Data Disclosure, Collection and Management
Add-ons must limit data collection to what is necessary for functionality and use the data only for the purpose for which it was originally collected. Data includes all information the add-on collects, regardless of the manner.
Privacy Policy
You must maintain a privacy policy in the privacy policy field on addons.mozilla.org. The privacy policy must:
- be specific and exclusive to the add-on,
- set forth the data to be collected,
- If the collection of visited URLs or user search terms is required for the add-on to work, that collection must be disclosed in the privacy policy,
- If your add-on installs cookies, the placing and purpose of those cookies must be disclosed,
- clearly describe the purpose of the data collection,
- be the full policy text; it cannot be a link to an externally hosted privacy policy.
A summary of this information must be included in the add-on’s description. Finally, you and your add-on must also comply with all applicable data privacy laws as well as any other laws that may apply to your specific add-on.
Prohibited Data Collection
- Search functionality provided or loaded by the add-on must not collect search terms or intercept searches that are going to a third-party search provider.
- Collecting, or facilitating the collection of ancillary information (e.g. any data not required for the add-on’s functionality as stated in the description) is prohibited.
- The collection of browsing activity is only permitted as part of the add-on’s primary function.
User Consent
The user must be provided with a clear way to control the add-on’s data collection at the first run of the add-on. The data collection consent and control must be contained within the add-on. The consent experience must:
- Clearly state what type of data is being collected
- Link to the add-on’s privacy policy
- Inform about the impact of accepting or declining the data collection
If both personal and technical data is being collected, the user must be provided separate choices. If the user declines consent, the impact must be related to the data not being available.
Please refer to our best practices for advice and examples on how to design and implement a data collection consent prompt.
Personal Data (opt-in)
Personal information, or potentially personally identifying information, can be actively provided by the user, or obtained through extension APIs. It includes, but is not limited to names, email addresses, search terms, browsing activity data, as well as access and placement of cookies.
When collecting personal information, the user must provide affirmative consent (i.e., explicit opt-in from the user) with a clear description what type of personal data is being collected.
If the main functionality of the add-on does not work without collecting personal data, the add-on must instead provide a choice for the user to accept the collection or uninstall the add-on.
Technical & User Interaction Data (opt-out)
Technical data describes information about the environment the user is running, such as browser settings, platform information and hardware properties. User interaction data includes how the user interacts with Firefox and the installed add-ons, metrics for product improvement, and error information.
When collecting this type of information, the user must be able to disable the data collection during the initial consent experience (opt-out).
Additional Privacy Protocols
- Leaking local or user-sensitive information to websites or other applications (e.g. using native messaging) is prohibited.
- If the add-on uses native messaging, the privacy policy must clearly disclose which information is being exchanged with the application. Data exchanged must also be in accordance with our No Surprises policy.
- Browsing data from private browsing sessions must not be stored. Information that identifies a user across browsing sessions or containers must not be made available to web content.