Safeguarding your data.
Google is committed to keeping the information stored on its computer systems safe and secure. A multi-layered security strategy is implemented throughout the organisation.
The Google Analytics security and privacy principles summarise the steps that we take to help keep your data protected.
Google Analytics Cookies
Google Analytics mainly uses first-party cookies to report on visitor interactions on your website. These cookies are used to store non-personally identifiable information. Browsers do not share first-party cookies across domains.
For customers that use the Google Analytics for Display Advertisers feature, a third-party DoubleClick cookie is used to enable features, such as remarketing for products like AdWords on the Google Display Network. For more information about this cookie, visit the Google Advertising Privacy FAQ. To manage your settings for this cookie, or opt out of this feature, visit the Ads Settings.
Customers that have enabled the analytics.js collection method via Universal Analytics can control whether they want to set a cookie or not. If the customer decides to set a cookie, the information stored in the local first-party cookie is reduced to a random identifier (e.g. 12345.67890).
Use of IP address
Every computer and device connected to the Internet is assigned an Internet Protocol (IP) address. IP addresses are usually assigned in country-based blocks and can often be used to identify the country, state and city from which a computer is connecting to the Internet. Because IP addresses need to be used by websites in order for the Internet to function, website owners have access to the IP addresses of their visitors regardless of whether or not they use Google Analytics. Google Analytics uses IP addresses to provide and protect the security of the service, and to give website owners a sense of where in the world their visitors come from (also known as "IP geolocation").
Google Analytics does not share actual IP address information with Google Analytics customers. Additionally, a method known as IP masking gives website owners using Google Analytics the option to tell Google Analytics to use only a portion of an IP address, rather than the entire address, for geolocation.
Google Analytics protects the confidentiality of your data in several ways:
Google Analytics customers are prohibited from sending personal information to
The Google Analytics terms of service, which all Google Analytics customers must adhere to, prohibits sending personally identifiable information (PII) to Google Analytics. PII includes any data that can be used by Google to identify an individual, including (but not limited to) names, email addresses or billing information.
Data cannot be shared without consent.
Google Analytics data may not be shared without customer consent, except under certain limited circumstances, such as when required by law.
Google Analytics continues to invest in security.
Security-dedicated engineering teams at Google guard against external threats to data. Internal access to data (e.g. by employees) is regulated and subject to the Employee Access Controls and Procedures.
Google provides the following controls to website owners that have implemented Google Analytics and website visitors to provide more choice on how their data is collected by Google Analytics.
Google Analytics opt-out browser add-on
Disable Google Analytics and implement independent opt-out
Some sites using Google Analytics implement the Remarketing with Google Analytics feature, which makes use of the third-party DoubleClick cookie. Users can opt out of this feature, and manage their settings for this cookie using the Ads Settings.
Google Analytics SDK and Measurement Protocol notice and opt out
The owners of any site, app or other digital device or service that implements any alternative collection method and/or feature via the Google Analytics SDK or the Measurement Protocol are required by our policies to provide notice and offer a choice (such as an opt out) to users.
Data sharing settings
The Google Analytics data sharing settings let you share your account data with other products and services. Sharing data provides feedback about Google Analytics that we can use to build better features and education material for you. There are several types of data sharing settings that can be changed at any time. If no options are selected, your account data will be excluded from any automated processes that aren't specifically related to operating and improving Google Analytics or protecting the security and integrity of the data. Learn more about how to change the data sharing settings in your account.
Account administrator control over data
Google Analytics account administrators own their Google Analytics data.
Account users can export aggregated reports at any time from Google Analytics using the XML, PDF or CSV download options, or via the Google Analytics Core Reporting API. The exported data can be used independently without Google Analytics or with other applications/services in conjunction with Google Analytics.
Account users can also delete a profile within their Google Analytics account at any time.
Employee access controls and procedures
Google classifies Google Analytics data as confidential information. Employee access controls protect customer data from unauthorised access and we conduct audits to ensure that the controls are enforced.
- Access to customer-level account data may be granted on a strict need-only basis to employees who require specific access to perform their jobs. Employees requesting access must explain why they need the access, demonstrate familiarity with the access policy and agree to its terms and conditions and receive approval before they can access the data
- Customer Service Representatives and support personnel may not access customer-level data without explicit permission from the customer.
- When accessing customer data, employees will restrict activity to those reports that they need to complete their official duties.
- Employees may not access data using any network-enabled device not owned or approved by Google.
In web-based computing, security of both data and applications is critical. Google dedicates significant resources towards securing applications and data handling to prevent unauthorised access to data.
Data is stored in an encoded format optimised for performance, rather than stored in a traditional file system or database manner. Data is dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering.
Google applications run in a multi-tenant, distributed environment. Rather than segregating each customer's data onto a single machine or set of machines, data from all Google customers (consumers, business, and even Google's own data) is distributed amongst a shared infrastructure composed of Google's many homogeneous machines and located in Google's data centers.
Operational security and disaster recovery
To minimise service interruption due to hardware failure, natural disaster or other catastrophe, Google implements a comprehensive disaster recovery programme at all of its data centres. This programme includes multiple components to eliminate single point of failure, including the following:
To help ensure availability in the event of a disaster, Google Analytics data stored in Google's distributed file system is replicated to separate systems in different data centres.
Geographical distribution of data centres
Google operates a geographically distributed set of data centres that is designed to maintain service continuity in the event of a disaster or other incident in a single region. High-speed connections between the data centres help ensure swift failover. Management of the data centres is also distributed to provide location-independent, around-the-clock coverage and system administration.
Resilient and redundant infrastructure
Google's computing clusters are designed with resiliency and redundancy in mind, helping minimise single points of failure and the impact of common equipment failures and environmental risks. Dual circuits, switches, networks and other necessary devices are utilised to provide redundancy. Facilities infrastructure at the data centres has been designed to be robust, fault tolerant and concurrently maintainable.
Continuity plan in the event of disaster
In addition to the redundancy of data and regionally disparate data centres, Google also has a business continuity plan for its headquarters in Mountain View, CA. This plan accounts for major disasters, such as a seismic event or a public health crisis, and it assumes that people and services may be unavailable for up to 30 days. This plan is designed to enable continued operations of our services for our customers.