The following terms apply only to the Service(s)
indicated in the Section title.
Compute
1.
App Engine - Data
Location.
Customer may configure App
Engine to store Customer Data in the United States or
European Union, and Google will store that Customer Data
at rest only in that location. The Service does not limit
the locations from which Customer or Customer End Users
may access Customer Data or to which they may move
Customer Data. For clarity, Customer Data does not include
resource identifiers, attributes, or other data labels.
2.
Google Cloud
VMware Engine (GCVE)
a.
Customer Security
Obligations
. Google may not have access to
Customer's VMware environment or be able to encrypt
personal data in Customer's VMware environment.
b.
VMware Cloud Universal Program (“VMware Universal”).
VMware, Inc. (“
VMware
”) and VMware partners sell
credits through VMware Universal that may be applied
towards GCVE in accordance with Customer’s agreement with
VMware. Customer’s purchase and use of GCVE through VMware
Universal is subject to the Agreement and the following
terms.
(i) The Agreement’s payment
terms will not apply, and all fees will be payable to
VMware and determined solely between VMware and Customer.
(ii)
Data Sharing with VMware.
A. Google may share
with VMware information regarding Customer’s use of GCVE
and Google Cloud Platform.
B.Customer acknowledges
that, to the extent Customer provides any data to VMware
in connection with GCVE, VMware may share such data with
Google to the extent reasonably required to provide GCVE
(including technical support) and administer VMware
Universal.
C. If Customer brings a
claim under the Agreement related to GCVE, Customer
acknowledges that VMware may disclose to Google the fees
or other amounts paid or payable by Customer to VMware for
GCVE, and any other terms of the agreement between
Customer and VMware regarding GCVE or either party’s
performance under that agreement.
(iii)
Remedies
.
Customer will seek any applicable SLA credits and monetary
remedies described in the Agreement from VMware (and will
not do so from Google).
(iv)
Support
. Google
will provide technical support to Customer in accordance
with the Agreement. Support fees for GCVE may be charged
by VMware to Customer.
(v)
Financial Commitments
. If Customer has made
financial commitments in an Order Form or addendum to the
Agreement, then Google may apply Customer's GCVE
consumption (at a rate determined by Google), or a portion
of the applicable fees Google receives from VMware, to
those commitments.
3.
BigQuery.
a.
ODBC/JDBC Drivers.
The ODBC and JDBC drivers for
BigQuery (described
here
)
are “Software” as defined in the Agreement and their use
is subject to the “General Software Terms.” These drivers
may only be used with BigQuery.
b.
Analytics Hub
(i)
Introduction
.
Analytics Hub helps BigQuery customers publish and share
sets of Customer Data (“Datasets”) with other BigQuery
customers as subscribers. Datasets are organized into
shared repositories (“Exchanges”) with each Dataset’s
listings including additional listing information
(“Listing Materials”) managed by the administrator of that
Exchange (“Exchange Administrator”).
(ii)
Exchange Administrators
. When acting as an
Exchange Administrator: (A) Customer Listing Materials are
considered Customer Data and (B) Customer is responsible
for any Datasets listed in its Exchange, including
handling takedown requests and securing necessary rights
and consents.
(iii)
Disclaimer
.
Google is not responsible for and will have no liability
for (A) any terms or relationships between Customer and
any third party or (B) any Datasets.
4.
Looker Studio.
This Agreement only applies
to (a) Looker Studio Pro or (b) Looker Studio if Customer
has selected it to govern in the Admin Console.
5.
Google Earth Engine.
a. Non-Commercial Use.
Use of the free,
non-commercial / research activities edition of Google
Earth Engine is subject to the terms at
https://earthengine.google.com/noncommercial/
or a successor URL, which may be updated by Google
periodically.
b.
Incorporation into Applications
. Customer
may not allow End Users of Customer’s Applications to
directly access or interact with the Google Earth Engine
APIs unless those End Users have their own Google Cloud
Platform Accounts and have access to Google Earth Engine
from those Accounts.
6.
Compute Engine.
a.
Future Reservations.
Customer may request a future
reservation, as described at
https://cloud.google.com/compute/docs/future-reservations
(or a successor URL), by following the instructions at
that URL. Google will determine in its sole discretion
whether to approve each future reservation request, and
approval will not be unreasonably withheld or delayed.
Reserved VMs may not be transferred or shared amongst
multiple customers by Customer (if the Customer is a
reseller or supplier of Google Cloud Platform).
Networking
7.
Cloud Interconnect
- Partner Interconnect.
Customer will
independently engage a network service provider who has
agreed with Google to supply connectivity between Customer
and Google under Google’s partner terms for Partner
Interconnect. Google is not responsible for any issues
arising outside of Google’s network.
8.
Cloud NGFW
and
Cloud Intrusion Detection
System (Cloud IDS).
Notwithstanding anything to
the contrary in the “Benchmarking” section of the General
Service Terms of these Service Specific Terms, Customer
will not, and will not allow End Users to, disclose,
publish, or otherwise make publicly-available any
benchmark, or performance or comparison tests that are run
on either the edition of Cloud NGFW titled “Cloud NGFW
Enterprise” or Cloud IDS and that are conducted by
Customer or an End User (or a third party authorized by
Customer or an End User).
9.
Network
Connectivity Center (NCC).
Notwithstanding any
telecommunications restrictions in the Agreement,
Customer may use NCC only in Australia, India,
Japan, Korea, Singapore, the United Kingdom, and the
United States.
10.
Spectrum Access System
a.
Governing Agreement.
This Section 9
(Spectrum Access System) only applies to Customers
procuring SAS under the terms of this Agreement.
b.
Additional Customer Obligations.
Customer is solely
responsible for (i) the installation, operation,
maintenance, and repair of Registered CBSDs; (ii)
staffing, instructing, and managing personnel performing
the installation, operation, maintenance, and repair of
Registered CBSDs; (iii) ensuring that such personnel are
certified by WInnForum to the extent required by
applicable law; and (iv) procuring and maintaining
connectivity with Spectrum Access System to enable the
ordering and registration of CBSDs and the use of
Registered CBSDs. For clarity, Section 2(b) (Operations of
Communications Services) in the General Services Terms of
these Service Specific Terms does not prohibit Customer
from using Spectrum Access System in compliance with this
Section 9 (Spectrum Access System).
c.
Applicable Law
.
Spectrum Access System is subject to Federal
Communications Commission (“FCC”) regulations. Each party
will comply with the rules and implementing orders of the
FCC (including 47 C.F.R. Part 96), the Department of
Defense, and the National Telecommunications and
Information Administration, along with the duly adopted
Release 1 standards of WInnForum, to the extent applicable
to that party’s provision, receipt, or use of Spectrum
Access System.
d.
No Personal Data
.
Except for any Customer Account Information that may
include personal data, Customer will not provide any CBSD
Endpoint User Information or other regulated data to
Google through Customer’s use of Spectrum Access System.
e.
Definitions
.
“
CBSD
” means a device
with a radio access point that is certified by the FCC to
operate in the Citizens Broadband Radio Services
band.
“
CBSD Registration Information
” means data relating
to the location, identification, operating parameters, and
other aspects of Registered CBSDs.
“
CBSD Reporting Data
”
means the anonymized or aggregated data and metadata
Google receives from the Registered CBSDs during
Customer’s use of Spectrum Access System.
“
CBSD Endpoint
” means
a device that may establish wireless connectivity with the
authorization of a Registered CBSD.
“
CBSD Endpoint User
”
means an individual that uses any CBSD Endpoint.
“
CBSD Endpoint User Information
” means any
information, data, or content relating to a CBSD Endpoint
User, including (i) billing and usage information,
passwords, and PINs; (ii)
transmitted
or received
content information; (iii) authentication
information and any other demographic information; and
(iv) other information in connection with use by a
CBSD Endpoint User of a CBSD Endpoint on any Registered
CBSD or network of Registered CBSDs (excluding any
information that may qualify as CBSD Registration
Information or CBSD Reporting Data).
“
Customer Account Information
” means information
provided by Customer in connection with the registration
of CBSDs, which consist of (i) contact and account
information for Customer; (ii) identification
information for all Registered CBSDs registered to
Customer, as prescribed by WInnForum standards;
(iii) identifying information for all groups of CBSDs
for Customer; and (iv) information relating to
Customer’s priority access licenses (as applicable),
including identification numbers, boundary information,
protection area, CBSD cluster lists, grouping information,
and any leases of such priority access licenses.
“
Registered CBSD
”
means a CBSD that is registered with Google and operated
by Customer via Spectrum Access System.
“
WInnForum
” means the
Wireless Innovation Forum or any successor organization.
Developer Tools
11.
Assured Open Source Software (AOSS).
TSS is not
available for free tiers of AOSS.
Data Analytics
12.
Looker (Google Cloud core).
If
Google’s measurement tools are unable to confirm
Customer’s usage of the Services, then (a) within 30 days
of Google’s request, Customer will provide a
sufficiently-detailed written report describing usage of
the Looker (Google Cloud core) Service by Customer and End
Users during the requested period, and (b) Customer will
provide reasonable assistance and access to information to
verify the accuracy of Customer’s usage report(s).
AI
/ ML Services
13.
Definitions
“
Customer Adapter Model
” means an adapter model
that Customer creates using its Customer Data with an
AI/ML Service.
“
Customer Model
” means
(i) a model that Customer creates without using a Google
Pre-Trained Model or (ii) a model owned by Customer or a
third party that Customer uploads, fine tunes, or deploys
in AI/ML Services. Customer Models do not include Customer
Adapter Models.
“
Fine-Tuned Google Model
” means an uptrained model
that Customer creates by using an AI/ML Service to retrain
or fine-tune a Google Pre-Trained Model using Customer
Data.
“
Google Customer-Trained
Model
” means a model trained or retrained by
Customer that leverages Google’s pre-existing intellectual
property using an AI/ML Service and not released as an
open model under an open source or other license.
“
Google Pre-Trained Model
” means a model trained by
Google and not released as an open model under an open
source or other license.
“
Separate Offering
”
means a model, dataset, application, product, service,
solution, or any other offering that Google makes
available for use with AI/ML Services that is subject to
terms and conditions separate from the Agreement, such as
an open source license, third party terms, or other terms.
14.
Intellectual Property Terms for AI/ML Services
a.
Non-Google
Models
. As between
Customer and Google and in connection with use of an AI/ML
Service (as described at
https://cloud.google.com/terms/services
),
Google does not assert any ownership rights in (i)
Customer Models, (ii) Customer Adapter Models, or (iii)
Separate Offerings, each to the extent they do not contain
any pre-existing Google intellectual property.
b.
Google Models
.
Customer will have sole access to use Fine-Tuned Google
Models and Google Customer-Trained Models. Neither Google
nor any third party not authorized by Customer may access
or use Fine-Tuned Google Models and Google
Customer-Trained Models, including after expiration or
termination of the Agreement. Google owns all Intellectual
Property Rights in Google Pre-Trained Models, Fine-Tuned
Google Models, and Google Customer-Trained Models. Where
permitted by the AI/ML Service, any exported Fine-Tuned
Google Model is licensed as Software.
15.
AI/ML Data Location.
Customer may configure the
Services listed at
https://cloud.google.com/terms/data-residency
to (a) store Customer Data at rest and (b) perform machine
learning processing of Customer Data by the Service, in
each case in a specific Multi-Region, and Google will
perform (a) and (b) only in that Multi-Region. For
clarity, Customer Data does not include resource
identifiers, attributes, or other data labels.
16.
Use Restrictions for AI/ML Services
.
a.
Competitive Use.
Customer will not, and will not
allow End Users to use an AI/ML Service or Generated
Output to develop a similar or competing product or
service. Google may immediately suspend or terminate
Customer's use of any AI/ML Service based on any suspected
violation of the preceding sentence. This
restriction does not apply to Vertex AI Platform so
long as Customer does not use a Google Pre-Trained Model.
b
. ??Model Restrictions.
Customer will not, and
will not allow End Users to, use output from an AI/ML
Service (including Generated Output) to: (i) substitute,
replace, or circumvent the use of a Google Pre-Trained
Model, a Google Customer-Trained Model, or a Fine-Tuned
Google Model (“Google Models”), directly or indirectly, or
(ii) create or improve models similar to a Google
Model.
c.
No Reverse Engineering
. Customer will not, and will
not allow End Users to, reverse engineer or extract any
components of an AI/ML Service, Software, or its models
(such as using prompts to discover training data). Google
may immediately suspend or terminate Customer's use of any
AI/ML Service based on any suspected violation of the
preceding sentence.
17.
Training Restriction
. Google will not use Customer
Data to train or fine-tune any AI/ML models without
Customer's prior permission or instruction.
18.
Separate Offerings
and Customer Models
a. Use of Separate Offerings on the Google Cloud Platform
.
Customer’s use of Separate Offerings is subject to
separate terms and conditions.
b.
Disclaimer and Indemnity
. Google disclaims all
liability arising from Customer’s use of Separate
Offerings and Customer Models, and Google’s
indemnification obligations do not apply to allegations
arising from Separate Offerings or Customer Models.
19.
Generative AI
Services.
a.
Definition.
“Generated Output” means the
data or content generated by a Generative AI Service
prompted by Customer Data. Generated Output is Customer
Data. As between Customer and Google, Google does not
assert any ownership rights in any new intellectual
property created in the Generated Output.
b.
Disclaimer.
Generative AI Services (as described
at
https://cloud.google.com/terms/services
)
use emerging technology, may provide inaccurate or
offensive Generated Output, and are not designed for or
intended to meet Customer’s regulatory, legal, or other
obligations. Customer acknowledges that a Generative AI
Service may, in some scenarios, produce the same or
similar Generated Output for multiple
customers.
c.
Prohibited Use
Policy
. For the purposes of Generative AI Services,
the Prohibited Use Policy located at
https://policies.google.com/terms/generative-ai/use-policy
,
as may be updated from time to time, is incorporated into
the AUP. (If Customer has questions on whether this policy
applies to Customer’s business, contact your Google Cloud
Sales Representative or Google Cloud Partner.)
d.
Age Restrictions
.
Customer will not, and will not allow End Users to, use a
Generative AI Service as part of a website, Customer
Application, or other online service that is directed
towards or is likely to be accessed by individuals under
the age of 18.
e.
Healthcare
Restrictions
. Customer will not, and will not allow
End Users to, use the Generative AI Services for clinical
purposes (for clarity, non-clinical research, scheduling,
or other administrative tasks is not restricted), as a
substitute for professional medical advice, or in any
manner that is overseen by or requires clearance or
approval from any applicable regulatory authority.
f.
Suspected
Violations
. Google may immediately suspend or
terminate Customer's use of a Generative AI Service based
on any suspected violation of Section 16(b) or subsection
(d) above.
g.
Restrictions
. The
restrictions contained in subsections (d) and (e) above
are deemed to be “Restrictions” or “Use Restrictions”
under the applicable Agreement.
h.
Handling of Prompts and Generated Output
.
Absent Customer’s prior permission or instruction, Google
will not store outside Customer’s Account (i) Customer
Data prompted to a Generative AI Service for longer than
is reasonably necessary to create the Generated Output, or
(ii) the Generated Output.
i.
Additional Google Indemnification Obligations
.
(i)
Generated Output.
Google’s indemnification obligations under the Agreement
also apply to allegations that an unmodified Generated
Output from a Generative AI Indemnified Service using only
Google Pre-Trained Model(s), a Fine-Tuned Google Model, or
a Customer Adapter Model used with a Google Pre-Trained
Model infringes a third party’s Intellectual Property
Rights. This subsection (i) (Generated Output) does not
apply if the allegation relates to a Generated Output
where: (1) Customer creates or uses such Generated Output
that it knew or should have known was likely infringing,
(2) Customer (or Google at Customer’s instruction)
disregards, disables, or circumvents source citations,
filters, instructions, or other tools Google makes
available to help Customer create or use Generated Output
responsibly, (3) Customer uses such Generated Output after
receiving notice of an infringement claim from the
rightsholder or its authorized agent, (4) the allegation
is based on a trademark-related right as a result of
Customer’s use of such Generated Output in trade or
commerce, or (5) Customer does not have the necessary
rights to the Customer Data used to customize or retrain
the Fine-Tuned Google Model or Customer Adapter Model.
“Generative AI Indemnified Service” means a Service or
feature listed at
https://cloud.google.com/terms/generative-ai-indemnified-services
,
where the use of such Service or feature is paid for by
Customer and not subject to credits or free tier usage.
(ii)
Training Data.
Google’s indemnification obligations under the Agreement
also apply to allegations that Google’s use of training
data to create any Google Pre-Trained Model utilized by a
Generative AI Service infringes a third party’s
Intellectual Property Rights. This indemnity does not
cover allegations related to a specific Generated Output,
which may be covered by subsection (i) (Generated Output)
above.
j.
Modifying, Disregarding, or Disabling Safety Filters
.
Customer is solely responsible for any Generated Output
created or used where Customer (or Google at Customer’s
instruction) disables or modifies safety filters (if
permitted by the Generative AI Service) or disregards
safety instructions or documentation.
k. Grounding with Google Search
. “Grounding with
Google Search” is a generative AI feature of Vertex AI
that provides Grounded Results and Search Entry Points.
“Grounded Results” mean responses that Google generates
using the prompt from the End User, contextual information
that Customer provides, and results from Google’s search
engine. “Search Entry Points” mean search suggestions that
Google provides with the Grounded Results. If a Grounded
Result is clicked on, separate terms (not these terms)
govern the destination page. If a Search Entry Point is
clicked on, the
Google Terms of Service
govern the
google.com
destination page. Grounded Results and Search Entry Points
are Generated Output. “URLs” are hyperlinks,
corroborations (grounding support), citations, and
recitations, which may be contained in a Grounded Result
or Search Entry Point. Excluding a Customer-owned web
domain, Customer will not assert ownership rights in any
intellectual property in Search Entry Points or URLs in
Grounded Results.
(i)
Use Restrictions for Grounding with Google Search
.
Customer:
1. Will only use Grounding
with Google Search in a Customer Application that is owned
and operated by the Customer and will only display the
Grounded Results with the associated Search Entry Point(s)
to the End User who submitted the prompt.
2. Will not, and will not
allow its End Users or any third party to, store (except
as provided below), cache, copy, frame, implement any
click tracking, URL-tracking or other monitoring of
(except as provided below), syndicate, resell, analyze,
train on, or otherwise learn from Grounded Results or
Search Entry Points.
- Customer may store the
text of the Grounded Results (excluding URLs):
(1) that were displayed
by Customer for up to thirty (30) days only to evaluate
and optimize the display of the Grounded Results in the
Customer Application;
(2) in the chat history of
an End User of the Customer Application for up to six (6)
months only for the purpose of allowing that End User to
view their chat history.
- Customer may monitor End
User interactions with their Customer Application
interface, however, Customer will not track whether those
interactions were specifically with a given Search Entry
Point or Grounded Result (in each case, in whole or in
part, including any specific URLs).
3. Unless permitted by
Google in writing (including in the Documentation):
- will not modify, or
intersperse any other content with, the Grounded Results
or Search Entry Points; and
- will not place any
interstitial content between any URL or Search Entry Point
and the associated destination page, redirect End Users
away from destination pages, or minimize, remove, or
otherwise inhibit the full and complete display of any
destination page.
(ii)
Storage for Debugging and Testing
. Customer
acknowledges that it is reasonably necessary for Google to
store prompts, contextual information that Customer may
provide, and Generated Output for thirty (30) days for the
purposes of creating Grounded Results and Search Entry
Points, and since such information is being stored,
Customer instructs Google that the stored information can
be used for debugging and testing of systems that support
Grounding with Google Search.
(iii)
Guidelines
. The
Client Application Guidelines
apply to the Customer’s use of Grounding with Google
Search. For purposes of the Client Application Guidelines,
Customer Applications that are using Grounding with Google
Search are considered Approved Applications.
(iv)
Survival
. This
subsection “Grounding with Google Search” will survive
termination or expiration of the Agreement, as applicable.
20.
Vertex AI Search
.
With respect to this
Service, Customer may use only Customer Data and web
domains that it owns or is authorized to utilize.
21.
Celebrity Recognition.
Customer will use celebrity
recognition functionality in Cloud Vision and Video
Intelligence API on celebrities, only with
professionally-filmed media content that Customer owns or
is authorized to use, and not for any surveillance-based
purpose.
22.
CCAI Platform
a.
No Access to
Emergency Services.
CCAI Platform does not
function as a telephonic or other communication service.
The Service cannot send or receive emergency calls or
texts, and will not be used for emergency services.
b.
Bring Your Own Carrier
(“BYOC”).
In the BYOC model, Customer is
responsible for obtaining telephony services from a third
party and for all associated costs. Customer and its
telephony provider are solely responsible for compliance
with any regulatory and licensing requirements for such
telephony services.
23.
Cloud Translation API.
Customer will comply with
the HTML Markup Requirements found at
https://cloud.google.com/translate/markup
and the attribution requirements found at
https://cloud.google.com/translate/attribution
.
24.
Speech on Device.
Customer’s license to this
Premium Software is limited to using Speech on Device
(SOD) locally on each designated device upon which it is
activated. Only Customers who subscribe to TSS are
eligible to receive updates to SOD. Upon termination or
expiration of Customer’s Order Form for SOD, Customer will
permanently delete all SOD models (except those models on
already-activated devices) and may not use SOD to perform
any additional activations or distribute any more devices.
25.
Visual Inspection AI.
Customer may only download
from Visual Inspection AI containerized Solution Artifacts
(as described in the Documentation and licensed as
Software) for the duration and number of cameras
designated when downloaded by Customer in the Admin
Console.
26.
Retail Search.
If
Customer provides results for any query in a different
order than the ranked order returned by Retail Search
(“Alternative Ranking”), then (a) Google will not provide
any support (including TSS) in relation to this
Alternative Ranking and (b) Customer forfeits any rights
granted by Google to use Google Brand Features in
connection with Retail Search.
27.
Telecom Subscriber Insights
.
a. Updates.
If Google
makes available to Customer an update to the Telecom
Subscriber Insights Software and Customer does not
download the update within 30 days of notification of its
availability, Google will automatically push the update to
Customer’s Project(s) that use Telecom Subscriber
Insights.
b. Additional Restrictions.
Customer will not
(either directly or via third parties) (i) use Telecom
Subscriber Insights or any of its components to create,
train, or improve (directly or indirectly) any similar or
competing system, product or service; or (ii) use output
data from Telecom Subscriber Insights for the purpose of
creating, training, or improving (directly or indirectly)
any similar or competing system, product or service.
28.
Anti Money Laundering AI.
The Service may only be
used for Customer’s (or its own customers’) detection of
money-laundering activities as part of an anti money
laundering (AML) compliance program. Customer will comply
with the service limits defined in the Documentation and
ensure that Service outputs are subject to human
oversight, investigation, and evaluation by trained AML
compliance personnel. Google may suspend or terminate
Customer’s use of the Service based on any suspected
violation of the foregoing obligations.
Bare Metal
29.
Bare Metal Solution
a. Liability
.
Notwithstanding anything to the contrary in the Agreement (except subject to any unlimited liabilities expressly stated in the Agreement), to the maximum extent permitted by law, each party’s total aggregate Liability for damages arising out of or relating to Bare Metal Solution is limited to the greater of (i) the Fees Customer paid for Bare Metal Solution during the 12 month period before the event giving rise to liability and (ii) $25,000. This Section will survive expiration or termination of the Agreement.
b. Bare Metal Solution Proof of Concepts
. Customer
may not use Bare Metal Solution proof of concepts and
trials in connection with any production workloads.
Migration
30.
Transfer Appliance Service.
a. Trade Compliance
.
(i) In case of cross-border
shipments of Appliance Materials, Customer may be
responsible for export clearance and licensing (if
applicable). Appliance Materials may be dual-use goods
(including under Export Control Number 5A002) and subject
to export restrictions. Google may designate a carrier to
act as Customer's agent with the relevant customs and tax
authorities to import or export the Appliance Materials,
and Customer will cooperate with Google and its carrier,
including providing export classification information and
acting as the importer or exporter of record. Customer
will not ship Appliance Materials except as authorized in
writing by Google.
(ii) Without limiting
Customer’s obligation to comply with all laws applicable
to its receipt or use of Appliance Materials (including
any prohibitions on exporting, re-exporting or
transferring Appliance Materials to comprehensively
embargoed United States countries and regions), Customer
may not export, re-export or transfer Appliance Materials
to Russia or for use in Russia except as authorized in
writing by Google.
b. Responsibility for Appliance Materials
. While
Appliance Materials are in its control, Customer is
responsible for any loss or damage and will use
appropriate security measures to protect them.
c. Sole Remedy.
Customer's sole remedy in
connection with any unsuccessful attempt to complete the
Transfer Appliance Service is for Google to use reasonable
efforts to re-perform the Transfer Appliance Service.
The Service Specific Terms
for the Transfer Appliance Service are also applicable to
Google Distributed Cloud Edge Appliance Service excluding
the “Sole Remedy” subsection above.
“
Appliance Materials
”
means the materials provided by Google or its
Subprocessors in connection with the Transfer Appliance
Service or the Google Distributed Cloud Edge Appliance
Service, as applicable, including hardware and software.
Security and Identity
31.
Assured
Workloads.
a. General
. Google
will provide TSS for Assured Workloads in accordance with
Customer-selected controls. It is Customer's
responsibility to determine whether Customer-selected
Admin Console controls are adequate for Customer’s
purposes.
b.
Assured
Workloads Data Location
. If Customer is using
Assured Workloads and configures any Service listed in the
“Assured Workloads” section of
https://cloud.google.com/terms/data-residency
for data location as described in the General Service
Terms Section 1 (Data Location), then in addition to
Google's data location commitments under that Section 1
(Data Location), Google will process Customer Data in use
by the configured Service (not including in any user
interface) only within the country of the selected Region
or within the country or countries of the selected
Multi-Region (as applicable). If the selected Region or
Multi-Region is located in the European Union, Google will
process Customer Data in use by the configured Service
only within the European Union (but not necessarily in the
same country).
Further, Assured Workloads
enables Customer to prevent Google personnel located
outside the Customer-selected Region or Multi-Region from
accessing Customer Data in an Assured Workloads
environment, as specified in the Documentation.
c. ITAR Data.
Notwithstanding any restriction on
the access or use of the Services for materials or
activities subject to ITAR in the Agreement, Customer may
access or use the Services with software or technical data
subject to ITAR if Customer uses Assured Workloads
Services explicitly identified in the Documentation as
being compatible with ITAR requirements.
d.
Federal Risk and Authorization Management Program (FedRAMP) and Department of Defense Cloud Security Requirements Guide (DoD SRG).
Certain Google Services have received FedRAMP or DoD SRG
Authority to Operate (“ATO”) for defined Services. FedRAMP
ATO Services are currently described at
https://cloud.google.com/security/compliance/fedramp
and DoD SRG ATO Services are currently described at
https://cloud.google.com/security/compliance/disa
.
Customers are responsible for complying with the relevant
FedRAMP and SRG requirements when using the Services,
including the requirements in the Customer Responsibility
Matrix (“CRM”). The CRM is a part of the Google Services
System Security Plan maintained by the FedRAMP Program
Management Office, and is available to government
customers upon request. Customer may not use any Services
to store or process classified information data.
32.
Access
Approval.
Use of Access Approval may increase
response times for TSS, and Customer will be responsible
for any disruption or loss as a result of Customer denying
or delaying approval via Access Approval. The SLAs do not
apply to any Service disruption impacted by Customer’s use
of Access Approval.
33.
Security Command Center.
a.
Data Processing.
In
order to protect your assets against new and evolving
threats, Security Command Center analyzes data related to
misconfigured assets, indicators of compromise in logs,
and attack vectors. This activity may include processing
to improve service models, identifying recommendations to
harden customer environments, collecting metrics to
evaluate the effectiveness and quality of services, and
conducting experiments to optimize the user experience.
b.
Cryptomining Protection Program.
Customer’s use of
Security Command Center Premium is subject to the terms of
the
Security Command Center Cryptomining Protection Program
(“Cryptomining Protection Program”). Google reserves the
right to update or discontinue the Cryptomining Protection
Program upon 30 days notice.
c.
Security Command Center Enterprise.
The
SecOps Service Specific Terms
(and, other than this subsection, not these Google Cloud
Platform Service Specific Terms) apply to your use of the
Chronicle SIEM, Chronicle SOAR, and Mandiant Attack
Surface Management components (as each is described in the
SecOps Services Summary
)
of Security Command Center Enterprise.
34.
Cloud Identity
Services.
The following terms apply only
to the Cloud Identity Services provided under this
Agreement:
a.
Use of Google
Workspace Components
. Customer’s use of the Google
Workspace Components is subject to any applicable
provisions of the then-current Google Workspace Service
Specific Terms at
https://workspace.google.com/intl/en/terms/service-terms/
,
which provisions are incorporated by reference into this
Agreement.
b.
Additional
Products
. Google makes optional Additional Products
available to Customer and Customer End Users through the
Cloud Identity Services. Customer’s use of Additional
Products is subject to the Additional Product Terms.
c.
Governing
agreement
. Customer’s use of Cloud Identity
Services under the Account, will be governed by: (i)
Customer's Google Workspace agreement; (ii) this
Agreement; or (iii) the terms at
https://cloud.google.com/terms/identity
,
if and as applicable, depending on which is in effect.
This Section will survive expiry or termination of this
Agreement.
d.
Definitions
.
“
Additional
Products
” means products, services and applications
that are not part of the Services but that may be
accessible for use in conjunction with the Services.
“
Additional Product
Terms
” means the then-current terms at
https://workspace.google.com/intl/en/terms/additional_services.html
.
“
Google Workspace
Components
” has the meaning given in the
then-current services summary for Cloud Identity Services
at
https://cloud.google.com/terms/identity/user-features
.
“
Google Workspace
”
means the then-current services described at
https://workspace.google.com/terms/user_features.html
35.
Firebase
Authentication and Identity Platform.
a.
Phone
Authentication
. Google temporarily stores phone
numbers provided for authentication to improve spam and
abuse prevention across Google services. Phone numbers are
not logically isolated for a given customer's end users.
Customer should obtain appropriate end-user consent before
using the Firebase Authentication or Identity Platform
phone number sign-in service.
b.
Other Authentication
Services
. Use of Google Sign-In for authentication
is subject
to
Google’s API Services: User Data Policy
.
Google is not responsible for any third-party sign-in
service used with Firebase Authentication or Identity
Platform.
c.
reCAPTCHA Notice
Requirement
. Customer agrees to explicitly inform
Customer End Users of phone authentication features that
their use of reCAPTCHA is subject to the
Google
Privacy Policy
and
Terms of Use
.
For users in the European Union, you and your
Application(s) must comply with
the
EU User Consent Policy
.
Google collects hardware and software information, such as
device and application data, through reCAPTCHA only as
necessary to provide, maintain, and improve the Service,
and for general security purposes. Such information will
not be used for any other purpose, such as personalized
advertising by Google.
36.
reCAPTCHA
Enterprise.
a.
Information
.
Google collects hardware and software information, such as
device and application data, through reCAPTCHA Enterprise
only as necessary to provide, maintain, and improve the
Service, and for general security purposes. Such
information will not be used for any other purpose, such
as personalized advertising by Google.
b.
Terms.
Customer
will inform applicable Customer’s End Users that Customer
has implemented reCAPTCHA Enterprise on its properties and
that Customer’s End Users' use of reCAPTCHA Enterprise is
subject to the
Privacy Policy
and
Terms of Use
.
c.
Use.
reCAPTCHA
Enterprise may only be used to fight fraud and abuse on
Customer's properties, and not for any other purposes,
such as determining credit worthiness, employment
eligibility, financial status, or insurability of a user.
d.
Customer
Privacy Policy
. Customer will provide and adhere to
a privacy policy for its API client that clearly and
accurately describes to applicable Customer End Users what
user information Customer collects and how Customer uses
and shares such information with Google and third parties.
Customer will be responsible for providing any necessary
notices or consents for the collection and sharing of this
data with Google. Customer and its API client(s) will
comply with the
EU User Consent Policy
.
37.
Web
Risk.
a.
Attribution
.
Customer may display a warning about unsafe web resources
for a particular site based on verification against
Google’s list of unsafe sites provided that (i) the
applicable Customer Application has received from Google
an updated list (via the applicable API method) before the
expiration time provided by the applicable API response or
within 30 minutes if no expiration time is specified; and
(ii) Customer provides attribution and conspicuous notice
that the reliability and accuracy of the protection cannot
be guaranteed using language similar to the “Advisory
Notice” subsection below.
b.
Advisory Notice
.
Google works to provide the most accurate and up-to-date
information about unsafe web resources, but cannot
guarantee that its information is comprehensive and
error-free: some risky sites may not be identified, and
some safe sites may be identified in error.
c.
Evaluate and Submission APIs.
Google uses URLs and
associated data submitted through the Evaluate API or
Submission API (“Submitted URLs”) and corresponding
maliciousness scores to provide, maintain, protect and
improve Google's products and services, including Google's
list of unsafe web resources. Google may also share
Submitted URLs with third parties, including other Google
customers and users. Submitted URLs are not Customer
Confidential Information or Customer Data.
38.
Chrome Enterprise
Premium
a.
Chrome Browser Cloud
Management
.
In order to use Chrome
Enterprise Premium Threat and Data Protection Services:
i. Customer agrees to the
Chrome Browser Cloud Management Agreement at
https://chromeenterprise.google/terms/chrome-browser-cloud-management/
;
and
ii. Customer acknowledges
and agrees that Customer must enable "Chrome Enterprise
Connectors" in the Chrome Browser Cloud Management section
of the Admin Console.
b.
Threats
. When
Chrome Enterprise Premium checks for malware, unsafe web
pages, or other unsafe files (“Threats”), the URL or a
file hash and the result of the analysis are temporarily
stored in a Google global cache for performance-related
purposes. Customer acknowledges and agrees that Customer
URLs and file hashes that Chrome Enterprise Premium
identifies as Threats are not Customer Confidential
Information or Customer Data and Google may use such URLs
and file hashes to provide, maintain, protect and improve
Google's products and services, including Google's lists
of Threats.
c.
App Connector
.
Customer agrees to install Software for App Connector in
Customer’s private data center or other non-Google cloud
environments in accordance with the minimum specifications
described in the Documentation. Customer authorizes Google
to connect and maintain the Software in order to provide
connectivity for the applications accessed by Customer via
App Connector.
39.
Certificate
Manager.
Customer authorizes Google Cloud
to apply for and obtain publicly trusted SSL/TLS
certificates from third-party or Google-managed
certificate authorities for domains operated and
controlled by Customer (“Customer Domains”) pursuant to
the CA/Browser Forum Baseline Requirements or any
applicable successor requirements (“Requirements”).
Customer represents and warrants that it operates and
controls the Customer Domains and will revoke the
authorization from Google when Customer ceases to operate
and control a Customer Domain. Google may revoke a
certificate as required by the Requirements or for failure
to comply with the AUP.
Google Distributed Cloud
40.
Google Distributed Cloud Edge.
If you purchased
Google Distributed Cloud Edge prior to August 15, 2023,
the terms available at
https://cloud.google.com/distributed-cloud/edge/service-terms
will apply.
Sovereign Controls by Partners
41.
Sovereign Controls by Partners.
a. Customer Responsibilities.
The Sovereign
Controls by Partners solution applies only to the
Supported Google Cloud Services listed at
https://cloud.google.com/terms/in-scope-sovereign-cloud
(“Supported Google Cloud Services”). The Party using the
Sovereign Controls Partners solution, whether Customer or
a customer of the Sovereign Controls Partner or other
Reseller or Partner , is responsible for: (i) receiving
the Sovereign Controls Partners services, including
external key management services (“EKM”), from the
Sovereign Controls Partners listed at
https://cloud.google.com/terms/in-scope-sovereign-cloud
,
and (ii) maintaining separate terms directly with the
Sovereign Controls Partner governing the use of those
Sovereign Controls Partners services.
b.
Partner Access
. To
the extent applicable, Customer authorizes (and will
ensure, if applicable, it has all relevant approvals to
allow) Google to share, with the relevant Sovereign
Controls Partner, Customer's contact information,
metadata, log data, billing information, and configuration
data from the Services used in the environment applicable
to the Sovereign Controls by Partners solution, or that of
Customer’s applicable end customer. Google is not
responsible for a Sovereign Controls Partner’s handling of
such data.
c.
Key Access Justifications
. Google will transmit an
accurate justification to the EKM for each request to
obtain key access to decrypt Customer Data for supported,
generally-available Services, pursuant to terms agreed
between the Sovereign Controls Partner and Google (if
applicable). Once the EKM receives a justification, they
are responsible for determining whether to grant Google
the requested key access. Google is not responsible if the
operation or functionality of the Services is impacted
because Google cannot obtain a key access needed for such
operation or functionality.
d.
Security Controls.
Data location controls made
available by Google for the Sovereign Controls solution
will be the same as the controls Google makes available
for Assured Workloads, as described in the Assured
Workloads Service Specific Terms.
Databases
42.
AlloyDB Omni.
Users of the free AlloyDB
Omni Developer Edition and their Software Users (as
defined in the General Service Terms) may use the Alloy DB
Omni Software only for the purposes of developing,
testing, prototyping, and demonstrating software programs
(in any environment). Such users and Software Users may
not use the AlloyDB Omni Software for any data processing,
business, commercial, or production purposes.