Developers using the Google Pay APIs and Google Wallet APIs, (collectively, the “APIs”), in apps, on the web, or through other interfaces must follow the requirements listed in this Acceptable Use Policy (“AUP”), in addition to the applicable API terms of service and Google Wallet API Terms of Service. This AUP covers illegal or inappropriate content, services, activities or products prohibited from using these APIs.

Google reserves the right to expand or edit these policies at any time. Google will also exercise its sole discretion in the interpretation and enforcement of these policies in conjunction with the applicable Terms of Service.

Google also reserves the right to take any corrective action it deems appropriate if it believes or suspects that any partner or transaction violates this AUP or is otherwise illegal or unsuitable, or to disable any transaction or partner account for any reason it deems prudent. Google may also report any illegal activity in accordance with applicable laws.

To use the APIs as a biller or partner, you must comply with our policies on prohibited products and services. These restrictions would apply regardless of whether the prohibited products or services form your entire inventory or only a part of it. Partners who engage or enable any products or services prohibited by applicable local laws are not allowed to use the APIs as billers or partners. A non-exhaustive list of prohibited products and services includes the following:

• Adult products and services

  We do not allow the APIs to be used for pornography and other sexually explicit material. This includes but is not limited to: prostitution, escort or companionship services, or any product or service which promotes underage, non-consensual, or other illegal sexual themes.

• Child endangerment

  We do not allow the APIs to be used for any transactions related to products, services or content that sexualizes minors or appeals to children but contains adult themes.

  If we become aware of any transactions related to child sexual abuse imagery, Google will report such transactions to the appropriate authorities.

• Counterfeit, illegal, or stolen products and services

  We do not allow the APIs to be used for transactions of illegal products or services, products produced in violation of a third party's rights, or counterfeit goods. Counterfeit goods contain a trademark or logo that is identical to or substantially indistinguishable from the trademark or logo of another. They mimic the brand features of the product in an attempt to pass themselves off as a genuine product of the brand owner.

  We do not allow the illegal sale of products and services using Google Pay and Wallet (e.g., fake currency, tickets, smuggled goods, and goods in violation of export, import or labeling restrictions). Businesses are solely and completely responsible for verifying that all items sold by the business are authentic and legal in all applicable jurisdictions.

• Copyrighted material

  We do not allow the APIs to be used for the sale of unauthorized copyrighted material. Examples include: copies of books, music, movies, and other licensed or protected materials, including copies without proper attribution, and unauthorized copies of software, video games and other licensed or protected materials, including OEM or bundled software.

  Businesses are solely and completely responsible for ensuring that they have any and all appropriate licenses or authorizations for the sale of copyrighted material.

• Dangerous / violent goods

  We do not allow the use of the APIs for any transactions for the sale or purchase of products that may cause damage, harm, or injury (e.g., guns and other weapons, explosives, ammunition).

• Enabling dishonest behavior

  We do not allow the APIs to be used to sell products or services that are fraudulent, deceptive or designed to enable dishonest behavior. A non-exhaustive list of examples include:

  • Academic paper-writing and test-taking services
  • Devices or techniques for unlocking technical protection measures
  • Hacking and cracking materials
  • Devices for circumventing traffic rules
• Financial Services

  We do not allow the APIs to be used for the provision of any financial products or services, unless the partner holds a relevant license from or is otherwise supervised by a competent national authority such as a financial sector regulatory agency or central bank.

  In addition, we also prohibit the provision of the following products or services:

  • Cryptocurrency-related products and services (including ICO/IEO pre-sales, storage wallets or trading information), with the exception of the purchase or selling of cryptocurrencies with fiat monies through regulated entities
  • Binary options or synonymous complex speculative financial products (e.g., contracts for difference, financial spread betting, rolling spot foreign exchange, and related forms of speculative products)
  • Provision of training or signals for the trading of cryptocurrencies or complex speculative financial products, e.g., trading signals, tips, speculative trading information, affiliate sites containing related content or broker reviews
  • Personal loans which require repayment in full in 60 days or less from the date the loan is issued
  • Multi-level marketing or “get-rich-quick” schemes and businesses
  • Transactions where a second payment transaction is conducted in order to complete the first transaction or where there is a substitute merchant of record in a transaction
  • Credit repair services
  • Debt collection agencies
• Gambling

  We do not allow the APIs to be used for any gambling services which are aimed or addressed to underage individuals or to individuals that are forbidden from gambling according to local laws.

  We currently only allow the Google Pay API to be used for gambling in certain limited geographies and for restricted integration types.

  We currently only allow the Google Wallet API to be used for gambling in certain limited geographies and for restricted integration types. Categories of non-monetary gambling-related passes which are allowed to use the Google Wallet API include:

  • Passes that allow users to prove their identity or membership to enter gambling-related organizations.
  • Passes that allow users to check loyalty points / account balances for gambling-related organizations and use such balances for non-gambling purposes (e.g. redemption of points for hotel room stays).
  • Passes that allow users to check a certain result of a state or government-sponsored lottery, without any additional functionality to conduct gambling-related transactions.
  • Passes that allow promotions and offers for gambling-related transactions at another website or facility which are not subsidized or sponsored by Google.

  Other gambling-related activities that propose to use the Google Wallet API, including any form of monetary-related transactions, may be subject to additional approval processes during onboarding.

• Fund Solicitation

  We do not allow the APIs to be used for transactions or solicitation of donations to charities or organizations that are conducting unlawful or illegitimate fundraising activities.

• Healthcare

  We do not allow the APIs to be used for the provision of healthcare content and services, unless you hold a relevant license from or are otherwise supervised by a competent national authority, or the content and services are provided through individuals or organizations with such certifications.

  In addition, we also prohibit the provision of the following products or services:

  • Illegal or unapproved drugs, substances. pharmaceuticals or supplements. An indicative and non-exhaustive list of such products can be found here.
  • Drug paraphernalia
  • Miracle cure products
  • Speculative and/or experimental medical treatments, e.g., stem cell therapy, cellular (non-stem) therapy, gene therapy and similar forms of regenerative medicine, platelet rich plasma, biohacking, do-it-yourself (DIY) genetic engineering products, and gene therapy kits.
• Hateful Content

  We do not allow the APIs to be used for any transactions of products and services that promote violence, or incite hatred against individuals or groups based on race or ethnic origin, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, or any other characteristic that is associated with systemic discrimination or marginalization.

• Tobacco

  We do not allow the APIs to be used for the transaction or sale of cigars, cigarettes, e-cigarettes, and other tobacco products. Vaping or e-liquid products for use in smoking devices are also prohibited, regardless of whether they contain nicotine or not.

• Terrorist Organizations

  We do not allow the APIs to be used for any transactions or provision of products and services by terrorist organizations, or to include any content related to terrorism, such as content that promotes terrorist acts, incites violence, or celebrates terrorist attacks.

  You also may not use the APIs in any way that falsely suggests your use of the APIs is endorsed by or associated with Google, or that is likely to damage or reduce Google’s goodwill or reputation.

• Sensitive Data in Google Wallet (Private Passes)

  We do not allow the APIs to be used for processing sensitive data in Google Wallet without explicit permission from Google. Sensitive data covers the following categories:

  • Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership
  • Genetic or Biometric data for the purpose of uniquely identifying a natural person
  • Data concerning health or data concerning a natural person's sex life or sexual orientation
  • Data subject to legal regulation in the Developer's country of origin (e.g the Health Insurance Portability and Accountability Act in the United States)
  • Other forms of Sensitive Personally Identifiable Information (SPII). SPII is information which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Examples of such information include government identification numbers, driver's licenses and passport numbers.

  Passes which process sensitive data (known as Private Passes) may be subject to additional privacy controls during onboarding.

We want to help Google Pay and Wallet developers create offers and share communications that are high quality, engaging, and relevant. Our content guidelines are designed to ensure that users have a safe and trusted experience with the Google Pay and Wallet APIs, covering the categories below:

• Auto-Added Linked Passes

  For certain Passes, issuers can use the Google Wallet API to send a related pass to users who have saved an existing active pass from that issuer. These related passes must:

  • Be connected to the same issuer as the original Pass (i.e. an issuer cannot promote a separate issuer’s products or offers through a related pass).
  • Be connected to the purpose of the original Pass that the user has added, such as:
    • A promotion of a similar nature (e.g. offers for a different product offered by the same issuer).
    • A promotion related to the purpose of original Pass (e.g. a voucher to be used during an event where an events Pass is being used).
  • Not be a repetition of the content of the original Pass or other related Passes.
  • Not contain communications, offers or links to websites to redeem offers that display non-family safe, offensive or inappropriate content.
  • Ensure that any such use of trademarked or copyrighted material complies with all applicable laws and regulations, including laws on comparative advertising.
  • Represent you or your products in a way that is not accurate, realistic, and truthful.
  • Not allow the selling of additional unrelated passes by the same issuer or other issuers to users.

To aid pandemic response, eligible entities may use the Google Wallet API to provide their patients with convenient evidence of vaccination and/or test results (hereafter referred to as “COVID Cards”). Usage of the API for this purpose is subject to the Google Wallet API Terms of Service, all provisions of the Google Wallet API Acceptable Use Policy and the following additional requirements:

• Eligibility requirements

  Usage of the Google Wallet API for COVID Cards is limited to entities in one or more of the below categories. Your API access request must be accompanied by signed documentation on official letterhead verifying that you represent or are endorsed by an eligible entity.

  All entities intending to issue COVID cards must use the COVID Card vertical to do so. If an entity has already used the Google Wallet API for another purpose or vertical, they must still fulfill the below requirements and complete an API access request for the COVID Card vertical. We do not allow entities using the Google Wallet API for another vertical (e.g. loyalty passes, event tickets) to issue COVID cards without being approved for the COVID Card vertical.

  For passes that include only uninterpreted vaccine or testing data, eligible entities are:

  • Official government agencies
  • Healthcare systems or providers (e.g. CVS Health, UK National Health Service, UnitedHealth Group, Kaiser Permanente, French national healthcare system, Netcare (South Africa), One Medical, etc.);
  • Organizations authorized by public health authorities to distribute COVID-19 vaccines and/or testing

  For passes that include interpreted data (e.g. to determine an individual’s eligibility for travel or entry into public spaces), eligibility is limited to official government agencies or entities that have received permission from an official government agency. Interpreted data types are indicated with an asterisk in the Privacy requirements section below.

• Privacy requirements

  Usage of the Google Wallet API for COVID Cards must comply with the following requirements:

  • You must ensure that COVID Cards reveal the minimum amount of personally identifiable information (e.g. name, date of birth) required to achieve their purpose.
  • You must comprehensively disclose all data types you plan to reveal when onboarding. For any data types not listed below, you must include a rationale for why this data type is required for your use case. COVID Cards may, but are not required to, include the following:
    • COVID-19 Vaccine Information
      • Vaccine code (e.g., CVX), vaccine generic description, or vaccine manufacturer
      • Date of vaccination
      • Lot number
      • Dose number
      • Administering facility
      • Future dose appointment details
    • COVID-19 Test Information
      • Test code (e.g., LOINC) or test description
      • Test result
      • Date of testing
      • Administering facility
    • Issuer information (name in plaintext, public key, digital signature, contact information)
    • Patient Name
    • Patient Date of Birth
    • *Entry Eligibility Recommendation, i.e. an interpretation of an end user’s vaccination and/or testing status to determine eligibility to enter a particular space or participate in a particular activity (Note that COVID Cards using this data field are subject to additional eligibility requirements detailed above)
    • *Expiration Date and Time (Note that COVID Cards using this data field are subject to additional eligibility requirements detailed above)
    • Identity Assurance Level
  • You must not include or transmit any other sensitive personally identifiable information (e.g. government IDs, social security numbers, patient IDs, health worker IDs) without prior authorization.
• Distribution requirements

  Usage of the Google Wallet API for COVID Cards is limited to end users who are above the applicable legal age of consent. You must ensure that you only distribute the “Save to Phone” button to end users who are above the applicable legal age of consent.

Feb 26, 2024 - The Policy was updated with a new section titled “Passes API Usage Offer and Communications Policy” to outline rules on offers and communications by developers using the Google Wallet API.

Aug 15, 2023 - The Policy was updated to highlight new restrictions on gambling services for the Google Pay & Google Wallet APIs. The Policy now explicitly prohibits any gambling services which are aimed or addressed to underage individuals or to individuals that are forbidden from gambling according to local laws. In addition, the Policy outlines categories of non-monetary gambling-related passes which are allowed to use the Google Wallet API.