Google Gemini
Google's multimodal AI assistant across gemini.google.com, the Gemini app, Workspace, and Android, spanning text, image, audio, video, code, and deep research.
Independent assessment across data handling, compliance, security and transparency.
Overview
Google Gemini is the consumer- and enterprise-facing interface to Google's Gemini model family. It runs on the web, iOS, Android, inside Workspace apps (Docs, Gmail, Sheets, Meet), and through Google AI Pro and AI Ultra subscriptions, with Veo for video and Imagen for images. Consumer Gemini activity may be reviewed by humans and used to improve Google's public models, while Gemini in Workspace Business/Enterprise and Vertex AI are contractually excluded from training and carry SOC 1/2/3, ISO 27001/27017/27018/27701/42001, HIPAA, and FedRAMP High coverage depending on edition.
Risk by subscription tier
2The same vendor often carries very different risk depending on the plan. Free tiers typically allow training on prompts, paid tiers usually do not.
| Plan | Risk |
|---|---|
| {"PRO" | 7/10·High |
| {"FREE" | 8/10·Critical |
Risk factors
3- Consumer-first tool with potential data training
- No SSO for enterprise accounts
- User data may be used for model improvement
Recommendations
8- Steer employees to Gemini inside their Workspace tenant rather than consumer gemini.google.com; enforce via SSO and DLP
- For Workspace admins, confirm Gemini is covered by the existing Google Workspace DPA and BAA (where signed)
- Disable Gemini Apps Activity by policy for consumer accounts used with corporate data and document the attestation
- Block personal-Google-account use on managed devices via Chrome Enterprise / MDM policy
- For PHI, confine usage to Gemini in Workspace editions covered by the BAA; verify in the HIPAA implementation guide
- Use Workspace DLP rules to detect sensitive data flowing into Gemini side panels in Docs, Sheets, and Gmail
- For developer workloads, require Vertex AI with customer-managed encryption keys instead of AI Studio free tier
- Train users that Search AI Mode, AI Overviews, and Gemini consumer are not covered by the Workspace data boundary
Data handling
- Storage
- Hosted in Google Cloud globally; Workspace and Vertex AI editions support regional data residency (US, EU, and others) and CMEK.
- Retention
- Consumer Gemini Apps Activity defaults to 18 months; disabling it still keeps conversations up to 72 hours. Workspace and Vertex AI retention is governed by the customer's admin settings.
- Training on inputs
- Consumer Gemini conversations may be used to train Google's public models and reviewed by humans when Activity is on. Gemini for Workspace (Business/Enterprise) and Vertex AI prompts/outputs are not used to train foundation models.
More Chatbots tools
See all →AI21 Jurassic
Large language model chat and text generation by AI21 Labs.
ARC Search
AI-enhanced mobile browser with smart page summarization.
Abacus AI
Enterprise AI platform for building custom LLM-powered applications.
Ada AI
AI-powered customer service automation platform.
Andi Search
AI-powered search engine that provides direct conversational answers.
Anyscale
Scalable AI compute platform for deploying and serving LLMs.