Currently, an add-on’s privacy policy and EULA are hosted directly on AMO through the listing settings. The big drawback to this is that I already have a privacy policy page on my website for the add-ons, since the Chrome Web Store and Microsoft Store both required a URL, not direct text. So that means that if I make a change to either of these policies, I need to remember to log into AMO to change the text in there.
The obvious workaround, since the AMO supports HTML link tags, is to simply add a “click here to view the privacy policy” link instead of text. However, this creates a subpar experience for the user, since they have to click the privacy policy on the left sidebar on AMO and then click another link of the privacy policy page.
Having the text option is great for some developers, but it would be nice to also have the option to simply point to an externally hosted policy.
Privacy Policy must be available at the time of review. A remote Privacy Policy is subject to change (as often does and you have posted this topic for this very reason). Therefore, there should always be a static copy on AMO.
Especially when doing crossbrowser webextension development, privacy policies is a bit of a mess. Google wants you to make one general privacy policy as a publisher of potentially multiple browser extensions. And it has to be posted externally.
Mozilla on the other hand, wants you to make a separate privacy policy for every extension you publish, and it has to be posted on AMO.
Because I only have one browser extension (also) available in Chrome Web Store, for a period I was pointing to AMO for my privacy policy. But Google was not too happy about that arrangement.
For the extension that I have available for both Firefox and Chrome, I now have my privacy policy hosted on GitHub, and copy updates to the “mirror” on AMO. I have considered trying to make my AMO Privacy Policy page just point to policy on my GitHub, but don’t know if that would be accepted. Right now there’s a risk of two conflicting privacy policies, if I update on GitHub and forget to copy updates to AMO too…
@stig, yeah Google is a bit of an outlier there. I’ve always got around that by pointing Google to a privacy policy page where the user then has to select the browser extension they want to view the policy for.
I can’t remember off the top of my head if Microsoft Edge is different. I believe they want an external policy for each add-on, which seems to be the most logical way to do it, in my opinion.