Security and Privacy in Charts

  • Google Charts Gallery includes both Google-authored and third-party charts, all relying on linked JavaScript libraries and some possibly sending data for preprocessing.

  • Google-authored charts are developed with privacy and security in mind, and their documentation specifies data policies.

  • Third-party chart authors agree to terms of service and program policy, including user privacy, but users should be aware that charts are JavaScript code that could contain vulnerabilities.

  • While Google doesn't share or permanently store private data uploaded to its servers for charts, third-party developers collecting data must maintain a privacy policy.

  • Users unsure about a third-party chart should examine its code to see if it sends data or uses JavaScript from a third-party site.

A Note About Security and Data Privacy

Google maintains a gallery of useful and fun charts, some of which were created by us, and others that were created by third-parties. All charts depend on linked JavaScript libraries, and some might send chart data from the browser to another location for preprocessing.

Google-Authored Charts

All Google-authored charts are developed with privacy and security considerations in mind. All Google chart documentation pages include a data policy section that describes whether a chart sends any chart data from the page.

Third-Party Charts

All third-party authors submitting to the gallery agree to the Terms of Service and Program Policy, which includes provisions to respect the privacy and other legal rights of users.

Here is a summary of our policies and privacy and security practices for third-party developers:

  • Security

    Developers are responsible for ensuring that their charts are secure and are prohibited from uploading malicious charts. We may scan charts for obvious security holes, but it is possible that a chart could contain malware. For example, charts are JavaScript code that run in a browser; as such, they can take advantage of any standard JavaScript vulnerabilities.

  • Privacy

    Developers agree to protect the privacy of users. Some charts perform all their data manipulation on the browser; others upload their data to Google or third-party sites to analyze data and perform calculations. Google doesn't share the data you've uploaded to the chart with others, except for very limited exceptions as stipulated by legal requirements, and outlined in Google's Privacy Policy. Google also does not keep the private data stored in a chart: charts where data is uploaded to Google servers is only done so for the purpose of rendering the charts for you. chart data uploaded to Google servers is maintained a short while for debugging purposes, and then discarded. Developers that create charts that collect data, agree to maintain a legally adequate privacy policy.

If you're unsure about whether to use a third party chart, look at the code to see whether it sends your data to—or uses JavaScript from—a third-party site.