Instructions & Guidelines
Data privacy guidelines
Clearly explain your data privacy practices
Minimize the data you collect
Collect data only where you need it. Do not collect the data because you think it may be useful later. Where personal data is involved, consider de-identifying it. Also consider deleting user data when they request it or when they uninstall your add-on. Have in mind that you don’t need to store data indefinitely, put some data retention schemes in place.
Get consent for certain data use
When submitting an add-on for review you’ll have to check which data you collect in the permissions tab. You should only collect the data you checked in that tab. In this way users consent to the usage of their data when installing an add-on, but only for the purpose of an add-on. Using data for marketing, sharing data with third-parties and other data use cases not strictly required to support the operation of your add-on may require a separate consent from the user before collecting or using the data. As a general rule of thumb, you should always get consent if the user would not expect their data to be used or shared in a particular way given the purpose of your add-on.
Provide access, modification and erasure of personal data
Applicable laws and data management best practices require that you make it easy for users to get a copy of, correct and delete their personal data. This means, if you are storing personal data, you need to know where that personal data is at all times and be able to update it or remove it upon request.
Offer additional data processing terms
If you are accessing, storing or otherwise processing personal data of EEA residents, users may request that you sign and comply with additional data protection terms, consistent with Article 28 of the General Data Protection Regulation (“GDPR”). You are responsible for understanding and complying with the terms required under Article 28 of the GDPR as it relates to the user data you access, store or otherwise process in connection with the user’s consent to install and share data with your add-on.
Invest in data security
You must take reasonable steps to protect user data shared with you and collected by your add-on, including user device information. We recommend you to follow our Security guidelines for a more comprehensive list for securing your add-on.
In the event your add-on or suppliers experience a data security breach, you are responsible for communicating with users and regulators, as required by applicable law. It’s also important to let us know of the incident by emailing to email@example.com.