Privacy policy clauses for Firebase Storage / Firestore / Realtime Database
Firebase Storage, Firestore, and Realtime Database are Google Cloud services that store user-generated files, documents, and real-time synchronized data. Websites use these services to securely store application data, enable real-time collaboration, and scale database infrastructure without managing servers.
Free scan · No signup · Results in 60 seconds
What data Firebase Storage / Firestore / Realtime Database collects
Your privacy policy must disclose each of the following data types when you use Firebase Storage / Firestore / Realtime Database.
When does Firebase Storage / Firestore / Realtime Database trigger privacy obligations?
Firebase Storage / Firestore / Realtime Database triggers compliance obligations the moment you begin transmitting user data—including user-generated content, files, or structured application data—to Google's servers in the United States.
Immediate data flows:
Once the Firebase SDK initializes, IP addresses, device identifiers, and Firebase-specific tokens are sent to Google infrastructure. If you collect user-generated content or files, those move to Google-controlled storage buckets (Firebase Storage) or document stores (Firestore / Realtime Database), establishing Google LLC as a data processor.
GDPR applicability (EU/UK users): If your app or site has any EU or UK users, GDPR applies immediately. You must establish a lawful basis (usually consent or contract) under GDPR Article 6, treat Google as a processor under Article 28, and execute a Data Processing Addendum (DPA). The Standard Contractual Clauses (SCCs) framework applies to the US transfer; post-*Schrems II*, you must document supplementary safeguards.
