The best privacy settings for a Google account start with one toggle: Web & App Activity. Turning it off at Google Account > Data & Privacy > Web & App Activity immediately stops Google from collecting your search history, Chrome browsing data, Maps queries, Play Store activity, and more. From there, you should disable Location History (now called Timeline), turn off Ad Personalization through My AdCenter, review third-party app access under Security settings, and enable 2-Step Verification. For most people, running through these five changes takes about ten minutes and dramatically reduces what Google knows about you. But Google’s privacy landscape has shifted in early 2026 in ways that demand attention beyond the usual toggles.
The company’s Gemini AI now builds a persistent memory profile from your conversations — enabled by default since late 2025. Meanwhile, Google officially shut down its Dark Web Report tool on February 16-17, 2026, leaving users to rely on alternative security tools. And passkeys have matured into a viable replacement for traditional passwords across supported services. This article walks through every major privacy setting worth changing, the tradeoffs involved in each decision, and the newer features most people do not yet know about. This guide covers the core data collection controls, Gemini’s memory and how to disable it, ad tracking, third-party app audits, security hardening, and what Google’s Dark Web Report shutdown means for your monitoring strategy going forward.
Table of Contents
- What Are the Most Important Google Account Privacy Settings to Change First?
- How Gemini AI Memory Changes Your Google Privacy in 2026
- Why You Should Audit Third-Party App Access on Your Google Account
- How to Balance Google Ad Personalization With Usability
- What Google’s Dark Web Report Shutdown Means for Your Security
- Strengthening Your Google Account With 2-Step Verification and Passkeys
- Using Google’s Privacy Checkup to Stay Current
- Conclusion
- Frequently Asked Questions
What Are the Most Important Google Account Privacy Settings to Change First?
The single most impactful setting is Web & App Activity, and it is not close. This one toggle governs whether Google records your searches, your Chrome browsing history when synced, your Maps queries, your Play Store downloads, and your interactions with Google Assistant. Within this setting, two sub-toggles deserve separate attention: “Include voice and audio activity,” which lets Google store recordings of your voice interactions, and a Google Lens / Circle to Search option that saves images you search to your history. Both are on by default. Turning off all three stops the bulk of Google’s passive data collection about your daily habits. If you are not ready to disable Web & App Activity entirely — say, because you rely on personalized search results or Google Assistant recommendations — the auto-delete controls offer a middle ground. You can set your data to automatically purge after 3 months, 18 months, or 36 months.
Google itself recommends enabling these. The 3-month option strikes the best balance for privacy-conscious users: it keeps enough recent data for services to function while preventing Google from building a years-long behavioral profile. The 18- and 36-month options are better than nothing but still leave a substantial window of accumulated data. Location History, now rebranded as Timeline, is the second setting to address. Navigate to Google Account > Data & Privacy > Timeline to disable it. When off, Google stops storing location data tied to your account. This matters because location data is among the most sensitive categories of personal information — it reveals where you live, work, worship, seek medical care, and socialize. YouTube History can be independently disabled from the same Data & Privacy section and is worth turning off if you want to prevent Google from profiling your media consumption.
How Gemini AI Memory Changes Your Google Privacy in 2026
Google rolled out Gemini’s memory feature globally in late 2025, and it introduced a category of data collection that many users have not yet noticed. The feature allows Gemini to reference your past conversations to build a profile of your preferences, habits, and interests. It uses this profile to personalize future responses. The problem is that it is enabled by default, meaning Gemini has been quietly learning about you from every conversation since the feature launched — unless you explicitly turned it off. To disable Gemini’s memory, go to Gemini Settings > Personal Context and toggle off “Your past chats with Gemini.” For individual conversations where you want privacy without changing your global setting, Google introduced Temporary Chats.
Conversations in this mode are not saved, are not used for personalization or AI training, and are stored for only 72 hours before deletion. This is useful when you need to discuss sensitive topics — medical questions, financial details, legal matters — without that information becoming part of your permanent Gemini profile. However, there is another Gemini-related setting that is easy to overlook. The Gemini Apps Activity setting, renamed to “Keep Activity” as of September 2, 2025, allows Google to use a sample of your uploaded files and photos to improve its services when enabled. If you regularly upload documents or images to Gemini for analysis, this means copies of that content may be retained and reviewed. Users handling confidential business documents or personal records should disable this setting, keeping in mind that doing so may slightly reduce the quality of Gemini’s responses over time since it will not learn from your usage patterns.
Why You Should Audit Third-Party App Access on Your Google Account
One of the most overlooked privacy risks in any Google account is the collection of third-party apps that have been granted access over the years. Every time you click “Sign in with Google” on a website or grant an app permission to read your Gmail, Calendar, or Drive, that connection persists until you manually revoke it. Old apps you no longer use — a fitness tracker from three years ago, a project management tool from a job you left, a quiz app you tried once — may still be quietly accessing your data. To audit these connections, go to Google Account > Security > Third-party apps with account access. You will likely find apps you forgot existed. A common example: users who signed up for a scheduling tool during a temporary project discover it still has read access to their entire Google Calendar, including events added long after they stopped using the tool.
Revoke access for anything you do not actively use. The app will stop accessing your data immediately, and if you ever need it again, you can simply re-authorize it. The risk here is not hypothetical. Third-party apps with Google account access have been involved in data breaches and unauthorized data sharing incidents. The fewer active connections your account has, the smaller your attack surface. Make this audit a quarterly habit — set a calendar reminder if needed.
How to Balance Google Ad Personalization With Usability
Ad Personalization can be fully disabled at Google Account > Data & Privacy > My AdCenter. When you turn it off, Google stops using your data to tailor the ads you see across its platforms and partner sites. You will still see ads — Google’s business model guarantees that — but they will be generic rather than targeted. Instead of seeing ads for running shoes after researching marathon training, you might see ads for local car dealerships or insurance companies. The tradeoff is real and worth considering honestly. Some users prefer targeted ads because they surface products and services they actually care about. Others find targeted advertising intrusive, especially when it reveals how much Google knows about their interests, health concerns, or financial situation.
There is no objectively correct answer here. What matters is making a deliberate choice rather than accepting the default. If you disable Ad Personalization and find the generic ads more annoying than the targeted ones, you can always re-enable it — no data is lost in the process. One nuance that catches people off guard: disabling Ad Personalization in your Google account does not stop all ad tracking across the internet. Other ad networks, social media platforms, and data brokers continue their own tracking independently. For broader ad-tracking protection, you would need browser-level tools like uBlock Origin, Firefox’s Enhanced Tracking Protection, or a privacy-focused DNS service. Google’s toggle is one layer of a multi-layer problem.
What Google’s Dark Web Report Shutdown Means for Your Security
Google confirmed that it shut down its Dark Web Report tool in early 2026. Scans ended on January 15, 2026, and the tool fully ceased operations on February 16-17, 2026, with all associated user data wiped from Google’s servers. Google cited user feedback that the feature “failed to provide useful follow-up steps” as the reason for discontinuation. In practice, the tool would alert users that their email appeared in a breach but offered little guidance on what to do next — a frustrating experience that left many users more anxious than empowered. Google recommends users switch to three alternative tools: Security Checkup, Password Manager, and Password Checkup. Security Checkup reviews your account’s overall security posture, including recovery options and device access.
Password Manager stores and generates strong passwords. Password Checkup, arguably the most useful replacement, alerts you when saved passwords appear in known data breaches and prompts you to change them. Together, these tools cover the most actionable aspects of what Dark Web Report attempted to do. The limitation is that none of these alternatives actively scan dark web forums and marketplaces for your personal information the way the Dark Web Report did, however imperfectly. If dark web monitoring matters to you — and for anyone whose data has appeared in major breaches, it should — third-party services like Have I Been Pwned (free) or paid monitoring through identity protection services remain your best options. Google leaving this space does not mean the threat has diminished.
Strengthening Your Google Account With 2-Step Verification and Passkeys
Two-Step Verification should be enabled on every Google account without exception. It requires a second approval step — through an authenticator app, a physical security key, or a trusted device prompt — after entering your password. This means that even if your password is compromised in a data breach, an attacker cannot access your account without also controlling your second factor. Google has made enabling 2SV straightforward, and the minor inconvenience of an extra step at login is negligible compared to the security it provides. Passkeys represent the next evolution.
Now supported by Google as a passwordless sign-in method, passkeys use your device’s biometric authentication (fingerprint or face recognition) or a PIN to verify your identity. They cannot be phished, cannot be leaked in a database breach, and cannot be reused across sites. For users who set up passkeys on their primary devices, the login experience is actually faster and simpler than typing a password. The main limitation today is device dependency — if you lose access to all your passkey-enrolled devices simultaneously, recovery requires fallback methods. Keep your recovery options current.
Using Google’s Privacy Checkup to Stay Current
Google’s built-in Privacy Checkup tool, accessible at myaccount.google.com/privacycheckup, walks you through all major privacy decisions in one guided flow. It covers Web & App Activity, Location History, YouTube History, Ad Personalization, and more in a step-by-step format that is less overwhelming than navigating the settings menus individually. For users who are unsure where to start, this is the most efficient entry point.
The privacy landscape for Google accounts is not static. New features like Gemini’s memory, the rebranding of settings like Location History to Timeline and Gemini Apps Activity to Keep Activity, and the sunsetting of tools like Dark Web Report mean that a privacy audit you performed six months ago may already be outdated. Treat your Google privacy settings the way you treat software updates — check them regularly, at least every quarter, and adjust as new features roll out. Google will continue adding AI-powered features that default to collecting more data, and staying ahead of those defaults is the most practical privacy strategy available.
Conclusion
Locking down a Google account requires attention to a handful of critical settings: Web & App Activity and its sub-toggles for voice and Lens data, Location History (Timeline), YouTube History, Ad Personalization, third-party app access, and the newer Gemini memory and Keep Activity controls. Layer security on top with 2-Step Verification or passkeys, and use Password Checkup to monitor for compromised credentials now that Dark Web Report is gone. Google’s Privacy Checkup tool provides a convenient single-page walkthrough for anyone who wants to handle everything in one sitting.
The pattern with Google is consistent: new features default to maximum data collection, and privacy requires opting out rather than opting in. This is not likely to change. The best defense is building a habit of periodic review — checking your settings quarterly, revoking stale third-party app connections, and paying attention when Google announces new AI features. Ten minutes of settings management every few months is a small price for meaningful control over one of the largest repositories of personal data on the internet.
Frequently Asked Questions
Does turning off Web & App Activity break Google Search or other services?
No. Google Search, Maps, Gmail, and other core services continue to function normally. You lose personalized search results and recommendations, meaning search results become more generic. Some users find this acceptable or even preferable, while others miss the convenience of tailored suggestions.
Will I still see ads if I disable Ad Personalization?
Yes. Disabling Ad Personalization does not remove ads from Google services or partner sites. It only stops Google from using your personal data to target those ads. You will see the same number of ads, but they will be less relevant to your interests.
What happens to my existing data when I turn off Location History?
Turning off Location History stops future location data from being collected, but it does not automatically delete past data. You need to manually delete your location history from the Timeline settings or set up auto-delete to purge historical data after 3, 18, or 36 months.
Is Gemini’s Temporary Chat mode truly private?
Temporary Chats are not saved to your Gemini history, are not used for personalization, and are not used for AI training. However, Google does store them for 72 hours, likely for abuse monitoring and safety review. After 72 hours, they are deleted. This is more private than standard chats but not equivalent to an end-to-end encrypted conversation.
Should I use passkeys instead of 2-Step Verification?
Passkeys and 2-Step Verification serve different but complementary purposes. Passkeys replace your password entirely with biometric or PIN-based authentication, while 2SV adds a second layer on top of your existing password. For maximum security, set up passkeys on your primary devices and keep 2SV enabled as a fallback for situations where passkeys are not available.
What replaced Google’s Dark Web Report for monitoring data breaches?
Google recommends its Security Checkup, Password Manager, and Password Checkup tools. For dedicated dark web monitoring, third-party services like Have I Been Pwned offer free breach notification. Paid identity protection services from companies like Aura or LifeLock provide more comprehensive dark web scanning if you want ongoing monitoring.