⚠ Key Privacy Concerns
On the consumer Gemini Apps, conversations are saved by default and used to improve Gemini and Google's machine-learning technologies, and a subset is sent to human reviewers, which is why the Gemini Apps Privacy Hub warns you not to enter confidential information. The Keep Activity control lets you turn training off and shorten or disable retention, but it is not zero retention: chats with Keep Activity off are still kept for 72 hours, and any chat that was selected for human review can be retained for up to three years separately, even after you delete your activity. Google states Gemini Apps chats are not currently used to show ads, but your Gemini use still sits inside Google's larger account and advertising ecosystem. Automated assessment, as of June 27, 2026.
What Should I Do?
Pick the row that matches you. The settings paths below are current as of the May 2026 policy versions; Google moves menu labels around, so if a label has changed, look for the closest equivalent under Gemini Apps Activity or your Google Account.
👤 Everyday user
- Decide on saving and training: open Gemini Apps Activity at myactivity.google.com and turn Keep Activity off if you do not want chats saved or used to improve Gemini.
- If you keep activity on, shorten retention: the default auto-delete is 18 months; you can change it to 3 months (or 36, or off).
- Understand "off" is not zero: chats with Keep Activity off are still retained for 72 hours, and submitting feedback re-shares the last 24 hours of chats.
- Never paste full names, account numbers, medical details, passwords, or anything you would not want a human reviewer to read.
- For a truly sensitive one-off question, use Gemini while signed out (not tied to your account) or use a temporary chat.
💼 Business / professional user
- Do not run client or regulated data through consumer Gemini on a personal Google account. The default saves chats, a subset goes to human reviewers, and reviewed chats can persist up to three years.
- Use Gemini under a Google Workspace (work or school) account where the enterprise terms and admin controls govern, and confirm with your administrator how Gemini is configured.
- Get and keep the applicable Workspace data-protection terms or DPA before sending any third-party or personal data.
- Map Connected Apps and the Gemini in Chrome integration: connectors can receive conversation context, and Chrome can read the page content and URL of your current tab. Disable what you do not need.
- If you are a lawyer, accountant, or clinician, treat consumer Gemini as a public channel for confidentiality purposes until enterprise terms are in place.
⚠ Already affected
- Document everything now: screenshots, dates, the exact data involved, and any Google emails. You cannot demand what you cannot describe.
- Delete what you can in Gemini Apps Activity and keep proof, then file a formal access or deletion request through Google's privacy tools and keep the confirmation.
- Know the hard limits: deleting activity does not delete chats already selected for human review (retained up to three years), and deletion does not pull data out of a model already trained on it.
- If you believe your data was exposed, or that a rights request was ignored, a written demand letter is often the next lever.
- For a California resident, the CCPA/CPRA framework gives access, deletion, and limit-use rights, and a private right of action for certain breaches.
⚠ The 3-year reality
"I deleted it" does not always mean "it is gone." The Gemini Apps Privacy Hub states that chats reviewed by human reviewers are not deleted when you delete your activity and are retained for up to three years (disconnected from your account). Your ordinary chats follow your Keep Activity auto-delete schedule, but a chat that happened to be selected for review can outlive your deletion by years. Plan as if anything sensitive you typed could be read by a person and kept for a long time.
Want the formal-demand route? See my AI training-data-use demand letter templates and CCPA/CPRA privacy-rights demand letters.
Data They Collect
Everything Google gathers through Gemini and combines across its services.
What they collect: Your Gemini Apps conversations (text, and for Gemini Live, recordings and transcripts), plus related signals like your language, device type, location info, and feedback. The Google Privacy Policy states Google may use information it collects across its services and devices, so Gemini activity sits alongside the rest of your Google account data.
Who the policy says can get your data: the Privacy Policy describes providing personal information to affiliates and other trusted businesses to process it for Google based on its instructions, sharing for legal reasons, and (for Gemini specifically) trained reviewers at service providers, with chats disconnected from your account before being sent. Connected Apps and the Gemini in Chrome feature add further data flows.
How long: With Keep Activity on, the default auto-delete is 18 months (changeable to 3 or 36 months, or off). With Keep Activity off, chats are still kept for 72 hours. The hardest item: chats selected for human review are retained for up to three years and are not deleted when you delete your activity. And once data has shaped a model, that influence is not cleanly reversible.
Your control: Real controls exist (Keep Activity on/off, auto-delete period, delete individual activity, signed-out use), but they are spread across Google's dashboards, and turning off Keep Activity still leaves a 72-hour window and a feedback exception. There is no consumer control that removes already-reviewed chats before the three-year period ends.
Security: Google's infrastructure is mature and well resourced. As with any large platform, the methodology assumes incidents are possible and scores on whether the design limits the blast radius. The concern here is concentration: combining Gemini activity with the rest of a Google profile means a single exposure touches a lot.
Clarity: Understanding what actually happens requires reading the main Google Privacy Policy, the Gemini Apps Privacy Hub, and several help-center articles, with the operative retention and review rules split across them. The cross-referenced structure is a transparency cost, even though the individual statements are reasonably clear once you find them.
Analysis
⚖ The bottom line
Compressed to one line: consumer Gemini reads as acceptable for low-stakes, non-confidential use once you turn Keep Activity off, and a real problem for anyone with a duty of confidentiality who treats it like a private notebook. The 42 score is not a claim that Google is reckless. It flags that the default saves chats, a human may read a subset, and a reviewed chat can outlive your deletion by up to three years, all inside a very large account ecosystem.
Practically: turn Keep Activity off or shorten auto-delete, avoid submitting feedback on sensitive chats, keep names, account numbers, and client data out of the box, and for confidential or regulated data use a properly configured work or school Workspace account, not a personal one. The thing no setting fixes is text that already trained a model or a chat already pulled for review.
Automated methodology assessment, opinion based on the published policy as of June 27, 2026. This is general legal information, not legal advice, and it does not create an attorney-client relationship. Verify the current sources.