Google adheres to the U.S. Safe Harbor principles on the protection of privacy.
Google follows 5 principles which dictate its privacy policy:
A detailed description of the use that is made of personal data is provided in a document entitled Privacy Rules.
When Google intends to use personal data for purposes other than those specified in this document, it will seek explicit permission from the user. The user may then choose to refuse such use.
Let's look at the key elements of the Privacy Rules.
Data such as the username, the password, mail address, or credit card number (in encrypted form, obviously) is collected for the sole purpose of improving the quality of service.
C ookies are small files, stored locally on a desktop computer, which contain strings of characters, transmitted by a web server. They are used, for instance, to uniquely identify a user session. Google's goal, here as well, is to improve quality of service by storing for each user his or her preferences or search habits.
To ensure strict privacy, data is both encrypted and stored on servers in a non-contiguous manner. For even greater security, file names are randomized. For instance, it is totally impossible to reconstruct all files belonging to one user.
To prevent hacking, the Google security team works in close collaboration with companies specializing in security to continuously optimize its infrastructures. Most of Google's software infrastructure is not standard but was developed specifically by Google for its own purposes. On the software side, each server is equipped with the strict minimum that is necessary to perform the tasks to which it is dedicated.