Privacy Policy for Sign In With Google Button

If your website or mobile app allows users to log in or create an account by using their Google accounts, there are a few things you'll need to do.

Google has specific requirements when it comes to implementing a Google sign-in button.

This article will look at what Google requires, and show you examples of how you can comply when you add a Google Sign-In button to your site or app.

Requirements from Google

Logo of Google

Google's EU User Consent Policy

Google's policies also require you to comply with the "EU User Consent" Policy if the Google sign in button is used.

Screenshot from Google

Padlet obtains consent by requiring users to click Allow to show they consent.

Padlet and their Google permissions: You agree to, click Allow

Examples

Here are a few additional examples of websites and mobile apps that are using the Google Sign In feature and how they're doing it.

Logo of Slides

Users are informed that Slides will collect an email address and basic profile info when they click to log in with Google. A user must click Allow to complete the login-with-Google process:

Slides and Google Permissions: You must click Allow

Logo of Khan Academy

Khan Academy places the Google Sign-In button at the top of its login page.

Its Privacy Policy is placed underneath the log-in section with a statement that says, "By logging in, you agree to our Terms of Service and Privacy Policy.":

Khan Academy Login Page with Login with Google and links to its Privacy Policy

Khan Academy's Privacy Policy includes a section titled How we collect and use data that includes a sub-section for Information from Integrated Services like Facebook or Google.

This sub-section lets users know that if a user registers through one of these services (Facebook or Google), Khan may collect personal information that the user had already given to the other service:

Khan Academy Privacy Policy: Information from Facebook and Google

Logo of Basecamp

Basecamp uses a colorful Google button for signing up through a Google account.

Screenshot of Login page from Basecamp

Basecamp's information on its legal agreements is listed and linked at the bottom of the page in the website footer:

Basecamp footer on its website: The link to its policies

Clicking on the link takes users to a list of policies, terms and other legal stuff. The Privacy Policy of Basecamp is in this list.

Basecamp List of Policies: The Privacy Policy is here

Basecamp's Privacy Policy doesn't specifically mention Google Sign-in functionality but says that when a user signs up for Basecamp, a name, company name and email address will be asked for.

While a user can assume that this is the information that Basecamp collects from the user's Google account, Basecamp would benefit from being more specific and mentioning the Google sign-in functionality, and so would your website or mobile app policy.

Basecamp Identity and Access clause

If a user is signing-up for an account, Basecamp informs the user that certain information will be collected through Google, including who the user is on Google, an email address, and basic profile info:

Basecamp and Google Permissions dialog window

Logo of Wave

Wave doesn't provide a Privacy Policy link on its sign in page where the "Sign In with Google" button is located:

Screenshot of Wave Sign-in page

However, on its sign-up page where users can first register for a Wave account, the Privacy Policy page is linked and users are informed that by signing up, consent to its Terms of Use and its Privacy Policy.

This ensures that a user, at least, has access to Wave's Privacy Policy the first time the accesses Wave.

Wave Sign-up page: Highlight the Read and Agree to Legal Pages

Towards the end of its Privacy Policy, there's a section titled "Additional Features" where third-party logins, such as through Google, is mentioned. The statement informs users that logging in via Google and Yahoo is available, and a basic overview of how this feature works is provided:

Wave Privacy Policy: You can login via SSO Services, such as Google or YahoO!

A few paragraphs down in its agreement, Wave lets users know that some functionality of the website is highly dependent upon APIs from third parties, such as Google, and that personal information may be collected from these third parties to the extent that the user authorizes Wave to collect that information.

Wave Privacy Policy: Its dependent upon API Authorization

Logo of Full Contact

Full Contact gives users the option to create an account directly, or sign up with Google. The Privacy Policy is linked slightly below this section.

Screenshot of Sign-up Page of Full Contact

In its Privacy Policy, the only mention of personal data collected while creating an account is in the Information You Provide to Us section that states:

"We may collect Personal Data from you, such as your first and last name, gender, e-mail and mailing address, professional title, company name and password when you create an account."

There's no direct mention of taking this information from Google.

Full Contact Privacy Policy: Information you provide to us

Logo of PowToon

PowToon places the Google sign-in button first in a list of three across the top of the login page:

Powtoon: Screenshot of Log in page

Similarly to Wave, the Privacy Policy of PowToon isn't listed on this page. However, it's also not listed on the Sign up page. The Terms of Use page is linked here, but no Privacy Policy.

Screenshot of PowToon Sign-up Page: I hereby agree to Terms of Use

While the PowToon's Privacy Policy is mentioned in the Terms of Use, it's not linked to that agreement.

I had to do a web search to find the actual PowToon's Privacy Policy. The only mention within the Privacy Policy of information collected during sign-up is in the very first sentence that says:

"When buying a PowToon subscription or signing up for a free account, we request information such as your name, email address, home address, credit card information (should you purchase an account) and profession. Of course, you may also visit our site anonymously."

It looks like this:

Screenshot from PowToon Privacy Policy

This Privacy Policy should - at minimum - be made available to users on the sign-up page, which has not been done here.

Logo of Dailymotion

Dailymotion's sign-in page has an option where users can choose whether they want to create a Dailymotion account, or if they already have an account. Both of these options provide the ability to sign in with Google.

Screenshot of Dailymotion sign-in page

The Privacy Policy of DailyMotion can be found in the footer of the website under the "Legal" category.

Dailymotion website footer

Dailymotion mentions personal information collected during registration for an account in its Data Collected section which states:

"We collect and subsequently process the Data that you voluntarily provide on the registration form on the Website including your user ID, a valid email address, and your date of birth."

There's no mention of data that isn't provided on the registration form on the website, such as data that would be provided if a user chose to sign up through Google.

The Data Collected clause from DailyMotion Privacy Policy

If you choose to allow your users to sign into your website or mobile app via a Google sign in button, you may need to do each of the following to be fully compliant:

  • Have a Privacy Policy that you adhere to and don't update without informing your users
  • Let users know what personal information you will be collecting from them and how you will be using this information (Include this information in your Privacy Policy)
  • Obtain consent from users to collect and use this information (the Allow button constitutes consent when you let users know that by clicking Allow, they're agreeing to your Terms)
  • Give users a way to change or revoke this consent
  • Comply with all requirements outlined in the Google Platform Developer Policy, the Google Buttons Policy, and the EU User Consent Policy