Firebase App Indexing User Data Policy

Last updated: May 23, 2018

This policy is designed to provide guidance to developers using Firebase App Indexing APIs.

Google Product Content Restrictions

Your content or actions may surface in various Google products. These Google products may choose not surface some of your content or actions if your content or actions violates the Google product’s content policies, for example Policies for Actions on Google.

Intellectual Property and Abusive Behavior

Intellectual property

We don't allow content or actions that infringe the intellectual property rights of others, including trademark, copyright, patent, trade secret, and other proprietary rights. We also don't allow content or actions that encourage or induce infringement of intellectual property rights.

We will respond to clear notices of alleged copyright infringement. For more information or to file a Digital Millennium Copyright Act request, please visit our copyright procedures.

If you are a trademark owner and you believe certain content or actions is infringing on your trademark rights, we encourage you to reach out to the developer directly to resolve your concern. If you can't reach a resolution with the developer, please submit a trademark complaint through this form.


We don't allow content or actions that use another developer’s or entity's brand, title, logo, or name in a manner that may result in misleading users. Impersonation can occur even if there isn't an intent to deceive, so please be careful when referencing any brands that do not belong to you. This applies even if that brand doesn't yet have a presence on the Directory.

Unauthorized use or imitation of system functionality

We don't allow content or actions that mimic or interfere with device or Google product functionality. Examples of prohibited behaviour include:

  • Mimicking system notifications or warnings.
  • Pretending to be Google.


We don't allow Actions that spam users or Google products in any way. Examples of spammy behavior include: * Content or actions that push content to users' mobile devices without their permission or send excessive or irrelevant content using the Update API. * Content or actions whose primary purpose is to drive traffic to a website or another developer or other third party. * Submitting multiple duplicative content or actions to the APIs. * Submitting content that user has not provided or actions that the user has not performed in the app.

Device and network abuse

We don't allow content or actions that interfere with, disrupt, damage, or access in an unauthorized manner the user's device or other devices, computers, servers, networks, application programming interfaces (APIs), or services. This includes other content or actions sent via the API, any Google service, and the device's network.

Malicious behavior

We don't allow content or actions that steal data, secretly monitor or harm users or that are otherwise malicious.

All content or actions that collect user data must comply with the Privacy and Security sections of this policy.

The following are explicitly prohibited:

  • Viruses, trojan horses, malware, spyware, and any other malicious software.
  • Promoting or facilitating the distribution or installation of malicious software.
  • Introducing or exploiting security vulnerabilities.
  • Stealing a user's authentication information (such as usernames or passwords).
  • Tricking users into disclosing personal or authentication information.
  • Running other activity without the user's prior consent.
  • Collecting user content or user activity without proper notice and/or consent to end users.

Privacy and Security

User data

You must be transparent in how you handle user data (e.g., information provided by a user or collected about a user). This policy establishes the APIs’ minimum privacy requirements; you may need to comply with additional restrictions or procedures if required by applicable law.

You must: * Provide notice of and obtain any necessary end user consent for sharing data with Google and Google’s services * Provide a link to your privacy policy in your app - The privacy policy must comprehensively disclose how you collect, use, and share user data with our APIs. You must limit your use of the data to the activities described in the disclosures.

Prohibited Personal Data

Certain data may not be sent to our Firebase App Indexing APIs. Do not send:

  • Children’s Data: Any data collected from children where the parent must consent to the collection, use or sharing of the data or from products that are specifically targeted to such children.
  • Payment and Financial: Any data related to payments, financial transactions, or credit history/worthiness, including credit card and bank account numbers.
  • Authentication Data: Any data used for authentication.
  • Sensitive Categories: Any data related to sensitive categories, including race, religion, ethnicity, sexual orientation, political affiliation, and trade union membership.
  • Location Data: Any precise location data or other end user current location that requires location platform permissions.
  • Health/Genetic/Biometric data: Any data related to the health or medical history of an individual; genetic, biometric or data relating to uniquely identifying physical characteristics of an individual.
  • Criminal History: Any data related to an individual’s criminal history or background.
  • Sexual History: Any data related to an individual’s sexual history or background.

Conflicting Terms

These policies do not limit or amend any terms of service or other agreements that apply to the user's use of the applicable Google products or services, unless the policies expressly state that they are amending specific terms of service or agreements.