Chrome browser
Note: Chrome browser services strictly follow Chrome Enterprise’s retention & deletion requirements. Generally, personal data will not be retained for longer than 18 months unless it is necessary for the provision of the service or the security of our users.
| Service | Description | Chrome policy |
|---|---|---|
| Accessibility Image Annotation | Image Annotation allows visually-impaired users to read text in images. | AccessibilityImageLabelsEnabled |
| Accessibility Speech-to-Text |
Speech-to-Text converts speech into text. |
DictationEnabled |
| Accessibility Text-to-Speech |
Text-to-Speech converts text into natural-sounding speech. |
EnhancedNetworkVoicesInSelectToSpeakAllowed |
| Advanced Protection Program |
The Advanced Protection Program is designed to defend Google accounts against targeted online attacks. |
AdvancedProtectionAllowed |
| Alternate Error Page | Alternate Error Page controls whether Chrome browser shows an alternate error page using Google public DNS service to resolve navigation errors. | AlternateErrorPagesEnabled |
| Autofill (excluding payment information) | Autofill helps users fill out forms automatically with saved info, like your addresses. When you enter info in a new form online, Chrome might ask you if you’d like Chrome to save it. | |
| Autofill - Web Payment | Autofill - Web Payment provides users with a solution to sync their payment methods across their Google devices with the same Google account. | AutofillCreditCardEnabled |
| Cast Moderator |
Google cast moderator is a casting solution built specifically for Chrome users in the classroom. As an admin, you can set up a cast moderator for your school to allow teachers and students to share their screen wirelessly to a central display, using a secure access code. |
EnableMediaRouter |
| Chrome Sync |
Chrome Sync saves a user’s bookmarks, history, passwords and other settings to their Google Account, so that they can easily log in to other devices without needing to recalibrate the browser from scratch. |
SyncDisabled |
| Chrome Update |
Update Service Chrome Update ensures that the latest version of Chrome is distributed, with the latest security updates and protections. |
ComponentUpdatesEnabled |
| Chrome Variations |
Update Service Chrome Variations is the framework used to roll out or roll back individual Chrome features, and to ensure they’re working as intended. |
ChromeVariations |
| Crash Reports |
Crash Reports are used by Google to identify and prioritize fixes for Chrome. |
MetricsReportingEnabled |
| Developer tool (Chrome DevTools) |
Chrome DevTools offers users a set of web developer tools built directly into Chrome browser and Android Developer Options on the ChromeOS platform. |
DeveloperToolsAvailability |
| Domain Reliability Verification |
The Domain Reliability Verification feature helps verify that users can reliably request and reach Google domains. |
DomainReliabilityAllowed |
| Enhanced SpellCheck |
Enhanced Spell Check is used in Google Search and sends the text users enter into text boxes on webpages in their browser, to Google, for improved spelling suggestions. |
SpellCheckServiceEnabled |
| Feedback Report |
Feedback Report allows users to provide feedback about a feature or product. |
UserFeedbackAllowed |
| Generative AI |
List of all generative AI features |
Various |
| Password Leak Detection |
Password leak detection provides users with alerts when use of a potentially compromised password is detected. |
PasswordLeakDetectionEnabled |
| Password Manager |
Password Manager supports users by saving and updating credentials, filling credentials into forms, and generating random and unique credentials. |
|
| Permission Suggestions |
Chrome Permissions Suggestions Service (CPSS) is a Chrome browser service that simplifies safe decision making for permission requests. |
MetricsReportingEnabled |
| Phone-as-a-Security-Key |
Phone-as-a-Security-Key (PaaSK) is a form of second factor for Corp Authentication. With PaaSK, Google can turn any compatible iOS and Android device into a Security Key, to help protect your account. |
|
| Safe Browsing |
Safe Browsing helps protect against known phishing, social engineering, malware, unwanted software, malicious ads, intrusive ads, and abusive websites or extensions. |
SafeBrowsingProtectionLevel |
| Safe Sites |
Safe Sites uses the Safe Search API to inspect URLs for explicit content and prevent access by unauthorized users. |
SafeSitesFilterBehavior |
| Search Suggest |
Search Suggest provides query completion predictions while the user is typing in a Google Search box. |
SearchSuggestEnabled |
| Translate |
Allows the translation of web pages from one language to another. |
TranslateEnabled |
| URL-Keyed Pseudonymous Metrics |
For users who have it enabled, URL-Keyed Pseudonymous Metrics (UKM) sends metrics tied to URLs to Google, to improve searches and browsing. UKM data is only collected from users who have both (i) enabled metrics collection, and (ii) enabled the Make searches and browsing better setting. |
UrlKeyedAnonymizedDataCollectionEnabled |
| User Metrics |
User Metrics sends usage statistics to Google, to ensure features and services are improved and working as intended. |
MetricsReportingEnabled |
| Web Push Messaging |
Web Push Messaging permits web pages to be sent push messages or notifications if a user has allowed Chrome notifications. |
DefaultNotificationSetting |
| WebRTC reporting |
WebRTC (Web Real-time Communication) is an open source protocol that provides browsers and mobile applications with Real-Time Communications capabilities via simple APIs. |
WebRtcEventLogCollectionAllowed |
Chrome Enterprise via Google Admin console
All personal data is processed with respect to our Chrome Enterprise Data Protection Commitments, unless otherwise stated in your enterprise contract.
Note: Chrome Enterprise services available via the Admin Console strictly follow Chrome Enterprise’s retention & deletion requirements. Generally, personal data will not be retained for longer than 18 months unless it is necessary for the provision of the service or the security of our users. For more details, regarding the retention of audit, investigation, and security logs and reports available via the Admin console, please see the Reports & Logs Collected table below for their retention.
Data Types Collected
| Type of data | Data included |
|---|---|
| Browser | Browser ID, browser version, browser state, and other metrics related to function, performance, security, and usage of the browser |
| Device | Device ID or serial number, device type (for example, OS, model), device status, and other metrics related to function, performance, security, and usage of the device |
| Extension | Extension ID, extension status, and other metrics related to function, performance, security, and usage of extensions |
| Location | Regional information and IP address |
| Management Console | Settings and configurations for browser and user management |
| Performance | Metrics for how Chrome Enterprise and its features are performing |
| User | User ID, user type, account details (for example, email address, age, name), and account status |
| User created/submitted |
Custom attributes for settings and configurations Files uploaded for scanning (Requires Chrome Enterprise Premium) |
| User Usage | Admins’ usage of Admin console or users usage of Chrome recorded for audit, investigation, security logs and reports. |
Reports & Logs Collected
| Service | Description | Retention |
|---|---|---|
| Access Transparency log events data (Requires Chrome Enterprise Premium) | A record of actions of Google staff when they access your data. Generally including data such as affected resource and action, time of action, reason for action (for example, case number associated with a customer support request), Google staff member details (for example, office location) | 6 months |
| Accounts report(Requires Google Identity) | Consolidated view of user status and account activity. Provides details such as users' account status, 2-Step Verification status, and password strength. | 6 months |
| Admin log events data | A record of actions performed in your Admin console, such as when an administrator added a user or turned on a Google Workspace service. | 6 months |
| Admin Data Action log events data | A record of actions performed in the Admin console such as when an administrator accessed, removed, and restored sensitive data from any events. | 6 months |
| Chrome apps and extension usage report | Details about apps and extensions that are installed on users’ enrolled Chrome browsers and ChromeOS devices. | 12 months |
| Chrome log events data | A record of actions to track events related to managed Chrome browsers and ChromeOS devices. You can also see when there has been an unsafe site visit. | 6 months |
| Chrome version report | Versions of Chrome browser running on devices in your organization | 12 months |
| Context-aware access log events data (Requires Chrome Enterprise Premium) | A record of actions to troubleshoot when a user is denied access to an app. | 6 months |
| Devices log events data | A record of actions on computers and mobile devices that are used to access your organization's data. For example, you can see when a user added their account to a device or if a device’s password doesn’t follow your password policy. You can also set an alert to be notified when an activity occurs. | 6 months |
| OAuth Token log events data (Requires Google Identity) |
A record of actions to review which users are using which third-party web applications in your domain. The log also records each time a third-party application is authorized to access Google Account data. |
6 months |
| Rules log events data (Requires Chrome Enterprise Premium) |
A record of actions to review your user’s attempts to share sensitive data. You can also review events triggered by data loss prevention (DLP) rule violation events. Entries usually appear within an hour of the user action. The Rule log events also list data types for Chrome Enterprise Premium threat and data protection. |
6 months |
| SAML log events data | A record of actions to track your users' successful and unsuccessful sign-ins to SAML applications | 6 months |
| Security reports - Users (Requires Google Identity) | Monitor your users' exposure to data compromise using this comprehensive view of how they share and access data and whether they take appropriate security precautions. You can review who installs external apps, shares numerous files, skips 2-Step Verification, and uses security keys. | 6 months |
| Security reports - Devices (Requires device to be under advanced data management) | View details of compromised device events (for example, device IDs, device owners, and timestamps) during a specified time range. | 6 months |
| Users (Requires Google Identity) | You can view and investigate live-state data about users in your organization. For example, whether or not a user is enrolled in 2-Step Verification, whether or not 2-Step Verification is enforced for the user's organization, the ID of a suspended user, and more. | 6 months |
| User log events data (previously named Login audit log) (Requires Google Identity) | You can check critical actions carried out by users on their own accounts. These actions include changes to passwords, account recovery details (telephone numbers, email addresses), and 2-Step Verification enrollment. | 6 months |