Frequently asked questions

“Free” is paid for with data. Convenience is not the problem—high dependence on one company makes privacy, account suspension, policy changes, and AI use your personal risk. You do not need to replace everything; email and browser alone can make a big difference.

Choosing services and exporting your data is legal. Google Takeout is an official export tool. Gray areas exist (e.g. Aurora Store), but migrating to mainstream alternatives is generally fine.

Full balance is hard in some cases, but gradual de-Googling is practical. Example: DuckDuckGo for search, Bitwarden for passwords, Immich for photos—you can keep ~80% of daily convenience while protecting the most sensitive parts.

Organizational requirements are not something you override at home. Separate school and personal devices, use minimal-permission Google accounts, restrict Activity settings, and plan data export before graduation.

You can start at zero (Firefox, DuckDuckGo, KeePassXC, Organic Maps). For comfort, expect roughly €3–10/month (Proton, Fastmail, domain, NAS amortization). Making the “hidden cost” of ads visible helps decision-making.

Search queries, location (Maps/Timeline/Android), email and document content (processed for features and security), YouTube watch history, Chrome browsing data, device identifiers, ad IDs, and more. “My Activity” shows much—but not all—processing. Not every operation is visible there.

Results change with login state, history, and region for the same keywords. For diversity and objectivity, logged-out search or multiple engines helps. Eli Pariser’s “filter bubble” popularized this concern.

It depends on account type and settings. Google says Workspace Business/Education data is not used for training; personal accounts should check “Gemini Apps Activity” and related controls. Terms and settings change often—review quarterly since 2024.

Yes. Google is a U.S. company—terms, storage regions, and government access follow that legal frame. Even for personal use, weigh jurisdiction and encryption for sensitive data. Businesses need DPA review under APPI (Japan’s privacy law).

GDPR applies directly in the EU, but DMA/GDPR shape Google’s global products—consent screens, portability, defaults. EU rulings and fines influence other regulators and ripple to users worldwide.

Try the appeal form (Google Account Help) and export via Takeout while you still can. Move OAuth-linked services to separate logins. Going forward, split email, auth, and storage—and never keep your only copy in one cloud.

Follow 3-2-1: three copies, two media types, one off-site. Run Google Takeout on a schedule, use NAS or external HDD, encrypt (Cryptomator/VeraCrypt). Treat cloud as one backup—not the only store.

It depends on the service. Search and browser: minutes. Email: one to two weeks including account updates. Photos and Drive: hours to days by volume. Use the Playground to prioritize and spread the load.

It is a solid starting point, but metadata can be lost (Gmail labels, Docs comment history, etc.). For critical data, check per-service exports too. Test imports at small scale on the destination first.

High impact × low difficulty: (1) browser (2) search (3) password manager (4) email with custom domain (5) photo backup. The Playground can generate an order tailored to your usage.

Follow your organization’s compliance policy. Healthcare (HIPAA), finance, and attorney–client privilege may require specific Google Cloud contracts (BAA, etc.). For high sensitivity, consider E2EE (CryptPad, Tresorit) or self-hosting (Nextcloud).

2FA greatly improves phishing resistance (especially passkeys/FIDO2). But you still depend on Google itself. Suspension risk, OAuth chains, and data-use issues are not solved by 2FA alone. Use non-Google auth for critical services.

Operational load definitely increases. Auto updates, backups, HTTPS, and firewall rules are mandatory. Managed Nextcloud on Hetzner or SaaS like Proton/Fastmail are strong middle paths between self-host and big tech cloud.

Yes. /e/OS, GrapheneOS, LineageOS + microG are practical for many users. Most apps work except some banking and Google Pay. For full compatibility, GrapheneOS sandboxed Play or microG is the realistic compromise.

EU DMA/GDPR, U.S. antitrust cases, and Google’s own privacy policy updates are public issues covered by major media and governments. Understanding risk and choosing accordingly is reasonable digital literacy.