Privacy Policy for Google Sign-In

Last updated on 18 January 2021 by Sara Pegarella (Law school graduate, B.A. in English/Writing. In-house writer at TermsFeed)

Privacy Policy for Google Sign-In

The Google Sign-in functionality lets people who have Google accounts use their accounts to sign in to other websites that have integrated this functionality.

It's similar in concept to Facebook Connect, Twitter Sign In, and others that allow you to use one main account to sign in to multiple different websites, apps and platforms.

Rather than registering individually for all of the websites or apps that a user regularly uses, most websites now conveniently allow users to simply sign in with an account that's already created, such as a Google, Twitter or Facebook account.

Button examples of Sign in with Facebook, Twitter, Google

For example, Wave provides a "Sign In with Google" button on its login page:

Wave: Sign In With Google

When a user clicks that button, a screen will open that shows what information from the user's Google account that Wave would like to access.

In this case, Wave will view the user's email address and basic profile info. The user must click Allow to allow Wave to use this information from Google to log into Wave.

Google permissions - Wave would like to

Requirements from Google

Logo of Google

If you have a website or mobile app that is being developed to communicate with or integrate with Google services, such as a website or mobile app that supports Google logins, you must follow the requirements of:

Google Platform Developer Policy

This Policy from Google requires that a Privacy Policy is provided to users, that it's adhered to, and that it's not changed without letting your users know in advance.

Google Developer Policy: Must have Privacy Policy

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.
  2. TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  3. Answer some questions about your website or app.
  4. TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  5. Answer some questions about your business.
  6. TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  7. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.

There are also rules for when the "Google Sign In" can be used:

  1. The "Google Sign In" option should be as conspicuously and prominently placed as any other third-party login options you allow. Note how Padlet provides equally-sized and shaped buttons for both Facebook and Google to satisfy this requirement.

  2. Padlet: Log in with Google

  3. You must make it easy for your users to know when they are connected to your website or mobile app through their Google accounts and easily know which account is connected, and
  4. Disconnecting and signing their Google accounts out of your app must be reasonably easy to do.When logged into Padlet via Google, the top right corner shows the name of your Google account, and clicking on your name or the arrow to the right of it gives you an option to log out.

  5. Padlet: Logout is easy

The same Google Developer Policy requires that the Google Buttons Policy be adhered to if the Google sign in buttons is used.

Google Buttons Policy

This Policy includes rules and guidelines for when Google buttons are used, including the sign-in button.

Google Buttons Policy: Highlight the Sign-In Button sections

There are 8 paragraphs in this Policy that spell out what you must do, may do, and cannot do when it comes to your use of a Google button, including the following main point:

You must clearly disclose what data will be collected shared and used by your website or app when a user uses a Google button.

Padlet clearly discloses that it will be collecting an email address and basic profile info when a user clicks the Google button:

Padlet and its Google permissions: View the email address and the basic info

Google's EU User Consent Policy

Google's policies also require you to comply with the "EU User Consent" Policy if the Google sign in button is used.

Screenshot from Google

This short Policy has 2 main requirements that must be met if your website/mobile app has users from the EU and you the Google sign-in functionality within that website/mobile app:

  1. Any information that you collect, share and use the Google sign-in feature must be clearly disclosed to your users, and you must obtain consent for this collecting, sharing and using, andUse a Privacy Policy for this.
  2. If you use cookies in connection with the Google sign-in feature, you must make reasonable efforts to make sure that users are informed of this, and that they consent to this.Information regarding cookies usage can typically be found within a Privacy Policy agreement, or a separate Cookies Policy.Use a Cookies Policy for this requirement.

Padlet obtains consent by requiring users to click Allow to show they consent.

Padlet and their Google permissions: You agree to, click Allow

Examples

Here are a few additional examples of websites and mobile apps that are using the Google Sign In feature and how they're doing it.

Logo of Slides

Slides provides an option for signing in with Google. Note how the button is the same size as the Facebook log-in button, and is placed close to it so that it remains prominent:

Screenshot of Slides: Log in with Google

Users are informed that Slides will collect an email address and basic profile info when they click to log in with Google. A user must click Allow to complete the login-with-Google process:

Slides and Google Permissions: You must click Allow

Logo of Khan Academy

Khan Academy places the Google Sign-In button at the top of its login page.

Its Privacy Policy is placed underneath the log-in section with a statement that says, "By logging in, you agree to our Terms of Service and Privacy Policy.":

Khan Academy Login Page with Login with Google and links to its Privacy Policy

Khan Academy's Privacy Policy includes a section titled How we collect and use data that includes a sub-section for Information from Integrated Services like Facebook or Google.

This sub-section lets users know that if a user registers through one of these services (Facebook or Google), Khan may collect personal information that the user had already given to the other service:

Khan Academy Privacy Policy: Information from Facebook and Google

Logo of Basecamp

Basecamp uses a colorful Google button for signing up through a Google account.

Screenshot of Login page from Basecamp

Basecamp's information on its legal agreements is listed and linked at the bottom of the page in the website footer:

Basecamp footer on its website: The link to its policies

Clicking on the link takes users to a list of policies, terms and other legal stuff. The Privacy Policy of Basecamp is in this list.

Basecamp List of Policies: The Privacy Policy is here

Basecamp's Privacy Policy doesn't specifically mention Google Sign-in functionality but says that when a user signs up for Basecamp, a name, company name and email address will be asked for.

While a user can assume that this is the information that Basecamp collects from the user's Google account, Basecamp would benefit from being more specific and mentioning the Google sign-in functionality, and so would your website or mobile app policy.

Basecamp Identity and Access clause

If a user is signing-up for an account, Basecamp informs the user that certain information will be collected through Google, including who the user is on Google, an email address, and basic profile info:

Basecamp and Google Permissions dialog window

Logo of Wave

Wave doesn't provide a Privacy Policy link on its sign in page where the "Sign In with Google" button is located:

Screenshot of Wave Sign-in page

However, on its sign-up page where users can first register for a Wave account, the Privacy Policy page is linked and users are informed that by signing up, consent to its Terms of Use and its Privacy Policy.

This ensures that a user, at least, has access to Wave's Privacy Policy the first time the accesses Wave.

Wave Sign-up page: Highlight the Read and Agree to Legal Pages

Towards the end of its Privacy Policy, there's a section titled "Additional Features" where third-party logins, such as through Google, is mentioned. The statement informs users that logging in via Google and Yahoo is available, and a basic overview of how this feature works is provided:

Wave Privacy Policy: You can login via SSO Services, such as Google or YahoO!

A few paragraphs down in its agreement, Wave lets users know that some functionality of the website is highly dependent upon APIs from third parties, such as Google, and that personal information may be collected from these third parties to the extent that the user authorizes Wave to collect that information.

Wave Privacy Policy: Its dependent upon API Authorization

Logo of Full Contact

Full Contact gives users the option to create an account directly, or sign up with Google. The Privacy Policy is linked slightly below this section.

Screenshot of Sign-up Page of Full Contact

In its Privacy Policy, the only mention of personal data collected while creating an account is in the Information You Provide to Us section that states:

"We may collect Personal Data from you, such as your first and last name, gender, e-mail and mailing address, professional title, company name and password when you create an account."

There's no direct mention of taking this information from Google.

Full Contact Privacy Policy: Information you provide to us

Logo of PowToon

PowToon places the Google sign-in button first in a list of three across the top of the login page:

Powtoon: Screenshot of Log in page

Similarly to Wave, the Privacy Policy of PowToon isn't listed on this page. However, it's also not listed on the Sign up page. The Terms of Use page is linked here, but no Privacy Policy.

Screenshot of PowToon Sign-up Page: I hereby agree to Terms of Use

While the PowToon's Privacy Policy is mentioned in the Terms of Use, it's not linked to that agreement.

I had to do a web search to find the actual PowToon's Privacy Policy. The only mention within the Privacy Policy of information collected during sign-up is in the very first sentence that says:

"When buying a PowToon subscription or signing up for a free account, we request information such as your name, email address, home address, credit card information (should you purchase an account) and profession. Of course, you may also visit our site anonymously."

It looks like this:

Screenshot from PowToon Privacy Policy

This Privacy Policy should - at minimum - be made available to users on the sign-up page, which has not been done here.

Logo of Dailymotion

Dailymotion's sign-in page has an option where users can choose whether they want to create a Dailymotion account, or if they already have an account. Both of these options provide the ability to sign in with Google.

Screenshot of Dailymotion sign-in page

The Privacy Policy of DailyMotion can be found in the footer of the website under the "Legal" category.

Dailymotion website footer

Dailymotion mentions personal information collected during registration for an account in its Data Collected section which states:

"We collect and subsequently process the Data that you voluntarily provide on the registration form on the Website including your user ID, a valid email address, and your date of birth."

There's no mention of data that isn't provided on the registration form on the website, such as data that would be provided if a user chose to sign up through Google.

The Data Collected clause from DailyMotion Privacy Policy

If you choose to allow your users to sign into your website or mobile app via a Google sign in button, you may need to do each of the following to be fully compliant:

  • Have a Privacy Policy that you adhere to and don't update without informing your users
  • Let users know what personal information you will be collecting from them and how you will be using this information (Include this information in your Privacy Policy)
  • Obtain consent from users to collect and use this information (the Allow button constitutes consent when you let users know that by clicking Allow, they're agreeing to your Terms)
  • Give users a way to change or revoke this consent
  • Comply with all requirements outlined in the Google Platform Developer Policy, the Google Buttons Policy, and the EU User Consent Policy

Create Privacy Policy, Terms & Conditions and other legal agreements in a few minutes. Free to use, free to download.

Get started today ⇢

Sara Pegarella

Sara Pegarella

Law school graduate, B.A. in English/Writing. In-house writer at TermsFeed

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.