The following terms apply only to the Service(s)
indicated in the Section title.
1. App Engine - Data
Location. Customer may configure App
Engine to store Customer Data in the United States or
European Union, and Google will store that Customer Data
at rest only in that location. The Service does not limit
the locations from which Customer or Customer End Users
may access Customer Data or to which they may move
Customer Data. For clarity, Customer Data does not include
resource identifiers, attributes, or other data labels.
2. Google Cloud
VMware Engine (GCVE)
a. Customer Security
Obligations. Google may not have access to
Customer's VMware environment or be able to encrypt
personal data in Customer's VMware environment.
VMware Cloud Universal Program (“VMware Universal”).
VMware, Inc. (“VMware”) and VMware partners sell
credits through VMware Universal that may be applied
towards GCVE in accordance with Customer’s agreement with
VMware. Customer’s purchase and use of GCVE through VMware
Universal is subject to the Agreement and the following
(i) The Agreement’s payment
terms will not apply, and all fees will be payable to
VMware and determined solely between VMware and Customer.
Data Sharing with VMware.
A. Google may share
with VMware information regarding Customer’s use of GCVE
and Google Cloud Platform.
that, to the extent Customer provides any data to VMware
in connection with GCVE, VMware may share such data with
Google to the extent reasonably required to provide GCVE
(including technical support) and administer VMware
C. If Customer brings a
claim under the Agreement related to GCVE, Customer
acknowledges that VMware may disclose to Google the fees
or other amounts paid or payable by Customer to VMware for
GCVE, and any other terms of the agreement between
Customer and VMware regarding GCVE or either party’s
performance under that agreement.
Customer will seek any applicable SLA credits and monetary
remedies described in the Agreement from VMware (and will
not do so from Google).
(iv) Support. Google
will provide technical support to Customer in accordance
with the Agreement. Support fees for GCVE may be charged
by VMware to Customer.
Financial Commitments. If Customer has made
financial commitments in an Order Form or addendum to the
Agreement, then Google may apply Customer's GCVE
consumption (at a rate determined by Google), or a portion
of the applicable fees Google receives from VMware, to
a. ODBC/JDBC Drivers. The ODBC and JDBC drivers for
are “Software” as defined in the Agreement and their use
is subject to the “General Software Terms.” These drivers
may only be used with BigQuery.
b. Analytics Hub
Analytics Hub helps BigQuery customers publish and share
sets of Customer Data (“Datasets”) with other BigQuery
customers as subscribers. Datasets are organized into
shared repositories (“Exchanges”) with each Dataset’s
listings including additional listing information
(“Listing Materials”) managed by the administrator of that
Exchange (“Exchange Administrator”).
(ii) Exchange Administrators. When acting as an
Exchange Administrator: (A) Customer Listing Materials are
considered Customer Data and (B) Customer is responsible
for any Datasets listed in its Exchange, including
handling takedown requests and securing necessary rights
Google is not responsible for and will have no liability
for (A) any terms or relationships between Customer and
any third party or (B) any Datasets.
4. Looker Studio.
This Agreement only applies
to Looker Studio if Customer has selected it to govern in
the Admin Console.
Google Earth Engine.
a. Non-Commercial Use. Use of the free,
non-commercial / research activities edition of Google
Earth Engine is subject to the terms at
or a successor URL, which may be updated by Google
b. Incorporation into Applications. Customer
may not allow End Users of Customer’s Applications to
directly access or interact with the Google Earth Engine
APIs unless those End Users have their own Google Cloud
Platform Accounts and have access to Google Earth Engine
from those Accounts.
6. Compute Engine.
Future Reservations. Customer may request a future
reservation, as described at
(or a successor URL), by following the instructions at
that URL. Google will determine in its sole discretion
whether to approve each future reservation request, and
approval will not be unreasonably withheld or delayed.
Reserved VMs may not be transferred or shared amongst
multiple customers by Customer (if the Customer is a
reseller or supplier of Google Cloud Platform).
7. Cloud Interconnect
- Partner Interconnect. Customer will
independently engage a network service provider who has
agreed with Google to supply connectivity between Customer
and Google under Google’s partner terms for Partner
Interconnect. Google is not responsible for any issues
arising outside of Google’s network.
8. Cloud Intrusion
Detection System (Cloud IDS). Notwithstanding
anything to the contrary in the “Benchmarking” section of
the General Service Terms of these Service Specific Terms,
Customer will not, and will not allow End Users to,
disclose, publish, or otherwise make publicly-available
any benchmark, or performance or comparison tests that are
run on Cloud IDS and that are conducted by Customer or an
End User (or a third party authorized by Customer or an
Connectivity Center (NCC). Notwithstanding any
telecommunications restrictions in the Agreement, Customer
may use NCC for telecommunications connectivity in only
Australia, India, Japan, the United Kingdom, and the
Spectrum Access System
a. Governing Agreement. This Section 9
(Spectrum Access System) only applies to Customers
procuring SAS under the terms of this Agreement.
Additional Customer Obligations. Customer is solely
responsible for (i) the installation, operation,
maintenance, and repair of Registered CBSDs; (ii)
staffing, instructing, and managing personnel performing
the installation, operation, maintenance, and repair of
Registered CBSDs; (iii) ensuring that such personnel are
certified by WInnForum to the extent required by
applicable law; and (iv) procuring and maintaining
connectivity with Spectrum Access System to enable the
ordering and registration of CBSDs and the use of
Registered CBSDs. For clarity, Section 2(b) (Operations of
Communications Services) in the General Services Terms of
these Service Specific Terms does not prohibit Customer
from using Spectrum Access System in compliance with this
Section 9 (Spectrum Access System).
c. Applicable Law.
Spectrum Access System is subject to Federal
Communications Commission (“FCC”) regulations. Each party
will comply with the rules and implementing orders of the
FCC (including 47 C.F.R. Part 96), the Department of
Defense, and the National Telecommunications and
Information Administration, along with the duly adopted
Release 1 standards of WInnForum, to the extent applicable
to that party’s provision, receipt, or use of Spectrum
d. No Personal Data.
Except for any Customer Account Information that may
include personal data, Customer will not provide any CBSD
Endpoint User Information or other regulated data to
Google through Customer’s use of Spectrum Access System.
“CBSD” means a device
with a radio access point that is certified by the FCC to
operate in the Citizens Broadband Radio Services
“CBSD Registration Information” means data relating
to the location, identification, operating parameters, and
other aspects of Registered CBSDs.
“CBSD Reporting Data”
means the anonymized or aggregated data and metadata
Google receives from the Registered CBSDs during
Customer’s use of Spectrum Access System.
“CBSD Endpoint” means
a device that may establish wireless connectivity with the
authorization of a Registered CBSD.
“CBSD Endpoint User”
means an individual that uses any CBSD Endpoint.
“CBSD Endpoint User Information” means any
information, data, or content relating to a CBSD Endpoint
User, including (i) billing and usage information,
passwords, and PINs; (ii) transmitted or received
content information; (iii) authentication
information and any other demographic information; and
(iv) other information in connection with use by a
CBSD Endpoint User of a CBSD Endpoint on any Registered
CBSD or network of Registered CBSDs (excluding any
information that may qualify as CBSD Registration
Information or CBSD Reporting Data).
“Customer Account Information” means information
provided by Customer in connection with the registration
of CBSDs, which consist of (i) contact and account
information for Customer; (ii) identification
information for all Registered CBSDs registered to
Customer, as prescribed by WInnForum standards;
(iii) identifying information for all groups of CBSDs
for Customer; and (iv) information relating to
Customer’s priority access licenses (as applicable),
including identification numbers, boundary information,
protection area, CBSD cluster lists, grouping information,
and any leases of such priority access licenses.
means a CBSD that is registered with Google and operated
by Customer via Spectrum Access System.
“WInnForum” means the
Wireless Innovation Forum or any successor organization.
11. Assured Open Source Software (AOSS). TSS is not
available for free tiers of AOSS.
12. Looker (Google Cloud core). If
Google’s measurement tools are unable to confirm
Customer’s usage of the Services, then (a) within 30 days
of Google’s request, Customer will provide a
sufficiently-detailed written report describing usage of
the Looker (Google Cloud core) Service by Customer and End
Users during the requested period, and (b) Customer will
provide reasonable assistance and access to information to
verify the accuracy of Customer’s usage report(s).
AI / ML Services
13. Intellectual Property Terms for AI/ML Services
a. Customer Models.
As between Customer and Google and in connection with use
of an AI/ML Service (as described at
Google does not assert any ownership rights in (i) any
model that Customer creates without using a Google
Pre-Trained Model, (ii) any model owned by Customer or a
third party that Customer uploads, fine tunes, or deploys,
or (iii) any adapter model created by Customer using its
Customer Data with an AI/ML Service, provided that the
adapter model does not contain any pre-existing Google
intellectual property. A “Google Pre-Trained Model” is a
model trained by Google and not released under an open
b. Google Models.
Customer will have sole (to the exclusion of Google and
other third parties) access to use any uptrained
model that Customer builds by using an AI/ML Service to
retrain or tune a Google Pre-Trained Model using Customer
Data (as retrained or tuned, a “Fine-Tuned Model”). Google
owns all Intellectual Property Rights in Google
Pre-Trained Models and Fine-Tuned Models. Where permitted
by the AI/ML Service, any exported Fine-Tuned Model is
licensed as Software.
AI/ML Data Location. Customer may configure the
Services listed at
to (a) store Customer Data at rest and (b) perform machine
learning processing of Customer Data by the Service, in
each case in a specific Multi-Region, and Google will
perform (a) and (b) only in that Multi-Region. For
clarity, Customer Data does not include resource
identifiers, attributes, or other data labels.
Use Restrictions for AI/ML Services. Customer will
not, and will not allow End Users to, use an AI/ML Service
to: (a) develop models that compete with the specific
Service being used by Customer, or (b) reverse engineer or
extract components of any Service, Software, or their
models. Google may immediately suspend or terminate
Customer's use of any AI/ML Service based on any suspected
violation of the preceding sentence. The restriction in
subsection (a) of this Section does not apply to Vertex AI
Platform so long as Customer does not use a Google
Training Restriction. Google will not use Customer
Data to train or fine-tune any AI/ML models without
Customer's prior permission or instruction.
17. Generative AI
Definition. “Generated Output” means the
data or content generated by a Generative AI Service
prompted by Customer Data. Generated Output is Customer
Data. As between Customer and Google, Google does not
assert any ownership rights in the Generated Output,
provided that the Generated Output does not contain any
pre-existing Google intellectual property.
Generative AI Services (as described at
use emerging technology, may provide inaccurate or
offensive Generated Output, and are not designed for or
intended to meet Customer’s regulatory, legal, or other
obligations. Customer acknowledges that a Generative AI
Service may, in some scenarios, produce the same or
similar Generated Output for multiple
c. Prohibited Use
Policy. For the purposes of Generative AI Services,
the Prohibited Use Policy located at
as may be updated from time to time, are incorporated into
the AUP. (If Customer has questions on whether this policy
applies to Customer’s business, contact your Google Cloud
Sales Representative or Google Cloud Partner).
d. Use Restrictions for
Generative AI Services. Customer will not, and will
not allow End Users to, use Generated Output to: (i)
develop models that compete with any Service or Software,
or (ii) reverse engineer any Service, Software, or their
models (or extract any components of the foregoing).
e. Age Restrictions.
Customer will not, and will not allow End Users to, use a
Generative AI Service as part of a website, Customer
Application, or other online service that is directed
towards or is likely to be accessed by individuals under
the age of 18.
Restrictions. Customer will not, and will not allow
End Users to, use the Generative AI Services for clinical
purposes (for clarity, non-clinical research, scheduling,
or other administrative tasks is not restricted), to
provide medical advice, or in any manner that is overseen
by or requires clearance or approval from any applicable
Violations. Google may immediately suspend or
terminate Customer's use of a Generative AI Service based
on any suspected violation of subsections (d) or (e)
h. Restrictions. The
restrictions contained in subsections (e) and (f) above
are deemed to be “Restrictions” or “Use Restrictions”
under the applicable Agreement.
i. Prompt Handling.
With respect to Customer Data prompted to a Generative AI
Service, absent Customer’s prior permission or
instruction, Google will not store such prompts longer
than is reasonably necessary for the Generative AI Service
to provide the Generated Output.
Vertex AI Search. With respect to this
Service, Customer may use only Customer Data and web
domains that it owns or is authorized to utilize.
Celebrity Recognition. Customer will use celebrity
recognition functionality in Cloud Vision and Video
Intelligence API on celebrities, only with
professionally-filmed media content that Customer owns or
is authorized to use, and not for any surveillance-based
20. CCAI Platform
a. No Access to
Emergency Services. CCAI Platform does not
function as a telephonic or other communication service.
The Service cannot send or receive emergency calls or
texts, and will not be used for emergency services.
b. Bring Your Own Carrier
(“BYOC”). In the BYOC model, Customer is
responsible for obtaining telephony services from a third
party and for all associated costs. Customer and its
telephony provider are solely responsible for compliance
with any regulatory and licensing requirements for such
Cloud Translation API. Customer will comply with
the HTML Markup Requirements found at
and the attribution requirements found at
Speech on Device. Customer’s license to this
Premium Software is limited to using Speech on Device
(SOD) locally on each designated device upon which it is
activated. Only Customers who subscribe to TSS are
eligible to receive updates to SOD. Upon termination or
expiration of Customer’s Order Form for SOD, Customer will
permanently delete all SOD models (except those models on
already-activated devices) and may not use SOD to perform
any additional activations or distribute any more devices.
Visual Inspection AI. Customer may only download
from Visual Inspection AI containerized Solution Artifacts
(as described in the Documentation and licensed as
Software) for the duration and number of cameras
designated when downloaded by Customer in the Admin
24. Retail Search. If
Customer provides results for any query in a different
order than the ranked order returned by Retail Search
(“Alternative Ranking”), then (a) Google will not provide
any support (including TSS) in relation to this
Alternative Ranking and (b) Customer forfeits any rights
granted by Google to use Google Brand Features in
connection with Retail Search.
Telecom Subscriber Insights.
a. Updates. If Google
makes available to Customer an update to the Telecom
Subscriber Insights Software and Customer does not
download the update within 30 days of notification of its
availability, Google will automatically push the update to
Customer’s Project(s) that use Telecom Subscriber
b. Additional Restrictions. Customer will not
(either directly or via third parties) (i) use Telecom
Subscriber Insights or any of its components to create,
train, or improve (directly or indirectly) any similar or
competing system, product or service; or (ii) use output
data from Telecom Subscriber Insights for the purpose of
creating, training, or improving (directly or indirectly)
any similar or competing system, product or service.
Anti Money Laundering AI. The Service may only be
used for Customer’s (or its own customers’) detection of
money-laundering activities as part of an anti money
laundering (AML) compliance program. Customer will comply
with the service limits defined in the Documentation and
ensure that Service outputs are subject to human
oversight, investigation, and evaluation by trained AML
compliance personnel. Google may suspend or terminate
Customer’s use of the Service based on any suspected
violation of the foregoing obligations.
27. Bare Metal Solution
a. Liability. Notwithstanding anything to the contrary in the Agreement (except subject to any unlimited liabilities expressly stated in the Agreement), to the maximum extent permitted by law, each party’s total aggregate Liability for damages arising out of or relating to Bare Metal Solution is limited to the greater of (i) the Fees Customer paid for Bare Metal Solution during the 12 month period before the event giving rise to liability and (ii) $25,000. This Section will survive expiration or termination of the Agreement.
b. Bare Metal Solution Proof of Concepts. Customer
may not use Bare Metal Solution proof of concepts and
trials in connection with any production workloads.
Transfer Appliance Service.
a. Trade Compliance.
In case of cross-border shipments of Appliance Materials,
Customer may be responsible for export clearance, Google
may designate a carrier to act as Customer's agent with
the relevant customs and tax authorities to import or
export the Appliance Materials, and Customer will
cooperate with Google and its carrier, including providing
export classification information and acting as the
importer or exporter of record. Customer will not ship
Appliance Materials except as directed in writing.
b. Responsibility for Appliance Materials. While
Appliance Materials are in its control, Customer is
responsible for any loss or damage and will use
appropriate security measures to protect them.
c. Sole Remedy. Customer's sole remedy in
connection with any unsuccessful attempt to complete the
Transfer Appliance Service is for Google to use reasonable
efforts to re-perform the Transfer Appliance Service.
The Service Specific Terms
for the Transfer Appliance Service are also applicable to
Google Distributed Cloud Edge Appliance Service excluding
the “Sole Remedy” subsection above.
means the materials provided by Google or its
Subprocessors in connection with the Transfer Appliance
Service or the Google Distributed Cloud Edge Appliance
Service, as applicable, including hardware and software.
Security and Identity
a. General. Google
will provide TSS for Assured Workloads in accordance with
such Customer-selected controls. It is Customer's
responsibility to determine whether Customer-selected
Admin Console controls are adequate for Customer’s
purposes. Google’s data location commitments under General
Service Terms Section 1 (Data Location) apply to Assured
Workloads. In addition, Assured Workloads provides
Customers the ability to prevent Google persons located
outside the Customer-selected Region from accessing
Customer Data in an Assured Workloads environment.
b. Assured Workloads. Notwithstanding any
restriction on the access or use of the Services for
materials or activities subject to ITAR in the Agreement,
Customer may access or use the Services with software or
technical data subject to ITAR if Customer uses Assured
Workloads Services explicitly identified in the
Documentation as being compatible with ITAR requirements.
Federal Risk and Authorization Management Program (FedRAMP) and Department of Defense Cloud Security Requirements Guide (DoD SRG).
Certain Google Services have received FedRAMP or DoD SRG
Authority to Operate (“ATO”) for defined Services. FedRAMP
ATO Services are currently described at
and DoD SRG ATO Services are currently described at
Customers are responsible for complying with the relevant
FedRAMP and SRG requirements when using the Services,
including the requirements in the Customer Responsibility
Matrix (“CRM”). The CRM is a part of the Google Services
System Security Plan maintained by the FedRAMP Program
Management Office, and is available to government
customers upon request. Customer may not use any Services
to store or process classified information data.
Approval. Use of Access Approval may increase
response times for TSS, and Customer will be responsible
for any disruption or loss as a result of Customer denying
or delaying approval via Access Approval. The SLAs do not
apply to any Service disruption impacted by Customer’s use
of Access Approval.
Security Command Center.
a. Data Processing. In
order to protect your assets against new and evolving
threats, Security Command Center analyzes data related to
misconfigured assets, indicators of compromise in logs,
and attack vectors. This activity may include processing
to improve service models, identifying recommendations to
harden customer environments, collecting metrics to
evaluate the effectiveness and quality of services, and
conducting experiments to optimize the user experience.
Cryptomining Protection Program. Customer’s use of
Security Command Center Premium is subject to the terms of
Security Command Center Cryptomining Protection Program
(“Cryptomining Protection Program”). Google reserves the
right to update or discontinue the Cryptomining Protection
Program upon 30 days notice.
32. Cloud Identity
Services. The following terms apply only
to the Cloud Identity Services provided under this
a. Use of Google
Workspace Components. Customer’s use of the Google
Workspace Components is subject to any applicable
provisions of the then-current Google Workspace Service
Specific Terms at
which provisions are incorporated by reference into this
Products. Google makes optional Additional Products
available to Customer and Customer End Users through the
Cloud Identity Services. Customer’s use of Additional
Products is subject to the Additional Product Terms.
agreement. Customer’s use of Cloud Identity
Services under the Account, will be governed by: (i)
Customer's Google Workspace agreement; (ii) this
Agreement; or (iii) the terms at
if and as applicable, depending on which is in effect.
This Section will survive expiry or termination of this
Products” means products, services and applications
that are not part of the Services but that may be
accessible for use in conjunction with the Services.
Terms” means the then-current terms at
Components” has the meaning given in the
then-current services summary for Cloud Identity Services
means the then-current services described at
Authentication and Identity Platform.
Authentication. Google temporarily stores phone
numbers provided for authentication to improve spam and
abuse prevention across Google services. Phone numbers are
not logically isolated for a given customer's end users.
Customer should obtain appropriate end-user consent before
using the Firebase Authentication or Identity Platform
phone number sign-in service.
b. Other Authentication
Services. Use of Google Sign-In for authentication
to Google’s API Services: User Data Policy.
Google is not responsible for any third-party sign-in
service used with Firebase Authentication or Identity
c. reCAPTCHA Notice
Requirement. Customer agrees to explicitly inform
Customer End Users of phone authentication features that
their use of reCAPTCHA is subject to the
For users in the European Union, you and your
Application(s) must comply with
the EU User Consent Policy.
Google collects hardware and software information, such as
device and application data, through reCAPTCHA only as
necessary to provide, maintain, and improve the Service,
and for general security purposes. Such information will
not be used for any other purpose, such as personalized
advertising by Google.
Google collects hardware and software information, such as
device and application data, through reCAPTCHA Enterprise
only as necessary to provide, maintain, and improve the
Service, and for general security purposes. Such
information will not be used for any other purpose, such
as personalized advertising by Google.
b. Terms. Customer
will inform applicable Customer’s End Users that Customer
has implemented reCAPTCHA Enterprise on its properties and
that Customer’s End Users' use of reCAPTCHA Enterprise is
subject to the
c. Use. reCAPTCHA
Enterprise may only be used to fight fraud and abuse on
Customer's properties, and not for any other purposes,
such as determining credit worthiness, employment
eligibility, financial status, or insurability of a user.
accurately describes to applicable Customer End Users what
user information Customer collects and how Customer uses
and shares such information with Google and third parties.
Customer will be responsible for providing any necessary
notices or consents for the collection and sharing of this
data with Google. Customer and its API client(s) will
comply with the
EU User Consent Policy.
Customer may display a warning about unsafe web resources
for a particular site based on verification against
Google’s list of unsafe sites provided that (i) the
applicable Customer Application has received from Google
an updated list (via the applicable API method) before the
expiration time provided by the applicable API response or
within 30 minutes if no expiration time is specified; and
(ii) Customer provides attribution and conspicuous notice
that the reliability and accuracy of the protection cannot
be guaranteed using language similar to the “Advisory
Notice” subsection below.
b. Advisory Notice.
Google works to provide the most accurate and up-to-date
information about unsafe web resources, but cannot
guarantee that its information is comprehensive and
error-free: some risky sites may not be identified, and
some safe sites may be identified in error.
Evaluate and Submission APIs. Google uses URLs and
associated data submitted through the Evaluate API or
Submission API (“Submitted URLs”) and corresponding
maliciousness scores to provide, maintain, protect and
improve Google's products and services, including Google's
list of unsafe web resources. Google may also share
Submitted URLs with third parties, including other Google
customers and users. Submitted URLs are not Customer
Confidential Information or Customer Data.
a. Chrome Browser Cloud
Management. In order to use
BeyondCorp Enterprise Threat and Data Protection Services,
Customer acknowledges and agrees that Customer must enable
"Chrome Enterprise Connectors" in the Chrome Browser Cloud
Management section of the Admin Console.
b. Threats. When
BeyondCorp Enterprise checks for malware, unsafe web
pages, or other unsafe files (“Threats”), the URL or a
file hash and the result of the analysis are temporarily
stored in a Google global cache for performance-related
purposes. Customer acknowledges and agrees that Customer
URLs and file hashes that BeyondCorp Enterprise identifies
as Threats are not Customer Confidential Information or
Customer Data and Google may use such URLs and file hashes
to provide, maintain, protect and improve Google's
products and services, including Google's lists of
c. BCE app connector.
Customer agrees to install Software for BCE app connector
in Customer’s private data center or other non-Google
cloud environments in accordance with the minimum
specifications described in the Documentation. Customer
authorizes Google to connect and maintain the Software in
order to provide connectivity for the applications
accessed by Customer via BCE app connector.
BCE client connector. Customer agrees to install
Software for BCE client connection on Customer's endpoint
devices. Customer authorizes Google to connect and
maintain the Software in order to provide connectivity for
the applications accessed by Customer via BCE client
Manager. Customer authorizes Google Cloud
to apply for and obtain publicly trusted SSL/TLS
certificates from third-party or Google-managed
certificate authorities for domains operated and
controlled by Customer (“Customer Domains”) pursuant to
the CA/Browser Forum Baseline Requirements or any
applicable successor requirements (“Requirements”).
Customer represents and warrants that it operates and
controls the Customer Domains and will revoke the
authorization from Google when Customer ceases to operate
and control a Customer Domain. Google may revoke a
certificate as required by the Requirements or for failure
to comply with the AUP.
Google Distributed Cloud
38. Google Distributed Cloud Edge. If you purchased
Google Distributed Cloud Edge prior to August 15, 2023,
the terms available at
Sovereign Controls by Partners
39. Sovereign Controls by Partners.
a. Customer Responsibilities. The Sovereign
Controls by Partners solution applies only to the
Supported Google Cloud Services listed at
(“Supported Google Cloud Services”). The Party using the
Sovereign Controls Partners solution, whether Customer or
a customer of the Sovereign Controls Partner or other
Reseller or Partner , is responsible for: (i) receiving
the Sovereign Controls Partners services, including
external key management services (“EKM”), from the
Sovereign Controls Partners listed at
and (ii) maintaining separate terms directly with the
Sovereign Controls Partner governing the use of those
Sovereign Controls Partners services.
b. Partner Access. To
the extent applicable, Customer authorizes (and will
ensure, if applicable, it has all relevant approvals to
allow) Google to share, with the relevant Sovereign
Controls Partner, Customer's contact information,
metadata, log data, billing information, and configuration
data from the Services used in the environment applicable
to the Sovereign Controls by Partners solution, or that of
Customer’s applicable end customer. Google is not
responsible for a Sovereign Controls Partner’s handling of
Key Access Justifications. Google will transmit an
accurate justification to the EKM for each request to
obtain key access to decrypt Customer Data for supported,
generally-available Services, pursuant to terms agreed
between the Sovereign Controls Partner and Google (if
applicable). Once the EKM receives a justification, they
are responsible for determining whether to grant Google
the requested key access. Google is not responsible if the
operation or functionality of the Services is impacted
because Google cannot obtain a key access needed for such
operation or functionality.
Security Controls. Data location controls made
available by Google for the Sovereign Controls solution
will be the same as the controls Google makes available
for Assured Workloads, as described in the Assured
Workloads Service Specific Terms.