Stay organized with collections
Save and categorize content based on your preferences.
The Policies for Actions on Google require all Actions to post a link to their privacy policy in the Directory. This guide explains Google's minimum expectations of what your privacy policy should include. It doesn't, however, address all possible use cases or issues. Your privacy policy, along with any in-Action disclosures, should comprehensively and accurately disclose all of your privacy practices. Your Action and privacy policy must also comply with all applicable laws and regulations, so you may need to include additional or different information based on the laws and regulations applicable to you or your Action.
Why we require a privacy policy
Privacy disclosures — made via a privacy policy and in-Action conversations — help users understand what data you collect, why you collect it, and what you do with it. The disclosures should be comprehensive, accurate, and easy to understand by users. Users will have an opportunity to review the policy when they browse actions in the Directory, and we encourage developers to make it available on their website and other convenient places.
What a basic privacy policy should say
At a minimum, your privacy policy should answer the three questions below. You can also consider addressing additional topics, such as your information security practices, how users can change or delete their data, and how long you retain users' data.
Remember, your policy needs to accurately describe your specific Action, so not everything in this guide may be applicable and you may need to disclose practices not described here. If you handle information outside of the Google Assistant, such as through an app or website, your policy should consider all the ways the user could interact with your service and disclose the collection, use, and sharing for those interactions.
What information do you collect?
In your policy you should disclose all the information your Action collects. This includes information that you may collect automatically, such as server and HTTP logs, data transmitted by the Actions on Google API to you, and usage information. This also includes information that you get from the user, either directly or via the permissions API. You should also disclose whether you collect any persistent identifiers (like the Google ID).
How do you use the information?
In your policy, you should disclose how you use the information you collect. For example, you may use the information to provide certains services to users, to recognize them the next time they use your Action, or to send them promotional emails.
What information do you share?
In your policy, you should disclose the circumstances when you share information. For example, you may share information with third parties as part of the service (like a restaurant reservation Action), with other users (like a social network or forum), with marketing partners, or with service providers that assist with your service (like hosting companies or technology platforms).
Where to host your privacy policy
You can host your privacy policy with any publicly accessible URL, including a Google Site, public Google Doc, or a hosted PDF (such as http://mysite.com/my-privacy-policy.pdf).
Users can find a link to your project's privacy policy on its page in the Assistant directory.
Fill in your action's name, the title of the page, and text of your privacy policy. You can also adjust the theme and colors by selecting the Themes tab in the upper right corner.
Click Publish and give your site a name.
Copy and paste your site's URL in the Privacy Policy field when you publish your Action.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-18 UTC."],[[["\u003cp\u003eActions on Google requires all Actions to have a publicly accessible privacy policy disclosing data collection, usage, and sharing practices.\u003c/p\u003e\n"],["\u003cp\u003eThe privacy policy should clearly explain what user information is collected, how it's used, and under what circumstances it's shared with third parties.\u003c/p\u003e\n"],["\u003cp\u003eDevelopers can host their privacy policy on various platforms, such as Google Sites, Google Docs, or their own website, and must link it during Action publication.\u003c/p\u003e\n"],["\u003cp\u003ePrivacy policies must comply with all applicable laws and regulations, and may need to include additional disclosures beyond the basic requirements.\u003c/p\u003e\n"],["\u003cp\u003eUsers can access the privacy policy through the Assistant directory when browsing Actions.\u003c/p\u003e\n"]]],["Actions on Google must have a privacy policy linked in the Directory, detailing data collection, usage, and sharing practices. The policy should disclose all information collected, including automatically gathered data and user-provided information, and it must explain how that data is used, such as for service provision or marketing. Disclosures of data sharing with third parties are required, too. This policy should be hosted via a public URL and be associated with the Action's project name.\n"],null,["The Policies for Actions on Google require all Actions to post a link to their privacy policy in the Directory. This guide explains Google's minimum expectations of what your privacy policy should include. It doesn't, however, address all possible use cases or issues. Your privacy policy, along with any in-Action disclosures, should comprehensively and accurately disclose all of your privacy practices. Your Action and privacy policy must also comply with all applicable laws and regulations, so you may need to include additional or different information based on the laws and regulations applicable to you or your Action.\n\nWhy we require a privacy policy\n\nPrivacy disclosures --- made via a privacy policy and in-Action conversations --- help users understand what data you collect, why you collect it, and what you do with it. The disclosures should be comprehensive, accurate, and easy to understand by users. Users will have an opportunity to review the policy when they browse actions in the Directory, and we encourage developers to make it available on their website and other convenient places.\n\nWhat a basic privacy policy should say\n\nAt a minimum, your privacy policy should answer the three questions below. You can also consider addressing additional topics, such as your information security practices, how users can change or delete their data, and how long you retain users' data.\n| **Note:** Your privacy policy must be attributable to your Actions project. Make sure your privacy policy includes your project's name.\n\nRemember, your policy needs to accurately describe your specific Action, so not everything in this guide may be applicable and you may need to disclose practices not described here. If you handle information outside of the Google Assistant, such as through an app or website, your policy should consider all the ways the user could interact with your service and disclose the collection, use, and sharing for those interactions.\n\n- **What information do you collect?**\n\n In your policy you should disclose all the information your Action collects. This includes information that you may collect automatically, such as server and HTTP logs, data transmitted by the Actions on Google API to you, and usage information. This also includes information that you get from the user, either directly or via the permissions API. You should also disclose whether you collect any persistent identifiers (like the Google ID).\n- **How do you use the information?**\n\n In your policy, you should disclose how you use the information you collect. For example, you may use the information to provide certains services to users, to recognize them the next time they use your Action, or to send them promotional emails.\n- **What information do you share?**\n\n In your policy, you should disclose the circumstances when you share information. For example, you may share information with third parties as part of the service (like a restaurant reservation Action), with other users (like a social network or forum), with marketing partners, or with service providers that assist with your service (like hosting companies or technology platforms).\n\nWhere to host your privacy policy\n\nYou can host your privacy policy with any publicly accessible URL, including a [Google Site](https://sites.google.com/new), public [Google Doc](https://support.google.com/docs/answer/37579?ref_topic=2818998), or a hosted PDF (such as http://mysite.com/my-privacy-policy.pdf).\n\nUsers can find a link to your project's privacy policy on its page in the [Assistant directory](/assistant/directory).\n\nUse Google Sites for a Privacy Policy\n\n1. Go to [Google Sites](http://sites.google.com/new) and [create a new site](https://support.google.com/sites/answer/6372878?ref_topic=6372877).\n\n2. Fill in your action's name, the title of the page, and text of your privacy policy. You can also adjust the theme and colors by selecting the Themes tab in the upper right corner.\n\n3. Click **Publish** and give your site a name.\n\n4. Copy and paste your site's URL in the **Privacy Policy** field when you [publish your Action](/assistant/console/publish#directory_information)."]]
