Safeguarding your data.

Google is committed to keeping the information stored on its computer systems safe and secure. A multi-layered security strategy is implemented throughout the organization.

The Google Analytics security and privacy principles summarize the steps we take to help keep your data protected.

Our privacy policy

At Google, we are keenly aware of the trust you place in us and our responsibility to keep your privacy and data secure. As part of this responsibility, we let you know what information we collect when you use our products and services, why we collect it, and how we use it to improve your experience. The Google privacy policy & principles describes how we treat personal information when you use Google's products and services, including Google Analytics.

Google Analytics cookies

Google Analytics mainly uses first-party cookies to report on visitor interactions on your website. These cookies are used to store non-personally identifiable information. Browsers do not share first-party cookies across domains.

For customers that use the Google Analytics for Display Advertisers feature, a third-party DoubleClick cookie is used to enable features, such as remarketing for products like AdWords on the Google Display Network. For more information about this cookie, visit the Google Advertising Privacy FAQ. To manage your settings for this cookie and opt-out of this feature, visit the Ads Settings.

Customers that have enabled the analytics.js collection method via Universal Analytics can control whether they want to set a cookie or not. If the customer decides to set a cookie, the information stored in the local first-party cookie is reduced to a random identifier (e.g., 12345.67890).

Universal Analytics

Universal Analytics introduces more feature configuration options and new collection methods, including via the Measurement Protocol. Although these features don’t change the Google Analytics security and privacy principles very much, any site, app, or other digital device or service that implements certain features of Universal Analytics (like the Measurement Protocol) is responsible for providing notice and offering control to users and customers.

In case you use a service that has implemented Universal Analytics, check the notice given and choice offered by this service directly with the Google Analytics customer using such service, as the opt-out directly provided by Google Analytics does not affect data reported through certain features of Universal Analytics, such as the Measurement Protocol. For more information, review the Universal Analytics usage guidelines and the Universal Analytics security and privacy information.

Use of IP address

Every computer and device connected to the Internet is assigned an Internet Protocol (IP) address. IP address are usually assigned in country-based blocks and can often be used to identify the country, state, and city from which a computer is connecting to the Internet. Because IP addresses need to be used by websites in order for the Internet to function, website owners have access to the IP addresses of their visitors regardless of whether or not they use Google Analytics. Google Analytics uses IP addresses to provide and protect the security of the service, and to give website owners a sense of where in the world their visitors come from (also known as "IP geolocation").

Google Analytics does not share actual IP address information with Google Analytics customers. Additionally, a method known as IP masking gives website owners using Google Analytics the option to tell Google Analytics to use only a portion of an IP address, rather than the entire address, for geolocation.

Data confidentiality

Google Analytics protects the confidentiality of your data in several ways:

Privacy controls

Google provides the following controls to website owners that have implemented Google Analytics and website visitors to provide more choice on how their data is collected by Google Analytics.

Data sharing settings

The Google Analytics data sharing settings let you share your account data with other products and services. Sharing data provides feedback about Google Analytics we can use to build better features and education material for you. There are several types of data sharing settings that can be changed at any time. If no options are selected, your account data will be excluded from any automated processes that aren't specifically related to operating and improving Google Analytics or protecting the security and integrity of the data. Learn more about how to change the data sharing settings in your account.

Account administrator control over data

Google Analytics account administrators own their Google Analytics data.

Account users can export aggregated reports at any time from Google Analytics using the XML, PDF or CSV download options, or via the Google Analytics Core Reporting API. The exported data can be used independently without Google Analytics or with other applications/services in conjunction with Google Analytics.

Account users can also delete a profile within their Google Analytics account at any time.

Employee access controls and procedures

Google classifies Google Analytics data as confidential information. Employee access controls protect customer data from unauthorized access, and we conduct audits to ensure the controls are enforced.

Information security

In web-based computing, security of both data and applications is critical. Google dedicates significant resources towards securing applications and data handling to prevent unauthorized access to data.

Data is stored in an encoded format optimized for performance, rather than stored in a traditional file system or database manner. Data is dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering.

Google applications run in a multi-tenant, distributed environment. Rather than segregating each customer's data onto a single machine or set of machines, data from all Google customers (consumers, business, and even Google's own data) is distributed amongst a shared infrastructure composed of Google's many homogeneous machines and located in Google's data centers.

Operational security and disaster recovery

To minimize service interruption due to hardware failure, natural disaster, or other catastrophe, Google implements a comprehensive disaster recovery program at all of its data centers. This program includes multiple components to eliminate single point of failure, including the following: