ChromeOS - The Cloud-First, Secure OS for your Business

At Google, user security is built-in at all levels, with privacy-by-design being an integral part of our product process. Protecting and enhancing user privacy controls and transparency over their data are central to the infrastructure of Google ChromeOS.

Committed to transparency

Designed with privacy at its core, ChromeOS provides transparency to organisations by allowing them to see what data is being processed, in addition to controls over how and why your data is processed by Google.

Committed to provide control

Data privacy encompasses the protection and control of personal data, ensuring that you have the right to make decisions about how it is collected, utilised, stored, and processed.

Data processor mode: the privacy tool for admins

Data processor mode lets IT admins control how Google handles personal data on managed ChromeOS devices. When enabled, Google acts primarily as a data processor for Essential Services, processing data only for predefined purposes set by the customer (data controller). This enhances transparency and supports GDPR compliance.

Learn more

Defend your business against the latest security threats with powerful, built-in protections that keep your data and users safe by default. Secure your existing devices with ChromeOS Flex.

Talk to an expert Secure your existing devices

Proactive security protects users, data, and your time

ChromeOS automatically identifies and eliminates threats so you and your teams can spend less time worrying about security.

Reduce your endpoint attack surface

ChromeOS is a read-only operating system that automatically blocks executable files, such as malware, from running on the device. With ChromeOS device management, you’ll also unlock endpoint security controls that you can apply to specific devices, select groups, or your entire fleet.
Protect data in the browser

Protections built into Chrome keep billions of users safe on the web every day. Take your browser security to the next level with Chrome Enterprise Premium, which includes advanced capabilities such as threat and data loss prevention, context-aware access control, and more.
Create, connect, and collaborate safely

Google Workspace and Gmail were built to combat familiar and emerging threats. Secure-by-design infrastructure and cloud architecture ensures users and data are protected in every Workspace app, while Gmail’s AI-powered defenses block 99.9% of spam, phishing attempts, and malware.

ChromeOS is designed with security as a top priority, offering a multi-layered defense system to protect users and their data.

Add ChromeOS device management for more security

Manage security policies in the Google Admin console

IT administrators can manage device security policies, enforce updates, apply data loss prevention controls, and monitor device activity from a central console.
Start trial at no cost
Apply advanced security capabilities

Remotely wipe data from lost or stolen devices, block users from copying and pasting sensitive data from apps with data controls, and get insights into performance and security events of your device fleet.
Learn more

Tap into our powerful network of security solutions

Integrate with a wide range of partner platforms verified and optimised for ChromeOS.

Explore security solutions

ChromeOS is the secure choice

Learn how the advanced security capabilities of ChromeOS are protecting companies around the world.

“Having every user in the company working through Google Workspace and ChromeOS gives us a level of protection that we couldn't find with any other approach.”

—José Manuel Vera, CIO, CUF
Watch the video
“We envisioned hotels being shut down for weeks, if not months. Amazingly, this massive security challenge was solved in just one weekend with ChromeOS Flex.”

—Kari Anna Fiskvik, VP of Technology, Strawberry (formerly Nordic Choice Hotels)
Watch the video

Have questions about ChromeOS Privacy & Security?

How does ChromeOS safeguard my organisation's data?

ChromeOS offers a robust, multi-layered approach to security that helps protect your organisation's data from various threats. Its combination of built-in defenses, cloud-centric architecture, and enterprise management tools, makes it a secure choice for businesses of all sizes.

How does ChromeOS manage security for my organisation's devices?

ChromeOS combines built-in security features, a cloud-centric approach and robust management tools, to provide comprehensive protection for your organisation's devices and data.

How does ChromeOS defend malware and ransomware attacks?

ChromeOS deters users from falling hostage to harmful attacks and works with diverse application ecosystems to ensure apps are trusted while providing IT with essential controls.

• Read-only: The core operating system files are read-only, making it very difficult for malware to modify the system.

• Restriction on executable files: ChromeOS doesn't allow traditional executable files (.exe, etc.) to run, limiting the attack surface.

• Application verification: Apps from the Google Play Store and web apps are vetted and regularly scanned for security issues.

• Safe browsing: Built-in protection from malicious websites and downloads.

• Continuous and automatic updates: Frequent updates happen automatically in the background for continuous protection against the most recent threats.

• No need for anti-virus software: Active threat protection fights external attacks and employee negligence. The read-only OS, verified boot, and blocked executables eliminate the need for third-party antivirus software.

Can I use ChromeOS to comply with the GDPR?

Yes, ChromeOS can be used as part of your overall GDPR compliance effort. At Chrome, we champion initiatives that prioritise and improve the security and privacy of personal data, and want you, as a ChromeOS user, to feel confident using our services in light of GDPR requirements. For most customers using ChromeOS, Google will act as a controller over personal data, as detailed in the Google Privacy Policy. However, if ChromeOS data processor mode is available in your area and you choose to use it, Google will act primarily as a data processor over personal data processed by the core Chrome features known as Essential Services. When data processor mode is activated in the Admin console, the purposes for which Google may process this data are limited further.

Learn more in the Overview of ChromeOS data processor mode.

What legal transfer mechanism does Chrome use to send data from Europe to the United States?

As described in our Data Privacy Framework certification, Google complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (DPF) and the UK Extension to the EU-U.S. DPF as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from the EEA, Switzerland and the UK, respectively.

Learn more about our legal frameworks for data transfers.

What control do IT administrators have over data collection and usage in ChromeOS?

ChromeOS provides IT administrators with granular control over data collection and usage, through the Google Admin console. Additional controls are also available to customers using data processor mode.

What is data processor mode in the Admin Console?

Opting-in to data processor mode enables customers to shift Google’s operation as a data controller over personal data, to primarily a data processor role. Google will act primarily as a data processor when providing Essential Services, while retaining its data controller role over Service Data only in specific, pre-defined circumstances referred to as “legitimate business purposes” which are listed in the data processor mode terms. Google remains a data controller for Optional Services, which can be switched-off by IT administrators.

Learn more about data processor mode.

What is an Essential Service?

Services that are subject to the data processor terms when data processor mode is enabled. These are considered core ChromeOS services, so please note that not all Essential Services can be turned off.

What is an Optional Service?

Services that may process personal data, but are not governed by the data processor terms. These services are subject to Google’s Privacy Policy and any other feature-specific terms. All Optional Services can be turned off by IT administrators.

Is data processor mode required by GDPR?

No, use of data processor mode is not required to comply with GDPR. It does however provide additional processing restrictions and controls for administrators.

Whether data processor mode makes sense for an organisation depends upon its resource model and privacy story. Work with your appropriate counterparts (e.g. legal, compliance, and privacy teams) to determine if data processor mode is right for your organisation.

What is covered in data processor mode?

Data processor mode covers Essential Services being used on a managed ChromeOS device. It does not cover Optional Services, apps, extensions, third-party services, or any Google products / services other than ChromeOS and browser. There may be integrations of third-party services or other Google products, but those are not in-scope for data processor mode.

How do Essential Services use my data?

The personal data processed by Essential Services when data processor mode is activated can be broadly split into two categories:

• Customer Personal Data - personal data provided to Google by (or on behalf of) customers and/or their managed end users, or which is received through these services by customer and/or their end users. Some examples of Customer Personal Data are: name, email address, and personal data contained in files and docs.

• Service Data - personal data that Google collects or generates when customers and end users are interacting with ChromeOS and browser. Some examples of Service Data are: noting which policies are preferred by administrators, how many customers use a particular setting, and how Chrome is interacting with other Google services.

For in-depth descriptions of what and why each Essential Service processes data, please review the Help Center content for each service, as the data processed by each may be different.

How do Optional Services use my data?

For in-depth descriptions of what and why each Optional Services processes data, please review the Help Center content for each service, as the data processed by each may be different.

Why can’t some Essential Services be turned off?

Some Essential Services cannot be turned off because they are core to Chrome's ability to function, or for accessibility, usability, and/or user experience purposes.

Which Admin options do I have?

You can make an administrator a super administrator who can perform all tasks in the Admin console. Or you can assign a role that limits which tasks the administrator can perform, for example, by allowing them only to create groups, manage service settings, or reset a user's password.

What data is included in a DPM Takeout?

Data included is listed here.

Built with Privacy and Security at its core

Data privacy in ChromeOS

Committed to transparency

Committed to provide control

Data processor mode: the privacy tool for admins

Security starts at the endpoint

Proactive security protects users, data, and your time

ChromeOS tops security rankings

Work safer with the best of Google security

Reduce your endpoint attack surface

Built-in security that works behind the scenes

Verified Boot