Google provides translated versions of our Help Center, though they are not meant to change the content of our policies. The English version is the official language we use to enforce our policies. To view this article in a different language, use the language dropdown at the bottom of the page.
Google Ads store sales measurements allows you to measure offline sales using sales data that you upload (or that a third party uploads on your behalf) to produce an aggregated report demonstrating how such sales are influenced by ad campaigns Google has carried out on your behalf. Google is committed to protecting the confidentiality and security of the data you share with us. This article explains how Google handles the data files you upload (or that a third party uploads on your behalf) for use in store sales measurement.
How we handle your data
The data files you upload will be used to match your customers to Google accounts and report the offline sales influenced by campaigns that Google has run on your behalf using its ads products. We'll keep your data confidential and secure using the same industry-leading standards we use to protect our own users’ data.
Here’s how the data you upload is handled:
- Limited data use: Google will only use your data files for store sales (uploads) to provide you services, including technical support, and to ensure compliance with our policies. For example, we'll match the transaction data that you upload with ad click and view data from ad campaigns that Google has run on your behalf, to report aggregated offline conversions or perform incrementality studies. To improve your store sales measurement, Google may also combine your uploaded transaction data with data from other Google measurement products you use, such as store visits. For some products, you may also instruct Google to generate Customer Match lists using the transaction data uploaded. Google uses privacy-safe conversion data for the overall benefit of advertisers for certain features such as automated Smart Bidding to improve their overall quality and accuracy.
- Limited data access: Google uses employee access controls to protect your data files from unauthorized access.
- Limited data sharing: Google won’t share your data files with any third party, including other advertisers. Where required, we may share this data to meet any applicable law, regulation, legal process or enforceable governmental request.
- Data security: Google is committed to ensuring that the systems we use to store your data files remain secure and reliable. We have dedicated security engineering teams to protect against external threats to our systems, and we store all your data files in an encrypted format to protect against unauthorized access. We only report anonymized and aggregated data.
Data security certifications
ISO 27001
Google has earned ISO 27001 certification for the systems, applications, people, technology, processes and data centers serving a number of Google products, including store sales (uploads). Download the Google Ads/Analytics Scope Expansion Certificate — ISO27001 (PDF) or learn more about ISO 27001.
About the matching process
Here are more details about the matching process and how we process the files you upload (or that a third party uploads on your behalf):
- You're responsible for putting together your data files. Customer data needs to be hashed using the SHA256 algorithm, which is the industry standard for one-way hashing. If you are performing a one-time upload of a .csv file through the Google Ads interface, you may choose to upload unhashed data since it will be automatically hashed in the browser upon submission. For all other file formats, such as XLS or Google Sheets, and for all other upload types, such as Scheduled Uploads or the Google Ads API, the customer data must be manually hashed using the SHA256 algorithm in the source file prior to submission.
- Only the personally identifiable customer data in your files, such as email, phone numbers, first name, and last name should be hashed. Please don't hash country, state, and zip code data.
- You must upload the data files using Google Ads or the Google Ads API. We use Transport Layer Security (TLS) for your upload, which is the industry standard for securely transferring files.
- Email matching: For matching based on your customers’ email addresses, after you've uploaded your data file with hashed email addresses, Google Ads will compare each hashed string in your file with the hashed string or email address of Google accounts. If there's a match, we'll mark those transaction records as matched.
- Address matching: For matching based on your customers’ mailing addresses, Google joins hashed name and address information for Google accounts to construct a matching key. After you've uploaded your data file with hashed customer names and addresses (don’t hash zip code and country data), Google constructs a similar key based on your data and then compares each key in your file with the keys based on Google accounts. If there's a match, we'll mark those transaction records as matched.
- Phone matching: Similar to email matching, after you've uploaded your data file with hashed phone numbers, Google Ads will compare each hashed string in your file with the hashed string or phone numbers of Google accounts. If there's a match, we'll mark those transaction records as matched.
- Google will use the matched transaction records to combine with ad click or view information from campaigns you've instructed Google to run, to produce aggregated reports demonstrating offline sales driven by Google advertising.
Last updated: January 2024