do not otherwise disclose customer except with your consent or to comply with law.
  • For Firebase, see section 11 of the Firebase DPST (or Crashlytics and App Distribution DPST) which is incorporated into our Terms of Service.
  • For GCP, see section 11 of the DPST which is incorporated into the GCP Terms.
Protect the customer data
  • Google has implemented and maintains technical and organizational measures to protect customer data against loss or unauthorized access.
  • To ensure the continued effectiveness of our security measures, we maintain security certifications and assessments and demonstrate compliance with the commitments in our contracts by making available reports to customers on request. Further information about our certifications and compliance standards can be found here.
  • For Firebase, see section 7of the Firebase DPST (or Crashlytics and App Distribution DPST) which is incorporated into our Terms of Service.
  • For GCP, see section 7 of the DPST which is incorporated into the GCP Terms.
Provide customers with access to, and control over, their customer data
  • Google provides functionality to enable customers to access, rectify and restrict processing of customer data.
Provide customers with the ability to delete customer data
  • Google provides functionality to enable customers to delete customer data. For example:
  1. Firebase users can delete specific resources, a Firebase project or app, or a Google account.
  2. Firebase services support a variety of options for managing their data. Examples include deleting specific data or records deletion, pseudonymous data collection, and automatic data TTL.
  • For Firebase, see section 6 of the Firebase DPST (or Crashlytics and App Distribution DPST) which is incorporated into our Terms of Service.
  • For GCP, see section 6 of the DPST which is incorporated into the GCP Terms.
Hope you find this information helpful!

Feedback and Knowledge Base