Google denies using Gmail to train its AI models

Google is knocking down a viral post on social media that falsely claims the company’s search engine posts personal text messages to its homepage. The company says that it does not employ the contents of users’ emails to train Gemini or any other general-purpose models, and toggling Gmail’s smart features doesn’t put anyone into AI training.

What Google says about Gmail data and AI training

Under published privacy commitments for Workspace and Gemini, Google’s label for artificial intelligence that interacts with all this data, the company says it doesn’t use customer data from tools such as Gmail, Docs, Drive, or Calendar to improve its general-purpose models unless it has been explicitly granted permission. Model development, Google says, draws on a blend of publicly available information, licensed data, or synthetic or human-curated inputs — but not your private emails.

The company also cites years-old enterprise terms that include its Data Processing Addendum for Workspace, which contractually limits how customer data can be used. Those assurances are aimed at business, education, and government users — but the core principle is the same for consumer Gmail, Google says: product features might process your messages on your account, but that’s separate from training companywide models.

The smart features confusion and what it means

The source of the confusion comes from Gmail’s smart features and personalization settings, which facilitate functionality such as Smart Reply, Smart Compose, automatic email classification, and reminders to follow up. Google’s system data analyses process information for you when turned on, including account signals and models from across your mail in the product experience.

That processing isn’t the same as funneling your messages into a huge training data set. Think of it as the computation you asked to be done on your behalf in order to make features work, not raw material that leads to increasingly large models beneath everything at Google. If you’d rather those features not appear, you can disable them in your settings, and Workspace admins can apply company-wide controls.

How training for general AI models actually works

Training affordable frontier models like Gemini will generally require diverse corpora: public web pages, licensed news and books, code, and multi-modal (e.g., image+text) datasets that license holders have approved for use. And companies also pour human feedback and evaluations into making systems safer and better for their users. Content from private users of services like Gmail is housed behind access controls because it is so sensitive — and frequently shielded by contracts and laws.

Google emphasized two (separate) ways to personalize. For instance, Smart Compose and context-aware recommendations are adapted to your personal writing style over time, but that adaptation is done on your account rather than feeding those learnings back into a shared pool to retrain Google’s general models. This is a governance decision as much as a technical one designed to minimize the risk of leaking data.

Privacy history and the pressure from regulators

Gmail has been a flashpoint for privacy in the past. Google stopped scanning consumer Gmail for ad personalization in 2017 and tightened third-party access to the service as part of its Project Strobe program after coming under scrutiny from regulators and advocacy groups. Instead, every API that can access Gmail data now demands limited scopes and full security assessments.

The stakes are higher than ever this time around. In the United States, the Federal Trade Commission has started issuing warnings to AI developers for how they’re mismanaging sensitive data. In Europe, the GDPR has very stringent purpose limitations and consent requirements. And it’s not difficult to see why people would get caught up in these claims about email training, with industry surveys from bodies such as the IAPP revealing that consumers are increasingly suspicious of how AI will use their data — and why companies are scrambling to lay out their policies.

Why the distinction between features and training matters

Productization and model training present risks in different ways. Feature-level processing does work on data to provide value and generally keeps information in a local context. Training a general model risks mixing together sources of data and sending information into the world in ways that are increasingly difficult to trace back or reverse, which is why companies draw harder lines around certain sources like email, medical records, or classroom materials.

Many privacy engineers advocate for data minimization, purpose limitation, and layered technical controls (like access logging, differential privacy where possible, and model red-teaming).

Google’s commitments reflect that strategy, at least in theory, by segregating Workspace data from general model training unless an organization opts into specific programs.

What to do now to manage Gmail and privacy settings

If you’re still feeling uneasy, you do have options. Review Gmail’s smart features and customization settings to fit your preferences. Review your account’s data and privacy dashboard to see who else has access, prune connected apps and devices you’ve used in the past, and switch on two-factor authentication. Admin console tools allow Workspace admins to set data regions, limit third-party access, and monitor usage.

The bottom line: Contrary to viral posts, your private Gmail messages aren’t getting fed into Gemini or other wide AI models, Google says. The company still has work to do to prove those boundaries exist in practice, but on this specific claim the existing policy documentation and enterprise agreements contend against Google’s denial.