Device Access Program Terms of Service

The Smart Device Management APIs and tools ("SDM API") enable the interconnection and communication of devices and services of Google enterprise partners with Google's devices and services.

These terms of service include quality and functional rules, and other legal terms that we require all developers to accept and implement on an ongoing basis as a condition of accessing and using the SDM API and any documentation, materials, code, data (including Customer Data, as defined below), and other materials made available to you by Google (collectively with the SDM API, the "Device Access Developer Materials") to develop a client for use in connection with the SDM API ("Client").

(A) We may refer to "Google" as "we", "our", or "us" in the Terms. Google may use its affiliates in connection with the performance of its obligations and exercise of its rights under these Terms.

(B) The Terms apply to you, your subsidiaries and affiliates, your agents, the service provider(s) you work with, and both your and their employees, representatives, agents, and suppliers (collectively "you").

(C) Access to the SDM API is not guaranteed upon your acceptance of these terms and Google reserves the right to accept or reject your Client at its sole discretion.

  1. Applicable Terms.
    1. Incorporation by Reference. To the extent applicable, the following terms are incorporated by reference into these Terms:
      1. Google APIs Terms of Service. By accessing or using SDM API, you are agreeing to the Google APIs Terms of Service at https://developers.google.com/terms (or any other URL as Google may provide) and the additional terms, policies and guidelines stated or referenced in this document, including the Device Access Policies (the "Device Access Additional Terms"). The Device Access Additional Terms do not limit or amend the Google API Terms of Service unless expressly stated. Collectively, we refer to the Google APIs Terms of Service, the Device Access Additional Terms, any other applicable terms listed in this Section 1.1, any accompanying API documentation, and any applicable policies and guidelines as the "Terms." You agree to comply with the Terms and agree that the Terms control your relationship with us.
      2. Google API Services: User Data Policy. When you request access to Google user data using the SDM API, the Google API Services: User Data Policy at https://developers.google.com/terms/api-services-user-data-policy governs the use of the SDM API, including any collection and use of Google user data using the SDM API ("User Data Policy"). The Device Access Additional Terms do not limit or amend the Google API Services: User Data Policy unless expressly stated.
      3. Device Access Policies. All of your products, services, or materials must comply with technical guidelines and policies for SDM API available at https://developers.google.com/nest/device-access/policies which may be updated from time to time by Google (the "Device Access Policies").
      4. Terms for Other Product(s). If at any time your Services use other Google products or services ("Other Google Product(s)"), then the Google Terms of Service at https://policies.google.com/terms and Nest Terms of Service at https://support.google.com/googlenest/answer/9327735 and terms for those Other Google Product(s) will also apply. The use of third-party products or services is subject to their applicable terms.
      5. Any branding terms provided by Google (if applicable).
    2. Order of Precedence. To the extent there are any conflicts, the following order of precedence will apply:
      1. Other Google Product(s)' terms of service;
      2. Device Access Policies;
      3. other agreements between the parties covering the same subject;
      4. all other Device Access Additional Terms;
      5. Google API Services: User Data Policy; and
      6. Google APIs Terms of Service.
    3. All Other Terms are Void. Google objects to any additional or different terms in your terms of service or other documents, including any of your API terms of service. Those other terms of service and documents will be considered material alterations to these Terms and are void.
  2. General Definitions.
    1. "Approved Territories" means countries in which Google has launched the Google Nest Devices for commercial distribution as listed at https://support.google.com/googlenest?p=device_availability.
    2. "Customer Data" means user information collected by your Client, including any PII, device usage information, or other information derived from access to or use of any of the SDM API and other Device Access Developer Materials.
    3. "Google Nest Devices" means Google Nest branded products such as the Nest thermostats, Nest security cameras, Nest doorbell cameras, and any products listed at https://developers.google.com/nest/device-access/get-started#activate_a_supported_device.
    4. "including" means "including but not limited to".
    5. "Your Content" means all content made available by you to Google through the SDM API in connection with your Client necessary to set up an SDM API connection including brand features and other content you make available through any developer console, APIs, SDKs, and tools.
    6. "Your Services" means (a) your products, services, and technology, including Your Content; and (b) the products, services, and destinations to which you direct users through your Client.
    7. Any examples in these Terms are illustrative and not the sole examples of a particular concept.
  3. The SDM API.
    1. Territories.
      1. You will make SDM API available for use only with the Google Nest Devices and only in the Approved Territories and will only market and provide services using the SDM API in Approved Territories.
      2. You are responsible for ensuring that your affiliates, agents, contractors, partners and vendors ("Agents") make SDM API available for use only with Google Nest Devices and only in Approved Territories. You will be liable for any damages incurred by Google arising from violation of this use restriction by Agents, and such violation by its Agents will be deemed to be a violation of the Terms by you.
    2. API Features.

      The terms of the SDM API, or any features of SDM API and Device Access Developer Materials are subject to confidentiality obligations under the Non-Disclosure Agreement you entered into with Google.

      No party acquires any intellectual property rights under this agreement except the limited rights necessary to use the confidential information in connection with the SDM API. Further, each party recognizes that the other party may in the future develop or purchase products or services related to or similar to the subject matter of confidential information disclosed under the Direct Access program. Accordingly, recipient of the information may use Residuals for any purpose, including use in the acquisition, development, manufacture, promotion, sale, or maintenance of products and services; provided that this right to Residuals does not represent a license under any intellectual property and/or proprietary rights of disclosing party. The term 'Residuals' means information that is retained in the unaided memories of recipient's employees or contractors as permitted herein who have had access to the disclosing party's confidential information. Memory is unaided if the employee or contractor has not intentionally memorized the Confidential Information for the purpose of retaining and subsequently using or disclosing it.

    3. Prohibited Actions. Unless otherwise approved in writing by Google, you will not and will not authorize any third party to use the SDM API to:
      1. generate fraudulent, or otherwise invalid activity (including queries, clicks, or conversions);
      2. conceal ad- or transaction-related activity that must be disclosed to users under law;
      3. implement functionality that interferes with the core functionality of Google products or services;
      4. collect, aggregate, re-syndicate, retain, log, or store Customer Data received via the SDM API (except for specific device-related data listed in the Device Access Policies ("Device Related Data") ) beyond 10 trailing days from the date when the Customer Data is received. Device Related Data must be deleted under Section 3.6.2 (Privacy and PII) below;
      5. collect, aggregate, re-syndicate, retain, log or store any audio recordings, video footage, or audio or video livestreams received via the SDM API ("Audio Visual Data"). Notwithstanding any other provision in the Terms, the use of Audio Visual Data is strictly limited to the display of such data through your Client;
      6. Subject to Section 3.7 (Data Use), share Customer Data received via the SDM API with third parties;
      7. aggregate control of Google products, services, or Customer Data across multiple households except to the extent Google permits control of multiple households in a single Google account, or unless approved in writing by Google;
      8. create a Client that performs demand response or other energy or utility management programs intended to modify settings for the primary purpose of energy or utility savings, load reduction, or other energy or utility related targets for consumers, utility companies or other energy program or service providers, unless approved in writing by Google;
      9. offer or advertise a Client that provides emergency response, life-safety, or other critical use services that require notifications to be provided without interruption;
      10. create a Client or otherwise use Customer Data to evaluate end users or their property individually or in aggregate for insurance or other financial products and services;
      11. create a Client that functions substantially the same as the SDM API or other Device Access Developer Materials and offer it for use by third parties;
      12. call the SDM API without an initial direct and explicit end-user directed request in compliance with Section 3.6;
      13. (a) interfere with or disrupt the SDM API or the servers or networks providing the SDM API; (b) tamper with the security of any of the hardware, software or networks used by Google to make the Device Access Developer Materials available or tamper with any customer accounts; (c) disable, circumvent or avoid any security device, mechanism, protocol or procedure established by Google; or (d) permit others to do any of the foregoing;
      14. use any Customer Data for any purpose other than delivering Your Services in accordance with the express and affirmative permissions, consents, and authorizations obtained by you in compliance with applicable laws and the Terms. The analysis or use of Customer Data for other purposes not clearly authorized, such as developing or creating another service or for training machine learning models is specifically prohibited. You may only use Customer Data for purposes that have been expressly approved by Google.
      15. record, collect, use, or store any information or data from a query or result, including without limitation any audio data, or metadata related to any queries, received as a result of an end user's use of, or authentication with, the Google Assistant, if the Client or Your Services use, are integrated with or distribute Google Assistant.
      16. implement functionality that transmits any Customer Data collected by You when reporting updates to Google during request sync or report state as described in the Device Access Developer Materials.
    4. Approval, Audit and Suspension/Termination.
      1. Approval. Your Client must be submitted to Google for approval prior to distribution and use by end users at https://developers.google.com/nest/device-access/project/apply. As part of the approval process, Google will require you to submit certain proposed marketing assets to https://support.google.com/contact/partner_brand_approval as well as technical information, and Google may require you to provide products or other hardware needed to test the Client.
      2. Audit. Google reserves the right to audit any Client for compliance with these Terms. You consent to those audits which may include Google accessing and using your Client, for example to identify stability or security issues that could affect Google or its customers. You will cooperate if Google or its partners seek to gather information about you or Your Services to verify identity, to confirm compliance with requirements, for quality assurance purposes, or as required to use the SDM API.
      3. Suspension and Termination. In addition to any rights Google has under Google APIs Terms of Service, Google may immediately suspend or terminate access to the SDM API or other Device Access Developer Materials by you or your Client without notice if we determine, in our discretion, that you are causing stability or security issues or are otherwise in violation of these Terms. Google's audit right in this Section 3.4 survives the termination of the Terms.
    5. Security.

      In addition to any other requirements in the Terms, you agree to the following:

      As a condition to accessing Device Access Developer Materials, you must comply with Google security assessment requirements including security audits specified by Google from time to time. In addition, you must comply with any annual security assessment requirements specified by Google (including assessments by third parties designated by Google) in order to maintain your access to SDM API.

      In the event you suspect that your systems or infrastructure that are used for storage, processing or hosting Customer Data have been breached or compromised, or if Customer Data is exposed to non-authorized third parties, you will notify Google promptly of the breach or exposure and provide all available information, including root cause analysis, remediation steps and compensating controls to ensure such a breach does not occur in the future.

      You are responsible for providing customer notification under the state or applicable jurisdiction breach notification statutes or laws globally and any other applicable privacy laws and you will bear the costs incurred by you and Google resulting from your breach or exposure.

      You acknowledge that in addition to your obligations related to Customer Data you are solely responsible for any personal injury or property damage arising from or relating to your use of any Device Access Developer Materials or any authorized or unauthorized use of your Client.

    6. Privacy and PII.
      1. For any Customer Data or other information from end users of your Client, you must provide adequate and accurate notice, compliant with all applicable laws, of what Customer Data and other information you collect and how it will be used, shared, and/or retained, and you must obtain any necessary consents for any processing with respect to this data. You will facilitate the exercise of all user rights to access, port, or delete Customer Data in compliance with applicable laws.
      2. Customer Data obtained from Google cannot be used for any purpose beyond the specific permissions granted by the user, including transferred to a data broker, advertiser or advertising network, or sold, even if disclosed in your privacy policy. If a user requests of you or Google to have any Customer Data removed or deleted, or performs an action on a Google product or service that reflects this intent, you agree to promptly honor the user's or Google's request and to remove or delete that Customer Data from your servers and other assets, including back-ups, to satisfy applicable legal requirements and applicable laws.
      3. You are solely responsible for your access, use, processing, and disclosure (to service providers only as permitted below) of Customer Data and, to the extent your processing of Customer Data is subject to European data protection laws, you will act as and be considered the sole data controller with respect to your and your Client's processing of Customer Data.
      4. You must provide notice and obtain applicable consents from your users before you give or share with us any information that you independently collected from them in compliance with all applicable laws.
      5. You must provide meaningful customer support for Your Service and make it easy for people to contact you with complaints or inquiries.
      6. You must place a "Limited Use" snippet on Your Service's app or homepage, or on a page one click away from Your Service's homepage, that states your Service will comply with the Google API Services: User Data Policy at https://developers.google.com/terms/api-services-user-data-policy, including the Limited Use requirements. The snippet must be visible to all users and must be under 500 characters.
    7. Data Use.

      You will not disclose any Customer Data to any third party except to those third-party service providers (where applicable, processors and/or subprocessors) that provide administrative services on your behalf in connection with your Client and that are obligated to maintain and use Customer Data only for your own benefit, under reasonable confidentiality terms, and otherwise in accordance with all applicable laws, and subject to contractual obligations that are at least as protective as our terms and policies to: (a) protect any Customer Data you obtained from us, (b) limit their use of that Customer Data solely to using it on your behalf to provide services to you and not for their own purposes or any other purposes, and (c) keep the Customer Data secure and confidential. You must ensure they comply with our terms and policies and are responsible for their non-compliance. Your Client may use Customer Data only as required for use and access to your Client by the end user to whom such Customer Data relates. You will not use or disclose any information derived directly or indirectly from the Customer Data for any purpose other than as set forth above. Without limiting the generality of the foregoing, you will not use any part of the Customer Data to create a database separate from your Client or transmit all or part of the Customer Data to any third party for any use separate from your Client. Any use of Customer Data other than as expressly permitted by these Terms is strictly prohibited.

    8. EU-U.S. Privacy Shield and Swiss-US Privacy Shield. If you access, use, or process personal information made available by Google that directly or indirectly identifies an individual and that originated in the European Union or Switzerland ("EU Personal Information"), then you must:
      • comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules;
      • access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates;
      • implement appropriate organizational and technical measures to protect EU Personal Information against loss, misuse, unauthorized or unlawful access, disclosure, alteration, and destruction; and
      • provide the same level of protection as is required by the Privacy Shield Principles.

      You must monitor your compliance with these conditions on a regular basis. If, at any time, you cannot meet these conditions (or if there is a significant risk that you will not be able to meet them), you must immediately notify us in writing and immediately either stop processing EU Personal Information or take reasonable and appropriate steps to restore an adequate level of protection.

    9. Google User Consent. In addition to any other requirements set forth in these Terms, in order for you to have access to any Google Nest Devices owned by Google users or to obtain access to any Customer Data from such devices using the SDM API, you must include Google user consents in a form approved by Google as well as the Google Terms of Service (https://policies.google.com/terms) and Privacy Policy (https://policies.google.com/privacy) in your app that uses the SDM API that accesses the applicable Google Nest Devices.
    10. Ownership and License.
      1. Your Content. You represent and warrant that you have the necessary rights to provide Your Content and to grant all necessary licenses.
      2. Device Access Developer Materials and Customer Data. By using the Device Access Developer Materials, you do not acquire ownership of any rights in any of the Device Access Developer Materials, or any data, content, or information that is transmitted or accessed through the SDM API, including any Customer Data.
      3. Updates to the SDM API. We reserve the right to modify or update any or all of the Device Access Developer Materials at any time, for any reason, and without notice to you, though we will try to provide as much prior notice as possible. If Google makes updates, revisions, breaking changes, or in any way modifies the Device Access Developer Materials, you agree to make changes to your Client to ensure continued service for your end users. We may add or remove functionalities or features at our discretion, and we do not guarantee that your Client will function with any future or modified versions of any Device Access Developer Materials. Clients that are not updated in response to changes in the Device Access Developer Materials must be taken down immediately and you agree to provide notice to end users of the takedown.
      4. Content Upload. The SDM API may allow the upload of Your Content. You give Google a perpetual, irrevocable, worldwide, sublicensable, royalty-free, and non-exclusive license to Use Your Content. "Use" means use, host, store, modify, communicate, and publish. This license enables Google to provide, secure, promote, and improve the Device Access Developer Materials and Google products and services in accordance with Google privacy policies. Before you submit Your Content to the SDM API through your Client, you will ensure that you have the necessary rights (including the necessary rights from your end users) to grant us this license.
    11. Additional Restrictions on Use of Brand Features for Marketing Use. Google must provide prior written approval of any promotions, reports or marketing of Google Brand Features, or the Device Access Developer Materials. "Brand Features" are defined as the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party.
    12. Your Obligations Post-Termination. Upon termination or expiration of this Agreement for any reason, you immediately will stop collecting any information from users and will delete all information (including Customer Data) obtained via the Device Access Developer Materials according to Google specified wipeout protocols within 10 days. Upon Google's request, you will immediately provide Google with written confirmation that all Customer Data has been deleted and communicate to end users that your Client is no longer available.
    13. Independent Development. Provided there is no infringement of your intellectual property rights, these Terms do not impair the rights of Google or its subsidiaries and affiliates to develop, manufacture, purchase, use or market, directly or indirectly, alone or with others, products or services competitive with those offered by you.
  4. Your Services.
    1. Authorization to Use Your Services and Collect, Use and Store Data. To integrate with the SDM API, you authorize Google and its affiliates to:
      1. collect, use and store certain data provided by you as part of using the SDM API services, including enterprise partner account setup and configuration information and API usage related information for authentication, authorization, logging, and debugging purposes, of you and Your Services to call the SDM API;
      2. and

      3. use and disclose information relating to Your Services, including to:
        1. meet any applicable legal obligation, including enforceable government requests;
        2. enforce the Terms and investigate potential violations;
        3. detect, prevent, review or otherwise debug, troubleshoot, or address abuse, fraud, security, or technical issues; or
        4. protect against harm to the rights, property, or safety of Google, our users, or the public as required or permitted by law.
    2. Google's Collection and Use of Specific Data.
      1. Setup and Usage Data. You agree to and give permission to the collection by Google of data you provide or make available to use the SDM API, or data generated from your usage of the SDM API, including the following (collectively, "Company Data"):
        1. Company name and other company information
        2. Admin User email Addresses
        3. Oauth Client ID
        4. Developer documentation email addresses
        5. Partner preference settings
        6. API usage, customer configurations, and device information.
        7. User controls, settings and permissions
        8. Other usage including error logs
        9. Technical data such as crash, performance, and related log data
      2. Permitted Uses. You agree and give permission to Google's use of Company Data solely for providing the SDM API services (including access to, authentication, and configuration of your Client and settings), and for improving, debugging and troubleshooting the SDM API services.
    3. Your Responsibilities. You are solely responsible for:
      1. Your Services, including customer service and claims, and communications and reporting among the individuals and entities involved in providing Your Services;
      2. settings and other decisions you make through the SDM API, including those where you were assisted by any Google-provided features; and
      3. your use of SDM API (including your safeguarding of accounts, usernames, and passwords).
  5. Additional Obligations.

    You acknowledge that the Device Access Developer Materials may allow you to control Google Nest Devices and software or gain access to certain information, which may impact the safety of Google customers and end users of Google's products and services. Depending on how you use the Device Access Developer Materials, you could harm persons or damage or destroy Google Nest Devices or the homes and personal property of end users. In using the Device Access Developer Materials, you must take steps to design and test your Clients to ensure that your Clients do not present risks of personal injury or death, property damage, or other losses. You must implement all reasonable security measures in accordance with all applicable laws to ensure that no third party may gain unauthorized access to any Customer Data or Google product and service. You must design your Client so that any failure of any security measure included in your Client, and/or any Google product or service does not cause personal injury, death, property damage, or other losses. If you choose to use the Device Access Developer Materials, you assume all risk that your use of the Device Access Developer Materials causes any damage, harm, injury, or loss, including to the end users of your Client or other Google customers or end users. You agree that you are solely responsible for any damage, harm, injury, or loss arising from or relating to your Client or your use of the Device Access Developer Materials and you agree to defend and indemnify Google and its subsidiaries and affiliates from all such damage, harm, injury, or loss.