Service Specific Terms
Last modified: April 12, 2022
These Service Specific Terms are incorporated into the agreement under which Google has agreed to provide Google Cloud Platform (as described at https://cloud.google.com/terms/services) to Customer (the “Agreement”). If the Agreement authorizes the resale or supply of Google Cloud Platform under a Google Cloud partner or reseller program, then all references to Customer in the Service Specific Terms mean Partner or Reseller (as applicable), and all references to Customer Data in the Service Specific Terms mean Partner Data. Capitalized terms used but not defined in the Service Specific Terms have the meaning given to them in the Agreement.
General Service Terms
1. Data Location. Customer may configure the Services listed at https://cloud.google.com/terms/data-residency to store Customer Data in a specific Region or Multi-Region as detailed in the Cloud Locations Page, and Google will store that Customer Data at rest only in the selected Region or Multi-Region. The Services do not limit the locations from which Customer or Customer End Users may access Customer Data or to which they may move Customer Data. For clarity, Customer Data does not include resource identifiers, attributes, or other data labels.
2. Operations of Communications Services. Notwithstanding any telecommunications restrictions in the Agreement, Customer may use the Services for hosting capacity in connection with Customer’s provision of telecommunications services to Customer End Users if (a) Customer obtains, maintains, and complies with all necessary regulatory licenses, registrations or other applicable requirements relating to such telecommunications services, and (b) Customer does not use or resell the Services to provide telecommunications connectivity, including for virtual private network services, network transport, or voice or data transmission.
3. General Software Terms. The following terms apply to all Software:
a. License. Google grants Customer a royalty-free (unless otherwise stated by Google), non-exclusive, non-sublicensable, non-transferable license during the Term to reproduce and use the Software ordered by Customer on systems owned, operated, or managed by or on behalf of Customer in accordance with (i) the Agreement, and (ii) if applicable, the Scope of Use. Customer may authorize its and its Affiliates' employees, agents, and subcontractors (collectively, “Software Users”) to use the Software in accordance with this section (License), so long as Customer remains responsible. Customer may make a reasonable number of copies of the Software for back-up and archival purposes. For clarity, Software does not constitute Services.
b. Documentation. Google may provide Documentation describing the appropriate operation of the Software, including a description of how Software is properly used, and whether and how the Software collects and processes data. Customer will comply with any restrictions in the Documentation regarding Software use.
c. Compliance With Scope of Use. Within 30 days of Google’s reasonable written request, Customer will provide a sufficiently detailed written report describing its usage in accordance with the applicable Scope of Use of each Software product used by Customer and its Software Users during the requested period. If requested, Customer will provide reasonable assistance and access to information to verify the accuracy of Customer’s Software usage report(s).
d. Other Warranties and Compliance. Each party represents and warrants that it will comply with all laws and regulations applicable to its provision or use of the Software, as applicable. Customer will: (i) ensure that Customer and its Software Users' use of the Software complies with the Agreement and the restrictions in the Agreement applying to Customer's use of the Services; (ii) use commercially reasonable efforts to prevent and terminate any unauthorized access to or use of the Software; and (iii) promptly notify Google of any unauthorized access to or use of the Software of which Customer becomes aware. If the Software contains open source or third-party components, those components may be subject to separate license agreements, which Google will make available to Customer. Customer is solely responsible for complying with the terms of any third-party sources from which Customer elects to migrate its workloads onto the Services, and represents and warrants that such third-party sources permit the use of Software to migrate applications away from such sources. If the Agreement terminates or expires, then Customer will stop using all Software and delete it from Customer's systems.
4. Premium Software Terms. The following terms apply only to Premium Software:
a. Introduction. Google makes certain Software available under the Agreement described as “Premium Software” at https://cloud.google.com/terms/services(“Premium Software”). Customer will pay applicable Fees for any Premium Software it obtains as described at the Fees URL. Premium Software is Google’s Confidential Information.
b. Software Warranty. Google warrants to Customer that for one year from its delivery, Premium Software will perform in material conformance with the applicable Documentation. This warranty will not apply if (i) Customer does not notify Google of the non-conformity within 30 days after Customer first discovers it, (ii) Customer modifies Premium Software or uses it in violation of the Agreement, or (iii) the non-conformity is caused by any third-party hardware, software, services, or other offerings or materials, in each case not provided by Google.
If Google breaches this warranty, then Google will, in its discretion, repair or replace the impacted Premium Software at no additional charge. If Google does not believe that repairing or replacing would be commercially reasonable, then Google will notify Customer and (A) Customer will immediately cease use of the impacted Premium Software and (B) Google will refund or credit any prepaid amounts for the impacted Premium Software and Customer will be relieved of any then-current commitment to pay for future use of the impacted Premium Software. Without limiting the parties’ termination rights, this section (Software Warranty) states Customer’s sole remedy for Google’s breach of the warranty in this section (Software Warranty).
c. Software Indemnification. Google’s indemnity obligations under the Agreement with respect to allegations of infringement of third-party Intellectual Property Rights apply to Premium Software, and Customer’s indemnity obligations under the Agreement with respect to Customer’s use of the Services apply to Customer’s use of Premium Software. In addition to any other indemnity exclusions in the Agreement, Google’s indemnity obligations will not apply to the extent the underlying allegation arises from modifications to Premium Software not made by Google or use of versions of Premium Software that are no longer supported by Google.
d. Technical Support. Unless otherwise specified by Google, Google will make TSS available for Premium Software for an additional charge, in accordance with the TSS Guidelines.
e. Compliance. Premium Software may transmit to Google metering information reasonably necessary to verify that use of the Premium Software complies with the Scope of Use, as described in the applicable Documentation. Customer will not disable or interfere with the transmission of such metering information.
f. Updates and Maintenance. During the Term, Google will make available to Customer copies of all current versions, updates, and upgrades of Premium Software, promptly upon general availability, as described in the Documentation. Unless otherwise stated in the Documentation for the applicable component of Premium Software, Google will maintain the current release of Premium Software and the two versions immediately preceding the current release, including by providing reasonable bug fixes and security patches. Maintenance for any Premium Software may be discontinued with one year’s notice from Google, except Google may eliminate maintenance for a version and require upgrading to a maintained version to address a material security risk or when reasonably necessary to avoid an infringement claim or comply with applicable law.
5. Pre-GA Offerings Terms. Google may make available to Customer pre-general availability Google Cloud Platform features, services or software that are either not yet listed at https://cloud.google.com/terms/services or identified as “Early Access,” “Alpha,” “Beta,” “Preview,” “Experimental,” or a similar designation in related documentation or materials (collectively, “Pre-GA Offerings”). While Pre-GA Offerings are not Services or Software, Customer’s use of Pre-GA Offerings is subject to the terms of the Agreement applicable to Services (or Software, if applicable), as amended by this Section 5.
Customer may provide feedback and suggestions about the Pre-GA Offerings to Google, and Google and its Affiliates may use any feedback or suggestions provided without restriction and without obligation to Customer.
PRE-GA OFFERINGS ARE PROVIDED “AS IS” WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES OR REPRESENTATIONS OF ANY KIND. Pre-GA Offerings (a) may be changed, suspended or discontinued at any time without prior notice to Customer and (b) are not covered by any SLA or Google indemnity. Except as otherwise expressly indicated in a written notice or the documentation for a given Pre-GA Offering, (i) Pre-GA Offerings may not be covered by TSS, (ii) the Data Processing and Security Terms do not apply to Pre-GA Offerings and Customer should not use Pre-GA Offerings to process personal data or other data subject to legal or regulatory compliance requirements, and (iii) Google’s data location commitments set out in these Service Specific Terms will not apply to Pre-GA Offerings. With respect to Pre-GA Offerings, to the maximum extent permitted by applicable law, neither Google nor its suppliers will be liable for any amounts in excess of the lesser of (A) the limitation on the amount of liability stated in the Agreement or (B) $25,000. Nothing in the preceding sentence will affect the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability). Customer's access to and use of any Pre-GA Offering is subject to any applicable Scope of Use. Either party may terminate Customer's use of a Pre-GA Offering at any time with written notice to the other party. Certain Pre-GA Offerings may be subject to additional terms stated below.
6. Google-Managed Multi-Cloud. The then-current services described as “Google-Managed Multi-Cloud Services” at https://cloud.google.com/terms/services ("Google-Managed MCS") are Google services, products and features that are hosted on the infrastructure of a third party cloud provider (“Multi-Cloud Service Third-Party Provider”). While the Google-Managed MCS are not Services or Software, Customer’s use of the Google-Managed MCS is subject to the terms of the Agreement applicable to Services (or Software, if applicable), as amended by this Section 6. In addition to the terms of the Agreement and notwithstanding anything to the contrary in the “Conflicting Terms” section of the Agreement, Customer’s use of the Google-Managed MCS is subject to the following terms:
a. Admin Console. The Google-Managed MCS may not be available through the Admin Console.
b. Multi-Cloud Service Third-Party Provider Relationship.
i. To make use of the Google-Managed MCS, Customer must maintain an independent account and billing relationship with the applicable Multi-Cloud Service Third-Party Provider. Customer is responsible for entering into and complying with an appropriate agreement with the applicable Multi-Cloud Service Third-Party Provider governing Customer’s use of the Multi-Cloud Service Third-Party Provider’s services and the Multi-Cloud Service Third-Party Provider’s processing of personal data on behalf of Customer. The Agreement does not obligate Google or the Multi-Cloud Service Third-Party Provider to provide the Multi-Cloud Service Third-Party Provider’s services that are necessary for the Customer to use the Google-Managed MCS.
ii. If the Multi-Cloud Service Third-Party Provider makes a change to its services or terms, and Google reasonably concludes that its provision of the Google-Managed MCS is no longer commercially feasible as a result of the change, Google may immediately Suspend all or part of Customer's use of the impacted Google-Managed MCS, or make any other discontinuance or backwards-incompatible change necessary to continue to provide the Google-Managed MCS. Google will lift any such Suspension once the circumstances giving rise to the Suspension have been resolved. To the extent Google may Suspend or modify the Google-Managed MCS as set forth in this Section, the Google-Managed MCS are not subject to the sections of the Agreement covering discontinuance and backwards-incompatible changes.
c. Data Processing. Processing of data by the Google-Managed MCS is subject to the terms of the Data Processing and Security Terms, as supplemented and amended by the Google-Managed Multi-Cloud Services Data Processing and Security Terms Addendum. "Google-Managed Multi-Cloud Services Data Processing and Security Terms Addendum" means the terms stated at https://cloud.google.com/terms/mcs-data-processing-terms.
d. Limitation of Liability. Notwithstanding anything to the contrary in the Agreement (except subject to any unlimited liabilities expressly stated in the Agreement), to the maximum extent permitted by law, each party’s total aggregate Liability for damages arising out of or relating to the Google-Managed MCS is limited to the greater of (1) the Fees Customer paid for the Google-Managed MCS during the 12-month period before the event giving rise to liability and (2) $25,000.
e. Disclaimers. Notwithstanding anything to the contrary in the Agreement, the Google-Managed MCS (i) are not covered by any SLA covering Google Cloud Platform Services, unless specifically identified under the terms of the SLA, (ii) are not subject to any obligations for Google to provide termination or transition assistance or other technical assistance after Suspension or termination, (iii) are not subject to any business continuity or disaster recovery commitments, and (iv) are not Audited Services, unless specifically identified at the Audited Services URL as listed in Section 2.1 (Definitions) of the DPST.
f. Survival. The following subsections of these Google-Managed Multi-Cloud Service Specific Terms will survive expiration or termination of the Agreement: d (Limitation of Liability); e (Disclaimer); and f (Survival).
7. Benchmarking. Customer may conduct benchmark tests of the Services (each a "Test"). Customer may only publicly disclose the results of such Tests if it (a) obtains Google's prior written consent, (b) provides Google all necessary information to replicate the Tests, and (c) allows Google to conduct benchmark tests of Customer's publicly available products or services and publicly disclose the results of such tests. Notwithstanding the foregoing, Customer may not do either of the following on behalf of a hyperscale public cloud provider without Google's prior written consent: (i) conduct (directly or through a third party) any Test of the Services or (ii) disclose the results of any such Test.
8. Trials. Certain Services may be made available to Customer on a trial basis. The parameters of each trial, including any Scope of Use, may be presented to Customer either through the Fees URL, Admin Console, Documentation, email, or as otherwise communicated by Google. Use of a trial indicates Customer’s acceptance of any such parameters.
9. User Experience Research. If Customer enrolls in the Google Cloud User Experience Research Program for Google Cloud Platform, Customer’s participation will be subject to the Google Cloud User Experience Research Panel Addendum available at https://cloud.google.com/terms/user-experience-research or a successor URL.
10. PGSSI-S. Customer will comply with France's General Security Policy for Health Information Systems (PGSSI-S) to the extent applicable.
11. Additional Definitions.
“Cloud Locations Page” means https://cloud.google.com/about/locations/.
“Documentation” means the then-current Google documentation made available by Google to its customers for use with the Services at https://cloud.google.com/docs/.
“Fees URL” means https://cloud.google.com/skus.
“Multi-Region” means a defined set of Regions.
“Region” means a region from which a particular Service is offered, as identified at the Cloud Locations Page.
“Scope of Use” means any limits on installation or usage of Services or Software described at the Fees URL, Admin Console, order form, or otherwise presented by Google.
Service Terms
The following terms apply only to the Service(s) indicated in the section title.
Compute
1. Compute Engine.
a. Additional Security. If Customer requires greater than eight static IP addresses, Google may file a SWIP report with the American Registry for Internet Numbers (ARIN). Google may log DNS lookups, as well as source and destination IP addresses, for security purposes.
b. Sustained Usage Discounting. Any credits provided to Customer in connection with sustained usage discounting have no cash value and can only be applied to offset future Compute Engine Fees. Upon termination or expiration of the Agreement, such credits will expire.
c. Google Cloud Marketplace. If Customer uses Compute Engine tools or APIs to deploy or otherwise use any software or services from Google Cloud Marketplace (or Google Cloud Launcher), then Customer’s related deployment or use will be subject to the Google Cloud Marketplace Terms of Service.
d. Sole-Tenant Nodes. Customer may select that Google provide the Compute Engine Service on physical Google host hardware dedicated to a single Project. While no other Google customer virtual machine instance will share that host hardware with Customer’s virtual machine instances, Compute Engine’s virtualization software will reside on that host hardware and continue to manage Customer’s virtual machine instances on that host hardware.
2. Compute Engine, Google Kubernetes Engine, and Container Registry Service - Docker Hub. If Customer or a Customer End User requests container(s) from the Docker Hub for its Project or Customer Application, Customer instructs Google to cache a copy of such container in the Container Registry for future use.
3. App Engine - Data Location. Customer may configure App Engine to store Customer Data in the United States or European Union, and Google will store that Customer Data at rest only in that location. The Service does not limit the locations from which Customer or Customer End Users may access Customer Data or to which they may move Customer Data. For clarity, Customer Data does not include resource identifiers, attributes, or other data labels.
4. Google Cloud VMware Engine (GCVE).
a. Customer Security Obligations. Google may not have access to Customer's VMware environment. As such, (i) Customer acknowledges that, notwithstanding Section 7.1.1 (Google's Security Measures) of the Data Processing and Security Terms, Google may not be able to encrypt personal data in Customer's VMware environment and (ii) Customer will enable vSAN encryption and take other appropriate measures to protect and maintain the security of Customer Data stored on or processed through GCVE.
b. Customer Responsibilities. Customer is solely responsible for obtaining and maintaining all licenses, rights, consents, and permissions that are required for Customer's use of any Operating Systems, software, applications, or other content that Customer uploads to or uses in connection with GCVE. For the purposes of this Section, "Operating System" means any operating system that (i) Customer uploads to, hosts on, or uses in connection with GCVE, or (ii) Customer instructs Google to pre-load onto GCVE servers.
5. BigQuery.
a. ODBC/JDBC Drivers. The ODBC and JDBC drivers for BigQuery (as described here) are “Software” as defined in the Agreement and any use of them is subject to the “General Software Terms” above. These drivers may only be used with BigQuery and may not be used with any other product or service.
b. Analytics Hub (PREVIEW)
(i) Introduction. Analytics Hub is a feature of BigQuery that helps users find and share sets of Customer Data (“Datasets”). Datasets are organized into shared repositories (“Exchanges”) with each Dataset’s listings containing (as applicable) a description, documentation, branding, metadata or similar materials (“Listing Materials”).
(ii) Roles. Customer can serve different roles in Analytics Hub:
A. “Publishers” create and submit Datasets for listing within Exchanges.
B. “Subscribers” request access to Datasets listed in Exchanges for their own use in BigQuery.
C. “Exchange Administrators” (1) create and administer Exchanges, (2) add or remove Listing Materials in Exchanges, (3) control visibility of Exchanges and Listing Materials, and (4) on behalf of the relevant Publisher, enable or reject Subscriber requests to access Datasets.
(iii) Publishers. Publishers can serve as their own Exchange Administrators or submit Datasets to Exchanges operated by third-party Exchange Administrators. In the latter case, the Publisher submits its Dataset to the Exchange Administrator and must follow any enrollment steps specified by the Exchange Administrator for its Exchange.
(iv) Exchange Administrators. When acting as an Exchange Administrator, Customer must:
A. Secure and maintain all necessary rights, consents and permissions (including from any third-party Publishers) to list, share or take other action with respect to the Datasets or Listing Materials; and
B. Handle takedown requests, data subject requests, notices of infringement, and any other notices or requests it receives regarding its Exchange or related Listing Materials or Datasets.
For clarity, Listing Materials are considered Customer Data of the applicable Exchange Administrator.
(v) Separate Relationships.
A. Google is not responsible for and will have no liability to Customer in relation to any terms or relationships between Customer and any third party acting as a Publisher, Subscriber, or Exchange Administrator. If Customer offers any commitments to any third such party beyond the commitments that Google has made to Customer in the Agreement (including in these Service Specific Terms), Google will not be liable for such commitments.
B. Publishers and Exchange Administrators must ensure that any terms they have with Subscribers do not contradict these Service Specific Terms or the Agreement.
C. If a Publisher or Exchange Administrator charges fees for access to Datasets, it is solely responsible for (1) collecting the fees independently of Google and Analytics Hub and (2) any related refunds or liabilities to Subscribers.
D. Google does not guarantee continued availability of any Datasets, and gives no warranty, indemnification or other obligation, and accepts no liability or responsibility, with respect to Datasets or their use.
Storage
6. Cloud Storage - Bucket Lock. Customer will comply with applicable laws and regulations with respect to the retention of Bucket Lock Customer Data, including determining and applying the appropriate retention and hold periods and, if applicable, promptly furnishing any Bucket Lock Customer Data in a usable format. Customer is also responsible for keeping its Account in good standing during any retention and hold period. Upon deletion of a Project or Account, or termination of the Agreement, Google may delete the applicable Bucket Lock Customer Data.
a. Definitions.
“Bucket Lock” means the feature of Cloud Storage that allows Customer to set and lock a retention or hold period applicable to Customer Data in a Cloud Storage bucket.
“Bucket Lock Customer Data” means Customer Data stored in Cloud Storage with Bucket Lock activated.
Networking
7. Cloud Interconnect - Partner Interconnect. Customer will independently engage a network service provider (“Cloud Interconnect Partner”) who has agreed with Google to supply connectivity between Customer and Google under Google’s partner terms for Partner Interconnect. Customer is responsible for any charges for connectivity by the Cloud Interconnect Partner. Google is not responsible for any aspects of Partner Interconnect provided by the Cloud Interconnect Partner or any issues arising outside of Google’s network.
8. Cloud Intrusion Detection System (Cloud IDS). Notwithstanding anything to the contrary in the “Benchmarking” section of the General Service Terms of these Service Specific Terms, Customer will not, and will not allow End Users to, disclose, publish, or otherwise make publicly-available any benchmark, or performance or comparison tests that are run on Cloud IDS and that are conducted by Customer or an End User (or a third party authorized by Customer or an End User).
9. Google Cloud Armor - Managed Protection Plus
a. Generally. If a Project enrolled in Managed Protection Plus experiences a third-party denial of service attack on a protected endpoint (“Qualified Attack”) and the conditions below are met, Google will provide a credit equivalent to the Covered Fees, provided that the Covered Fees incurred exceed the Minimum Threshold. Load tests and security assessments performed by or on behalf of Customer are not Qualified Attacks.
b. Conditions. Customer must submit a request to Cloud Billing Support within 30 days after the end of the Qualified Attack. The request must include evidence of the Qualified Attack, such as logs or other telemetry indicating the timing of the attack and the Projects and resources that were attacked, and an estimate of the Covered Fees incurred. Google will reasonably determine whether credits are due and the appropriate amount.
c. Credits. Any credits provided to Customer in connection with this Section have no cash value and can only be applied to offset future Fees for the Services. These credits will expire 12 months after being issued or upon termination or expiration of the Agreement.
d. Definitions.
“Covered Fees” means any Fees incurred by Customer as a direct result of the Qualified Attack for:
i. ingress data processing for the Google Cloud Load Balancer Service;
ii. Managed Protection Plus data processing for the Google Cloud Armor Service; and
iii. network egress, including inter-region, inter-zone, internet, and carrier peering egress.
“Minimum Threshold” means the minimum amount of Covered Fees that are eligible to be credited under this Section as determined by Google from time to time and disclosed to Customer on request.
10. Network Connectivity Center (NCC). Notwithstanding any telecommunications restrictions in the Agreement, in Australia, India, Japan, the United Kingdom, and the United States only, Customer may use NCC for telecommunications connectivity.
AI and Machine Learning
11. AI Building Blocks. Customer will not (either directly or intentionally via third parties) use these Services to create, train, or improve (directly or indirectly) a similar or competing product or service to the specific Service being used by Customer (and specifically covered by this section). In addition to any other available remedies, Google may immediately suspend or terminate Customer's use of these Services based on any suspected violation of these terms, and violation of these terms is deemed violation of Google's Intellectual Property Rights. Customer will provide Google with any assistance Google requests to reasonably confirm compliance with these terms. In addition to this section applying to the AI Building Blocks, this section will also apply to any functionality relating to AutoML-related or Optimization AI that is accessible in Vertex AI. These terms will survive termination or expiration of the Agreement.
12. AI Platform Training and Prediction (AITP). Customer owns the model weights that Customer trains in AITP and can export such model weights in the supported output of the AITP supported machine learning library Customer used to train them (e.g., TensorFlow, XGBoost, scikit-learn, PyTorch).
13. Celebrity Recognition (via functionality of Cloud Vision and Video Intelligence API). Customer will only use Celebrity Recognition functionality (i) with professionally filmed media content that Customer owns or has adequate consent to use with the functionality under applicable law and (ii) on individuals whose primary profession involves voluntarily being the subject of public media attention (“Celebrities”). Customer will not use this functionality for any surveillance–based purpose or on individuals who are not Celebrities.
14. AutoML Tables. Customer can export a frozen model graph and related features via the formats supported by AutoML Tables. No license to retrain or reverse engineer such model graph is granted or implied to Customer.
15. AutoML Video Edge. Customer can download a frozen model graph and TFlite model and any related Customer-provided video labels via the formats supported by AutoML Video. No license to retrain or reverse engineer such model graph or the TFLite model is granted or implied to Customer.
16. AutoML Vision Edge. Customer can download a frozen model graph and any related Customer provided image labels via the formats supported by AutoML Vision. No license to retrain or reverse engineer such model graph is granted or implied to Customer.
17. Talent Solution. Customer will not (either directly or intentionally via third parties) use the Service to create, train, or improve (directly or indirectly) a similar or competing product or service without Google's prior written permission. Customer agrees to adhere to the service limits (e.g., "queries-per-second") as defined within the Documentation.
18. Retail Search.
a. Customer will not (either directly or intentionally via third parties) use Retail Search or any results provided by Retail Search to create, train, or improve (directly or indirectly) a similar or competing product or service to Retail Search. In addition to any other available remedies, Google may immediately suspend or terminate Customer's use of Retail Search based on any suspected violation of these terms, and violation of these terms is deemed violation of Google's Intellectual Property Rights. Customer will provide Google with any assistance Google requests to reasonably confirm compliance with these terms.
b. When Customer is providing query results as part of a Customer Application to other businesses to present to their respective end users, Customer may not cache such results.
c. If Customer provides results for any query in a different order than the ranked order returned by Retail Search (“Alternative Ranking”), then Google will not provide any support (including TSS) in relation to this Alternative Ranking.
d. If Customer has rights under the Agreement or any other agreement to use Google Brand Features in connection with Retail Search, then Customer forfeits all such rights if Customer provides an Alternative Ranking for any query.
19. AI/ML Data Location. Customer may configure the Services listed at https://cloud.google.com/terms/data-residency to store and perform machine learning processing of Customer Data by the Service in a specific Multi-Region, and Google will store the Customer Data at rest and perform machine learning processing of it by the Service only in that Multi-Region. For clarity, Customer Data does not include resource identifiers, attributes, or other data labels. These Services do not limit the locations from which Customer, Customer End Users, or Customer-selected or Google managed labeling resources may access Customer Data, or to which they may move Customer Data.
20. Cloud Translation (v1, v2, or later) and Media Translation API.
a. HTML Markup and Attribution Requirements. Customer will comply with the HTML Markup Requirements found at https://cloud.google.com/translate/markup and the attribution requirements found at https://cloud.google.com/translate/attribution.
b. Limitation. Customer will not (either directly or intentionally via third parties) (i) use this Service to create, train, or improve (directly or indirectly) a similar product or service, including any other machine translation engine, or (ii) use or retain translated text or any other data from this Service for the purpose of creating, training, or improving (directly or indirectly) a translation system, product, or service.
Security and Identity
21. Assured Workloads. Assured Workloads enables Customer to apply location and Google personnel controls in an Assured Workloads environment via the Admin Console to support Customer’s compliance requirements. Google will provide TSS for Assured Workloads in accordance with such Customer-selected controls. It is Customer's responsibility to determine whether Customer-selected Admin Console controls are adequate for Customer’s purposes. Google’s data location commitments under General Service Terms Section 1 (Data Location) apply to Assured Workloads. In addition, Assured Workloads provides Customers the ability to prevent Google persons located outside the Customer-selected Region from accessing Customer Data in an Assured Workloads environment. The Service does not limit the locations from which Customer or Customer End Users may access Customer Data or to which they may move Customer Data.
22. Access Approval. Use of Access Approval may increase support response times, and Customer will be responsible for any disruption or loss as a result of Customer denying or delaying approval via Access Approval. The SLAs do not apply to any Service disruption impacted by Customer’s use of Access Approval.
23. Cloud Identity Services. The following terms apply only to the Cloud Identity Services provided under this Agreement:
a. Customer Domain Name. Customer is responsible for obtaining and maintaining any rights necessary for use of the Customer Domain Names in connection with the Cloud Identity Services.
b. Administration of the Cloud Identity Services. Customer may specify through the Cloud Identity Services one or more Administrators who will have the rights to access Admin Account(s) and to administer the Cloud Identity Services. Customer is responsible for all activities of the Administrators and in connection with the Admin Account(s).
c. Use of Google Workspace Components. Customer’s use of the Google Workspace Components are subject to any applicable provisions of the then-current Google Workspace Service Specific Terms at https://workspace.google.com/intl/en/terms/service-terms/, which provisions are incorporated by reference into this Agreement.
d. Additional Products. Google makes optional Additional Products available to Customer and Customer End Users through the Cloud Identity Services. Customer’s use of Additional Products is subject to the Additional Product Terms.
e. Governing agreement. If Customer has agreements in force governing its use of both of the Services and Google Workspace Services, this Section 23 (Cloud Identity Services) does not apply. Customer’s applicable agreement for Google Workspace Services governs its use of the Cloud Identity Services unless such agreement terminates, then this Agreement (including this Section 23 (Cloud Identity Services)) will govern Customer’s continued use of the Cloud Identity Services under the same Admin Account.
If Customer no longer has an agreement in force governing its use of the Services, then the then-current terms at https://cloud.google.com/terms/identity will apply to Customer’s continued use of the Cloud Identity Services under the same Admin Account.
f. Definitions.
“Additional Products” means products, services and applications that are not part of the Services but that may be accessible for use in conjunction with the Services.
“Additional Product Terms” means the then-current terms at https://workspace.google.com/intl/en/terms/additional_services.html.
“Admin Account(s)” means the administrative account(s) provided to Customer by Google for the purpose of administering the Cloud Identity Services. The use of the Admin Account(s) requires a password, which Google will provide to Customer.
“Administrators” mean the Customer-designated technical personnel who administer the Services on Customer’s behalf.
“Customer Domain Names” mean the domain names owned or controlled by Customer, which will be used in connection with the Cloud Identity Services and specified in the applicable order form.
“Google Workspace Components” has the meaning given in the then-current services summary for Cloud Identity Services at https://cloud.google.com/terms/identity/user-features.
“Google Workspace Services” means the then-current services described at https://workspace.google.com/terms/user_features.html
24. Security Command Center.
a. Service Configuration. Customer acknowledges and agrees that (i) Customer must exclude individual resources by following the instructions described in the Documentation if Customer doesn’t want Security Command Center to scan Customer’s entire Organization, and (ii) Security Command Center will not detect all misconfigurations, vulnerabilities and threats in Customer’s Organization.
b. Access Control. Customer acknowledges and agrees that the Security Command Center Standard dashboard only supports granting roles at the Organization level, while Security Command Center Premium supports granting IAM roles at the Organization, Folder, or Project levels. Organization-level roles are not suitable for all use cases, particularly for sensitive applications or compliance standards that require strict access controls. Customer acknowledges and agrees that, to create fine-grained access policies, Customer must grant roles at the Folder or Project levels by following the instructions described in the Documentation.
c. Active Scanners. Customer acknowledges and agrees that active scanners may adversely affect the reliability of a Customer Application and may not be suitable for use in a production environment.
25. Firebase Authentication and Identity Platform.
a. Phone Authentication. Google temporarily stores phone numbers provided for authentication to improve spam and abuse prevention across Google services. Phone numbers are not logically isolated for a given customer's end users. Customer should obtain appropriate end-user consent before using the Firebase Authentication or Identity Platform phone number sign-in service.
b. Other Authentication Services. Use of Google Sign-In for authentication is subject to Google’s API Services: User Data Policy. Google is not responsible for any third-party sign-in service used with Firebase Authentication or Identity Platform.
c. reCAPTCHA Notice Requirement. Customer agrees to explicitly inform Customer End Users of phone authentication features that their use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Use. For users in the European Union, you and your Application(s) must comply with the EU User Consent Policy. Customer acknowledges and understands that reCAPTCHA works by collecting hardware and software information, such as device and application data, and sending this data to Google for analysis. The information collected in connection with Customer End Users' use of reCAPTCHA will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalized advertising by Google.
26. Web Security Scanner. Customer acknowledges that Web Security Scanner may adversely affect the reliability of a Customer Application and may not be suitable for use in a production environment. Web Security Scanner will not detect all vulnerabilities in a Customer Application.
27. reCAPTCHA Enterprise.
a. Information. reCAPTCHA Enterprise works by collecting hardware and software information, such as device and application data, and sending this data to Google for analysis. The information collected in connection with Customer's use of the reCAPTCHA Enterprise Service will be used for providing, maintaining, and improving reCAPTCHA Enterprise and for general security purposes. It will not be used for personalized advertising by Google.
b. Privacy Policy. Customer will provide and adhere to a privacy policy for its API client that clearly and accurately describes to applicable Customer End Users what user information Customer collects and how Customer uses and shares such information (including for advertising) with Google and third parties. Customer will be responsible for providing any necessary notices or consents for the collection and sharing of this data with Google. Customer and its API client(s) will comply with the EU User Consent Policy.
c. Terms. Customer agrees to explicitly inform applicable Customers End Users that Customer has implemented reCAPTCHA Enterprise on its properties and that Customer End Users' use of reCAPTCHA Enterprise is subject to the Privacy Policy and Terms of Use. reCAPTCHA Enterprise may only be used to fight spam and abuse on Customer's properties, and not for any other purposes, such as determining credit worthiness, employment eligibility, financial status, or insurability of a user.
28. Web Risk.
a. Attribution. Customer may display a warning about unsafe web resources for a particular site based on verification against Google’s list of unsafe sites, if Customer provides attribution and conspicuous notice that the reliability and accuracy of the protection cannot be guaranteed using language similar to the “Advisory Notice” subsection below.
b. Data Refresh. Customer will not treat a URL from Google’s list as an unsafe web resource, such as by showing users a warning about the site or blocking access to it, unless the applicable Customer Application has received from Google updated information (via the applicable API method) before the expiration time provided by the applicable API response or within 30 minutes if no expiration time is specified.
c. Advisory Notice. Google works to provide the most accurate and up-to-date information about unsafe web resources, but cannot guarantee that its information is comprehensive and error-free: some risky sites may not be identified, and some safe sites may be identified in error.
d. Evaluate and Submission APIs. The Evaluate API gives Customer client applications the option to evaluate the maliciousness of URLs by receiving a score instead of a binary result. The Submission API provides Customer with the ability to voluntarily send to Google URLs Customer suspects are unsafe. Google uses URLs and associated data submitted through the Evaluate API or Submission API (“Submitted URLs”) and corresponding scores to provide, maintain, protect and improve Google's products and services, including Google's list of unsafe web resources. Google may also share Submitted URLs with third parties, including other Google customers and users. Submitted URLs are not Customer Confidential Information or Customer Data.
29. BeyondCorp Enterprise
a. Chrome Browser Cloud Management. In order to use BeyondCorp Enterprise Threat and Data Protection Services:
i. Customer agrees to the online Chrome Browser Cloud Management License Agreement (available at https://cloud.google.com/terms/chrome-enterprise/chrome-browser-cloud-management) (the “CBCM Agreement”); and
ii. Customer acknowledges and agrees that Customer must enable "Chrome Enterprise Connectors" in the Chrome Browser Cloud Management section of the Admin Console.
b. Advisory Notice. Google works to provide the most accurate and up-to-date information about unsafe web pages and malware, but cannot guarantee that its information is comprehensive and error-free. Some potentially risky sites and files may not be identified, and some safe sites and files may be identified in error.
c. Threats. BeyondCorp Enterprise’s Threat and Data Protection Services (as described at https://cloud.google.com/terms/services) work by aggregating threat intelligence. BeyondCorp Enterprise analyzes (i) URLs visited by Customer’s End Users on supported browsers and proxies, to identify unsafe web pages and (ii) content of files uploaded and downloaded by Customer’s End Users to and from supported browsers and proxies, to identify malware (such unsafe web pages or malware, “Threats”). When BeyondCorp Enterprise checks for Threats, the URL or a file hash and the result of the analysis are temporarily stored in a Google global cache for performance-related purposes. Customer acknowledges and agrees that Customer URLs and file hashes that BeyondCorp Enterprise identifies as Threats are not Customer Confidential Information or Customer Data and Google may use such URLs and file hashes to provide, maintain, protect and improve Google's products and services, including Google's lists of Threats.
30. Certificate Manager. Customer authorizes Google Cloud to apply for and obtain publicly trusted SSL/TLS certificates from third-party or Google-managed certificate authorities for domains operated and controlled by Customer (“Customer Domains”) pursuant to the CA/Browser Forum Baseline Requirements or any applicable successor requirements (“Requirements”). Customer represents and warrants that it operates and controls the Customer Domains and will revoke the authorization from Google when Customer ceases to operate and control a Customer Domain. Google may revoke a certificate as required by the Requirements or for failure to comply with the AUP.
Migration
31. Transfer Appliance Service. In performing the Transfer Appliance Service, Google will attempt to provide Customer with the requested Transfer Appliance model, subject to availability. Google will provide technical support for the Transfer Appliance Service only as described in the Documentation. Google may use Subprocessors (as defined in the Data Processing and Security Terms) in providing the Transfer Appliance Service. The Transfer Appliance Materials are at all times owned by Google, with no transfer of title to Customer.
In case of cross-border shipments of Transfer Appliance Materials, Customer may be responsible for export clearance, Google may designate a carrier to act as Customer's agent with the relevant customs and tax authorities to import or export the Transfer Appliance Materials, and Customer will cooperate with Google and its carrier, including providing export classification information and acting as the importer or exporter of record.
While Transfer Appliance Materials are in its control, Customer is responsible for any loss or damage and will use appropriate security measures to protect them. Customer will not permit any Transfer Appliance Materials to leave the U.S. state or non-U.S. country to which they were shipped (except as directed in writing by Google or its Subprocessors).
As part of the Transfer Appliance Service, Google may temporarily move the applicable Customer Data to a staging bucket within a Google-owned project accessible to Customer and shortly after delete such Customer Data from the Transfer Appliance Materials. Completion of Customer's decompression and decryption of such Customer Data (or failure to do so within a reasonable number of days specified by Google) will constitute an instruction to Google to delete the applicable Customer Data from the staging bucket. Customer is solely responsible, under its own Project, for any virtual machine instance and destination buckets in which Customer desires to decompress and decrypt the applicable Customer Data.
Proper functioning of the Transfer Appliance Service is highly dependent on Customer's computing environment. Customer's sole remedy in connection with any unsuccessful attempt to complete the Transfer Appliance Service is for Google to use reasonable efforts to re-perform the Transfer Appliance Service.
“Transfer Appliance Materials” means the materials provided by Google or its Subprocessors in connection with the Transfer Appliance Service, including hardware and software.
Bare Metal
32. Bare Metal Solution
a. Admin Console. The Admin Console will not be available to Customer for management, monitoring, or administration of Bare Metal Solution.
b. Data Processing and Security Terms. Bare Metal Solution provides non-virtualized access to underlying infrastructure resources and, by design, has characteristics different from the other Services offered under the Agreement.
i. Amendments. The Data Processing and Security Terms are amended solely with respect to Bare Metal Solution as stated in this subsection b.
A. Google's Third Party Auditor. The definition of "Google's Third Party Auditor" is amended as follows: "Google's Third Party Auditor means a qualified and independent third party auditor appointed by Google or a Bare Metal Solution Subprocessor, whose then-current identity Google will disclose to Customer upon request."
B. Audited Services. Bare Metal Solution is not an Audited Service. With respect to Bare Metal Solution, Google or its Subprocessor will: (1) obtain (x) ISO 27001 certification and PCI DSS Attestation of Compliance (the "Compliance Certifications"); and (y) a SOC 1 Report and SOC 2 Report (the "SOC Reports") and update such Compliance Certifications and SOC Reports at least once every 12 months, and (2) provide the Compliance Certifications and SOC Reports to Customer in accordance with Section 7.5.3 (Additional Business Terms for Reviews and Audits) of the Data Processing and Security Terms. Google may add standards at any time. Google may replace a Compliance Certification or SOC Report with an equivalent or enhanced alternative.
ii. Subprocessors. Customer specifically authorizes Google to engage the entities listed at the Bare Metal Solution Subprocessors Page as of the Services Start Date ("Bare Metal Solution Subprocessors") as Subprocessors for Bare Metal Solution. Information about the Bare Metal Solution Subprocessors, including their functions and locations, is available at the Bare Metal Solution Subprocessors Page (as may be updated by Google from time to time in accordance with the Data Processing and Security Terms).
iii. Inapplicable Terms. The following terms in the Data Processing and Security Terms (or similar successor terms) are excluded with respect to Bare Metal Solution:
A. From Section 7.1.1 (Google's Security Measures): the phrase "encrypt personal data";
B. The subsections from Appendix 2 Section 1(a), titled "Server Operating Systems" and "Business Continuity";
C. The subsections from Appendix 2 Section 1(b), titled "External Attack Surface," "Intrusion Detection," and "Encryption Technologies"; and
D. From Appendix 2 Section 3(a): the sentences "Google stores data in a multi-tenant environment on Google-owned servers. Subject to any Customer instructions to the contrary (for example, in the form of a data location selection), Google replicates Customer Data between multiple geographically dispersed data centers."; or, if the Agreement authorizes the resale or supply of Google Cloud Platform under a Google Cloud partner or reseller program, the sentences "Google stores data in a multi-tenant environment on Google-owned servers. Subject to any Partner instructions to the contrary (for example, in the form of a data location selection), Google replicates Partner Data between multiple geographically dispersed data centers."
iv. Other Amendments. Other than this Section b, no terms in the Agreement that expressly amend, modify, or supplement the Data Processing and Security Terms (as then-currently available at https://cloud.google.com/terms/data-processing-terms or, for partners, at https://cloud.google.com/terms/data-processing-terms/partner) will apply to Bare Metal Solution.
v. Customer Obligations. Without limiting Google's express obligations related to Bare Metal Solution, Customer will take reasonable steps to protect and maintain the security of Customer Data and any other content stored on or processed through Bare Metal Solution.
c. Representation and Warranty. Customer represents and warrants that it has all licenses, rights, consents, and permissions that are required for Customer's and any End User's use of any Operating Systems, software, applications, and any other content that Customer or any End User uploads to or uses in connection with Bare Metal Solution.
d. Limitation of Liability. Notwithstanding anything to the contrary in the Agreement (except subject to any unlimited liabilities expressly stated in the Agreement), to the maximum extent permitted by law, each party’s total aggregate Liability for damages arising out of or relating to Bare Metal Solution is limited to the greater of (a) the Fees Customer paid for Bare Metal Solution during the 12 month period before the event giving rise to liability and (b) $25,000.
e. Disclaimer. Notwithstanding anything to the contrary in the Agreement (including the Data Processing and Security Terms), Google and its subcontractors are not responsible for any of the following in relation to Bare Metal Solution: (i) non-physical security, such as access controls, encryption, firewalls, antivirus protection, threat detection, and security scanning; (ii) logging and monitoring; (iii) non-hardware maintenance or support; (iv) data backup, including any redundancy or high-availability configuration; or (v) business continuity and disaster recovery policies or procedures. Customer is solely responsible for securing (other than physical security of Bare Metal Solution servers), logging and monitoring, maintaining and supporting, and backing up any Operating Systems, Customer Data, software, and applications Customer uses with, uploads to, or hosts on Bare Metal Solution.
f. Survival. The following subsections of these Bare Metal Solution Service Specific Terms will survive expiration or termination of the Agreement: d (Limitation of Liability); e (Disclaimer); f (Survival); and i (Definitions).
g. Ordering. Except for Bare Metal POCs (as defined below), Customer must order Bare Metal Solution via an order form mutually executed by Customer and Google.
h. Bare Metal Solution Proof of Concepts. The following additional terms apply to Bare Metal Solution proof of concepts and trials ("Bare Metal Solution POCs"):
i. Bare Metal Solution POCs are deemed "Pre-GA Offerings" and are subject to the Pre-GA Offerings Terms in the General Services Terms of these Service Specific Terms.
ii. Customer may not use Bare Metal Solution POCs in connection with any production workloads.
i. Definitions.
“Bare Metal Solution Subprocessors Page” means the URL located at: https://cloud.google.com/bare-metal/subprocessors.
“Operating Systems” means any operating systems that: (i) Customer uploads to, hosts on, or uses in connection with Bare Metal Solution; or (ii) Customer instructs Google to pre-load onto Bare Metal Solution servers.
“Services Start Date” means the start date stated in the order form, or if no date is specified, the date Google first makes Bare Metal Solution available to Customer.
33. Transcoder API. Customer represents and warrants that it has all licenses, rights, consents, and permissions that are required to transcode, decode, and encode its content in the applicable format in connection with Transcoder API.
34. Healthcare Data Engine (HDE).
a. Solution Requirements. Customer will comply with the solution requirements as outlined in the Documentation.
b. Compliance. HDE may transmit to Google metering information from aggregated Customer Data for billing and compliance verification purposes. Customer will not disable or interfere with the transmission of such information, including through modifications to the solution configurations, as specified in the Documentation.
c. Deletion. If the Agreement or Customer’s subscription to HDE terminates or expires, then Customer will stop using HDE and delete all HDE deployment code, HDE starter maps, and HDE docker images from Customer’s Account. Customer may retain mapping and reconciliation configurations created by the Customer.
35. Google Distributed Cloud Edge
a. Equipment. Google will make the hardware equipment identified in the Google Distributed Cloud Edge (“GDCE”) Order Form available to Customer (“Equipment”) to be hosted in facilities owned, operated by or licensed to the Customer identified in the Order Form (the “Customer Location”). Customer will be liable for any loss of or damage to the Equipment while in Customer’s possession.
b. Installation Support. Google will be responsible for installation of the Equipment at the Customer Location. Google may provide additional installation support on-site or via remote assistance. Each party will provide qualified personnel on-site at the Customer Location as required to assist throughout the Equipment installation process. Customer may not use, install or otherwise access the Equipment prior to installation.
c. Maintenance and Repairs. Google will be responsible for any maintenance or repairs to the Equipment. Customer agrees to provide a named Customer representative on-site during repairs and reasonably cooperate with Google upon request on any maintenance or troubleshooting activities related to the Equipment. Google may repair or replace defective Equipment at its sole discretion. Google engineers have SSH access to the Equipment in order to remotely monitor and maintain the GDCE Services.
d. Onsite Requirements.
i. In the event Google needs to access the Customer Location, Customer will: (a) provide Google authorized personnel with prompt and reasonable access to the extent necessary to perform installation, maintenance, or any other activities requiring Google authorized personnel to access the Customer Location; and (b) follow any written instructions provided by Google during the Equipment installation process.
ii. Google authorized personnel will comply with Customer’s reasonable onsite policies and procedures communicated in writing by Customer prior to the commencement of the Equipment installation process; and (b) provide written instructions to Customer during the installation process detailing any installation procedures and activities for Customer to perform.
iii. These terms supersede and replace any terms, conditions, or agreements (“Onsite Terms”) that Google authorized personnel may be required to accept, sign, or consent to as part of Customer’s standard onsite access procedures and none of those Onsite Terms will apply to Google or Google personnel. Google personnel may include third party subcontractors.
e. Technical Support Services. Google will provide remote technical support services to Customer, which may include (as determined by Google) software updates made available to the Equipment.
f. Customer Location Assessment. Customer is solely responsible for ensuring that the Customer Location is suitable in all respects to support the installation and maintenance of the Equipment in accordance with the GDCE Installation Requirements.
g. Additional Equipment Use Terms. Customer’s use of the Equipment is subject to the following additional terms:
i. Prohibitions. Customer may not: (1) sublicense, loan, sell, rent, or lease the Equipment or any portion thereof; (2) intercept, capture, or modify the contents of any data, other than Customer Data, transmitted between the Equipment and the Google Cloud network; (3) pledge or grant a security interest in the Equipment, or dismantle, export, move, or otherwise re-locate Equipment other than as expressly approved by Google in writing, or (4) photograph, video record, capture screenshots, or create an image of the Equipment, in whole or in part, in any format. Customer will not have the capability or right to modify, replace, or interfere with any software installed on the Equipment.
ii. Equipment Ownership. All ownership rights and title in and to the Equipment remain with Google, or its licensors. Customer acknowledges that as between Customer and Google, Customer has no ownership rights in the Equipment or any part of the Equipment and notwithstanding any other term of the Agreement, Google retains exclusive ownership and control of the Equipment.
h. Amendments to the Agreement. GDCE Services are not deployed at a Google data center and, by design, have characteristics different from the other services offered under the Agreement. As a result, the following terms apply:
i. Inapplicable Provisions. Any Google commitments in the Agreement (including the Data Processing and Security Terms (“DPST”)) or associated security documentation (including whitepapers) that depend on Google’s operation of a Google data center do not apply to GDCE Services.
ii. Other Amendments. Other than this subsection (h), no terms in the Agreement that expressly amend, modify, or supplement the DPST (as then-currently available at https://cloud.google.com/terms/data-processing-terms or, for partners, at https://cloud.google.com/terms/data-processing-terms/partner) will apply to GDCE Services.
iii. Audits. GDCE Services are not Audited Services under the DPST, and are not covered by the Security Documentation or subject to the “Reviews and Audits of Compliance” Section of the DPST.
iv. DPST Amendments. The DPST is amended as follows, solely with respect to GDCE Services:
A. References to “Google’s systems” in Sections 6.1 and 7.1.1 will be replaced with “the Equipment”.
B. Section 6.2 is deleted in its entirety and replaced with the following:
“6.2 Return or Deletion at the end of the Term. Customer instructs Google to delete all remaining Customer Data (including existing copies) from the Equipment at the end of the Term in accordance with applicable law. If Customer wishes to retain any Customer Data after the end of the Term, it may export or make copies of such data prior to the end of the Term. Google will comply with the Instruction in this Section 6.2 as soon as reasonably practicable and within a maximum period of 180 days, unless European Law requires storage.”
C. The following line is added to the end of Section 10.1 (Data Storage and Processing Facilities): “or where the Customer Location is located.”
v. Security Measures. Except as specified in Section 2 (Personnel Security) and Section 3 (Subprocessor Security) of the following Appendix 3, solely with respect to GDCE Services (A) the following Appendix 3 replaces in its entirety the Appendix 2: Security Measures of the Data Processing and Security Terms, and (B) any references in the Agreement to “Security Measures” will refer to Appendix 3 below.
Appendix 3: Google Distributed Cloud Edge Security Measures
As from the Terms Effective Date, solely with respect to GDCE Services, Google will implement and maintain the Security Measures described in this Appendix 3.
1. Local Machines and Network Security
Local Machines. Customer Data is solely stored on the Equipment to be deployed in a Customer Location.
Server Operating Systems. Google servers use a Linux based implementation customized for the application environment. Google employs a code review process to increase the security of the code used to provide the GDCE Services and enhance the security products in GDCE production environments.
Encryption Technologies. Google makes HTTPS encryption (also referred to as SSL or TLS connection) available and allows for encryption of data in transit. Google servers support ephemeral elliptic curve Diffie-Hellman cryptographic key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough. Google also makes encryption of data at rest available, using at least AES128 or similar. GDCE Services have a CMEK integration; more information can be found here: https://cloud.google.com/kms/docs/cmek.
Connection to Cloud VPN. Google allows Customer to enable and configure a strong, encrypted interconnection between the Equipment and Customer's Virtual Private Cloud using Cloud VPN through an IPSEC VPN connection.
Bound Storage. Customer's data storage is bound to the server. Should a disk be stolen or copied at rest, the contents of such disk will be unrecoverable outside of the server.
2. Personnel Security
Section 4 of Appendix 2 (Security Measures) continues to apply.
3. Subprocessor Security
Section 5 of Appendix 2 (Security Measures) continues to apply.
i. Customer Obligations. Without limiting Google's express obligations related to GDCE Services, Customer will take reasonable steps to protect and maintain the security of Customer Data and any other content stored on or processed through GDCE Services.
j. Cooperation. Customer will provide reasonable and timely cooperation in connection with Google’s provision of the GDCE Services (including compliance with the GDCE Installation Requirements). Google will not be liable for a delay caused by Customer’s failure to provide Google with information, consents, or access to Customer facilities, networks, or systems required for Google to provide the GDCE Services.
k. Disclaimer. Google and its subcontractors are not responsible for any of the following in relation to GDCE Services: (i) data backup, including any redundancy or high-availability configuration; or (ii) business continuity and disaster recovery policies or procedures.
l. Return of Equipment. Upon termination or expiration of the Term, Customer will: (i) immediately stop using the Equipment; and (ii) cooperate with Google (or Google’s designated subcontractor) in any necessary wind-down activities, including making a named Customer representative available at Customer Location and, if applicable, making the Equipment available in its original condition (reasonable wear and tear excepted) for Google’s designated courier to collect within thirty (30) days of the effective date of termination or expiration (“Return Date”). If Customer fails to abide by the preceding sentence, Google will have the right to: (A) charge Customer and Customer will pay the fair market value of the Equipment; or (B) recover and take possession of such Equipment, and for this purpose may, upon at least 30 days’ written notice, enter the Customer Location during normal working hours to remove the Equipment.
m. Survival. The following subsections of these GDCE Service Specific Terms will survive expiration or termination of the Agreement: (k) Disclaimer; (l) Return of Equipment, (m) Survival; and (p) Definitions.
n. Ordering. Except for GDCE proofs of concept and trials, Customer must order GDCE Services via an order form mutually executed by Customer and Google.
o. GDCE Proof of Concepts. GDCE proof of concepts and trials are "Pre-GA Offerings" subject to the Pre-GA Offerings Terms in the General Services Terms of these Service Specific Terms and may not be used in connection with production workloads.
p. Definitions.
“GDCE Services” means the Services described under the “Google Distributed Cloud Edge” section at https://cloud.google.com/terms/services.
“GDCE Installation Requirements” means the terms set forth at: https://cloud.google.com/distributed-cloud-edge/docs/requirements.
“Google” as used in this section also includes Google Affiliates.
Additional Definitions
“Cloud Locations Page” means https://cloud.google.com/about/locations.
“Documentation” means the then-current Google documentation made able by Google to its customers for use with the Services at https://cloud.google.com/docs/.
“Multi-Region” means a defined set of Regions.
“Organization” and “Folder” have the meanings described at https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy.
“Region” means a region from which a particular Service is offered, as identified at the Cloud Locations Page.
Third-Party Terms
1. Disclaimer. Google’s suppliers will have no liability arising out of or relating to the Agreement.
2. Red Hat Enterprise Linux.
Customer’s use of the Red Hat Enterprise Linux product, provided by Google in conjunction with Compute Engine, is subject to the terms and conditions stated at https://www.redhat.com/licenses/cloud_cssa/.
3. Microsoft Products.
Customer’s use of the Microsoft products, which may include associated media, printed materials, and “online” or electronic documentation (individually and collectively, “Microsoft Products”), provided by Google in conjunction with Compute Engine is subject to the terms and conditions stated at https://cloud.google.com/terms/service-terms/microsoft.
4. NVIDIA Drivers.
Customer’s use of NVIDIA software components provided by Google in conjunction with the Services is subject to the terms and conditions stated at https://cloud.google.com/terms/service-terms/nvidia. In addition, the following NVIDIA software components may be used solely with the Services for compute and offline graphics purposes: GRID, Tesla Driver, Cuda Toolkit, cuDNN, TensorRT, NVENC, NVCUVID, NVML, and nvidia-aml.
Pricing and Billing Terms
1. Committed Units.
a. Selection and Commitment. Customer may have an option to request Committed Units via the Services (for example, in the Admin Console or through a Google API) or in an Order Form. If Google accepts the request, then notwithstanding the payment terms in the Agreement, Customer will pay the Fees for those Committed Units during the Committed Unit Term selected by Customer, whether or not they are used, as stated at the Fees URL for the applicable SKU.
b. Renewal. Unless otherwise stated in the Admin Console or other documentation, at the end of each Committed Unit Term, the Committed Unit selection will automatically renew for the same Committed Unit Term at the same quantity throughout the Term until Customer selects in the Admin Console to stop renewing or either party notifies the other party in writing to cancel the renewal.
c. Cancellation and Expiration. Committed Unit purchases may not be cancelled or refunded after they are placed, but if Google serves notice to non-renew the Agreement, terminates the Agreement (other than for Customer's material breach), or discontinues providing the Services applicable to the Committed Units, Google will refund Customer any unused prepaid Fees following the expiration or termination of the Agreement, or discontinuance of the relevant Services, as applicable. Any use of the Services after cancellation or expiration of the Committed Units will be billed at standard Fee rates.
d. No Resell or Transfer. Unless Google agrees otherwise, Customer may not resell or transfer Committed Units.
2. Subscription Offerings.
a. Subscription SKUs. Certain SKUs may be offered on a subscription basis (each, a “Subscription Offering”). Each Subscription Offering may be a single Service or Software item, or a package of two or more Services or Software items. The details of each Subscription Offering (“Subscription Details”) will be stated (i) at the Fees URL or elsewhere in the Services, the Admin Console, or Documentation, or (ii) in an Order Form or other written agreement between Google and Customer. The Subscription Details will include the duration of the subscription (“Subscription Term”), the amount of permitted usage of the applicable Subscription Offering during the Subscription Term (e.g., usage per month) (“Subscription Usage”), minimum Subscription Usage (if applicable), and the applicable pricing. If the Subscription Offering is a package of two or more Services or Software items, the Subscription Details may also list the different components packaged into the Subscription Offering. Customer may request to purchase a Subscription Offering via the Services (for example, in the Admin Console or through a Google API) or in an Order Form or other written agreement between Google and Customer, as applicable. If Google accepts Customer's request to purchase a Subscription Offering, then notwithstanding the invoicing and payment terms in the Agreement, Google will invoice or charge Customer for the Subscription Offering, and Customer will pay Google, during the Subscription Term (including during any renewal Subscription Term) as specified in the Subscription Details. Further, unless otherwise specified in the applicable Subscription Details, Google reserves the right to issue additional invoices or charges to Customer in arrears if Customer's usage of a Subscription Offering exceeds the Subscription Usage, with the pricing listed at the Fees URL applying to that excess usage, unless otherwise agreed by the parties.
b. Renewal. Unless (i) otherwise specified in the Subscription Details, or (ii) either party provides the other party with notice of non-renewal at least 30 days before the end of the then-current Subscription Term, at the end of each Subscription Term, Customer's access to the Subscription Offering will automatically renew, with the renewal Subscription Term duration and Subscription Usage as described in the Subscription Details.
c. Cancellation. Unless otherwise specified in the Subscription Details, Customer may not terminate a Subscription Offering before the end of the Subscription Term. If a particular Subscription Offering is indicated as terminable in the Subscription Details, then Customer may terminate the Subscription Offering before the expiration of the Subscription Term, and Google may charge a termination fee (“Termination Fee”), as specified in the Subscription Details. Further, Customer may be required to give extended notice before termination of any Subscription Offering, as specified in the Subscription Details. Notwithstanding any term to the contrary in the Agreement, (i) if Customer has entered into a Google Cloud Platform Order Form under the Agreement for the purchase of Services on an on-demand basis, then the Subscription Term will also terminate immediately upon termination of such Google Cloud Platform Order Form (and Customer will be charged the Termination Fee, if applicable), and (ii) upon termination of the Subscription Term, Customer may continue to use Google Cloud Platform, and pricing for the Service(s) or Software that are part of the Subscription Offering will be as stated at the Fees URL or as otherwise agreed by the parties (if available on a non-subscription basis).
3. Additional Definitions.
“Committed Units” means (i) a specified quantity of the Services (e.g., App Engine virtual machine instance hours, Compute Engine virtual machine instances or cores, BigQuery slots, etc.) designated by Customer, which may include a specified machine type, region, zone, query capacity, and period of time to use; or (ii) a specified amount of credits to be purchased for expenditure on one or more specified Services during a specified time period.
“Committed Unit Term” means the period of time within the Term during which Customer is obligated to pay for the Committed Units.
“Documentation” means the then-current Google documentation made available by Google to its customers for use with the Services at https://cloud.google.com/docs.
“Fees URL” means https://cloud.google.com/skus.
“Order Form” means an order form executed by Customer and Google or an order placed by Customer via a Google website, in either case specifying the Services Google will provide to Customer.