This article is for administrators. If you're a user, go to the Meet help center. For details about security for Education editions, go to Meet security and privacy for education.
Protect your organization’s data and privacy with Google Meet's built-in features.
Protect privacy & data
Privacy & complianceGoogle helps protect your privacy by keeping you in control, and by maintaining and evolving security features. Google also complies with data protection laws and other industry standards.
- Control over your data—Meet adheres to the same privacy commitments and data protections as the rest of Google Cloud’s services.
- Customers own their data, not Google.
- Google does not use customer data for advertising or sell customer data to third parties.
- Customer data is encrypted in transit.
- Customer recordings stored in Google Drive are encrypted at rest.
- Meet does not have user attention-tracking features or software.
- You can set retention policies for Meet recordings with Google Vault to help fulfill legal obligations.
- Google does not store video, audio, or chat data unless a meeting participant initiates a recording during the Meet session.
For more details, go to the Privacy Resource Center.
- Compliance—Our products, including Meet, regularly undergo independent verification of their security, privacy, and compliance controls. For more details, go to the Compliance resource center.
- Transparency—Google responds to government requests for customer data. Google also discloses information about the number and type of requests we receive from governments through the Google Transparency Report. For more details, go to:
-
Smart features and personalization—You choose whether Google uses your data to make Google products better. Users can make different choices for their meetings. For more details, go to:
Meet keeps your information safe by encrypting it. This means your data is scrambled so that only people with the right key can read it. Meet supports these encryption measures:
- All data is encrypted while it travels over the internet.
- When you use your phone for audio in a meeting, your call might not be encrypted. This is because your audio goes over your phone company's network, and they might not encrypt it.
- Meet recordings stored in Google Drive are encrypted.
- Meet follows Internet Engineering Task Force (IETF) security standards for Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). Learn more about the DTLS extension to establish keys for SRTP.
Advanced encryption
- Meet encrypts your data to keep it private. You can add an extra layer of encryption with Google Workspace client-side encryption (CSE).
- CSE uses your organization's encryption keys. Meet video and audio is encrypted on the client’s browser before the data is sent to other meeting participants or to Google.
- To use CSE, connect Google Workspace to an external encryption key service and identity provider (IdP). For more details, go to Use client-side encryption for users' data.
Keep your users safe in meetings with Meet. Here are some of the key anti-abuse measures we have in place:
- Meeting codes—Each meeting code is 10 characters long. With 25 characters in the set, it's very hard to guess a meeting code.
- In-meeting features—Give your users more control in meetings by turning on host management. For details, go to Host Management.
- Extra precautions for external participants—External participants can only join a meeting without asking to join if:
- They’re on the calendar invite before the meeting starts or they've been invited by someone in your organization who is already in the meeting.
- It's within 15 minutes of the scheduled start time for the meeting.
- Dialing in by phone—Phone numbers and PINs are only valid during the scheduled meeting time. PINs are generally 9 digits or more. Phone participants can only join within 15 minutes of the scheduled meeting time.
Advanced anti-abuse measures
If the meeting has Google Workspace client-side encryption (CSE):
- External participants must have an invitation to request to join the meeting.
- Nobody can join using phones.
If the meeting doesn’t have CSE, any external participants can request to join the meeting. Only someone in your organization can accept the request.
Secure access to Meet to help ensure meeting safety for your users. Meet takes precautions to help secure your access:
- Accessing Meet—Meet works entirely in the browser for users on Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge browsers. You don't have to install any plugins or software. You don’t have to push out any security patches for Meet on end-user machines. On mobile devices, we recommend the Google Meet app from Google Play (Android) or the Apple App Store (iOS). For more details, go to Requirements for using Google Meet.
- 2-Step Verification—We support multiple 2-step verification options for Meet. This includes security keys, one-time passwords and prompts, and SMS text messages. Learn how to Set up 2-Step Verification.
- Advanced Protection Program—Enroll in Google’s Advanced Protection Program, which provides the strongest protections available against phishing and account hijacking. Learn more about Google's Advanced Protection Program.
- Additional authentication methods—Single sign-on (SSO) through SAML is available for Meet with all Google Workspace editions.
- Logs—Audit logging for Meet is available in the Google Admin console. For more details, go to Meet log events.
- Track access—Log every time a Google admin accesses Meet recordings stored in Google Drive, along with the reason for access. For more details, go to Access Transparency.
- Recordings—Store Meet recordings in Drive only in specific regions (for example, the U.S. or Europe) using the data regions feature. Regional storage limitations do not apply to video transcodes, processing, indexing, and so on.
Google has strict processes to keep you and your users safe. These processes help us prevent, find, and respond to security incidents. Managing incidents is a big part of how Google keeps things safe and private. Google also follows global privacy rules, like GDPR. For more details, check out the Data incident response process.
Incident prevention
- Testing—Google looks for threats to keep you safe.
- Code reviews—Google reviews code to look for problems.
- Vulnerability reward program—Outside experts help Google find problems.
Incident detection
- Network analysis—Google checks network traffic to find bad activity.
- Product-specific tools and processes—Automated tools detect incidents in Google products.
- Usage anomaly detection—Google uses machine learning to find unsafe activity.
- Data center security alerts—We check data centers for incidents that might affect your org.
Incident response
- Expert response—Experts respond to all types of data incidents.
- Notifications—A process for quickly notifying affected orgs. It's in line with Google’s commitments in our Terms of Service and agreements.
Use these tips to help you create a meeting space your users can trust.
Before a meeting
- Share meeting links carefully, especially in public.
- Be mindful when inviting external attendees.
- Be cautious when anonymous users request to join a meeting.
- Use Google Calendar to send Meet invites. For details, go to Start or schedule a Google Meet meeting.
- Turn on 2-step verification. This helps prevent account takeovers, even if someone has your password. For more details, go to Make your account more secure.
- Take Google’s Security Checkup. It's a tool that gives you personalized recommendations to strengthen the security of your organization’s Google Account. Start your Security Checkup
During a meeting
- Make sure the names and faces on each tile match. Anonymous users get to choose what name they'll use for a meeting.
- If you see bad behavior during a meeting or a user you don't recognize, you can remove them from the meeting. Use Host Management or moderator security controls to do this. For details, go to Add or remove people from a Google Meet meeting.
After a meeting
- If you need to share a meeting screenshot publicly, make sure the URL isn't visible.
Use long IDs
Long IDs are more secure than short meeting IDs and harder to guess. Long IDs are automatically added to calendar events and meeting invites when you create them, and they don't expire.
Use both ID types if you're in transition
Long IDs support calendar integrations and short IDs are helpful if your system is hard to enter long codes into.
To join a meeting with a short ID, users have to enter the ID manually. Calendar events and invites include a link where users can get the short ID. Short IDs expire a few weeks after they're last used.
Report abuse
If you believe that someone is violating the Google Meet acceptable use policies, you can report that abuse.
Related topics
- Understand the basics of privacy in Google Meet
- Google Meet Security & Privacy for users
- Meet security and privacy for education
- Google Workspace security and trust
- Google Cloud Encryption in transit
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
