Chrome Extensions program policy revamp (#4169)

redirects.yaml

@@ -349,7 +349,10 @@ redirects:
   to: /docs/webstore/one_time_payments/
 
 - from: /webstore/intl/en/program_policies
-  to: /docs/webstore/program_policies/
+  to: /docs/webstore/program-policies/
+
+- from: /docs/webstore/program_policies/
+  to: /docs/webstore/program-policies/
 
 - from: /webview/overview
   to: /docs/multidevice/android/overview/

site/_data/docs/webstore/toc.yml

@@ -34,7 +34,7 @@
 - title: i18n.docs.webstore.policies
   sections:
     - url: /docs/webstore/terms/
-    - url: /docs/webstore/program_policies/
+    - url: /docs/webstore/program-policies/
     - url: /docs/webstore/trader-disclosure/
     - url: /docs/webstore/spam-faq/
     - url: /docs/webstore/deceptive_installation_tactics/

site/en/docs/extensions/mv2/user_privacy/index.md

@@ -107,7 +107,7 @@ All requested user data should be treated with care. Store and retrieve data in
 a registered domain. Always use HTTPS to connect and avoid keeping sensitive user data in the client
 side of an extension as extension storage is not encrypted.
 
-[1]: /docs/webstore/program_policies#userdata
+[1]: /docs/webstore/program-policies#userdata
 [2]: /docs/extensions/mv2/manifest
 [3]: #optional_permissions
 [4]: /docs/extensions/mv2/manifest/activeTab

site/en/docs/extensions/mv3/getstarted/extensions-101/index.md

@@ -139,14 +139,14 @@ extension and Chrome Web store documentation:
 [doc-apis]: /docs/extensions/reference/
 [doc-arch]: /docs/extensions/mv3/architecture-overview/
 [doc-content-scripts]: /docs/extensions/mv3/content_scripts/
-[doc-cws-policy]: /docs/webstore/program_policies/
+[doc-cws-policy]: /docs/webstore/program-policies/
 [doc-cws-publish]: /docs/webstore/publish/
 [doc-dev-basics]: /docs/extensions/mv3/getstarted/development-basics
 [doc-dev-overview]: /docs/extensions/mv3/devguide
 [doc-ext-pages]: /docs/extensions/mv3/architecture-overview/#html-files
 [doc-manifest]: /docs/extensions/mv3/manifest/
 [doc-options]: /docs/extensions/mv3/options/
-[doc-policy-sp]: /docs/webstore/program_policies/#single-purpose
+[doc-policy-sp]: /docs/webstore/program-policies/#single-purpose
 [doc-popup]: /docs/extensions/mv3/user_interface/#popup
 [doc-reference]: /docs/extensions/reference/
 [doc-service-worker]: /docs/extensions/mv3/service_workers/

site/en/docs/extensions/mv3/overview/index.md

@@ -186,7 +186,7 @@ or by pressing `Ctrl+Shift+F` on your keyboard.
 [crx-group]: http://groups.google.com/a/chromium.org/group/chromium-extensions
 [cws]: https://chrome.google.com/webstore
 [cws-docs]: /docs/webstore
-[cws-policies]: /docs/webstore/program_policies/
+[cws-policies]: /docs/webstore/program-policies/
 [cws-publish]: /docs/webstore/publish/
 [devmode]: /docs/extensions/mv3/getstarted/#manifest
 [dev-dashboard]: https://chrome.google.com/webstore/devconsole

site/en/docs/extensions/mv3/single_purpose/index.md

@@ -229,7 +229,7 @@ to the narrow subject matter of search.
 [3]: http://blog.chromium.org/2014/03/protecting-user-settings-on-windows.html
 [4]: https://security.googleblog.com/2017/03/expanding-protection-for-chrome-users.html
 [5]: http://blog.chromium.org/2013/12/keeping-chrome-extensions-simple.html
-[6]: /docs/webstore/program_policies?csw=1#extensions
+[6]: /docs/webstore/program-policies?csw=1#extensions
 [9]: /docs/extensions/mv3/override
 [10]: /docs/webstore/money
 [11]: #three

site/en/docs/extensions/mv3/user_privacy/index.md

@@ -6,10 +6,7 @@ updated: 2018-04-26
 description: Guidelines for ensuring that your Chrome Extension protects user privacy.
 ---
 
-Users will not install an extension if it compromises their privacy or asks for more permissions
-that it seems to need. Permission requests should make sense to users and be limited to the critical
-information necessary to implement the extension. Extensions that collect or transmit any user data
-must comply with the [user data privacy policies][1] .
+Users will not install an extension if it compromises their privacy or asks for more permissions that it seems to need. Permission requests should make sense to users and be limited to the critical information necessary to implement the extension. Extensions that collect or transmit any user data must comply with the policies under [Protecting User Privacy][user-privacy].
 
 Protect and respect extension users by including these precautions to keep their identity safe.
 
@@ -19,22 +16,13 @@ Remember: the less data an extension can access, the less data it can accidental
 
 ## Reduce required permissions {: #required_permissions }
 
-The APIs that an extension can access are specified in the `permissions` field of the [manifest][2]. The
-more permissions granted, the more avenues an attacker has to intercept information. Only the APIs
-an extension depends on should be listed, and consideration should be given to less invasive
-options. The less permissions an extension requests, the less permission warnings will be shown to a
-user. Users are more likely to install an extension with limited warnings.
+The APIs that an extension can access are specified in the `permissions` field of the [manifest][manifest]. The more permissions granted, the more avenues an attacker has to intercept information. Only the APIs an extension depends on should be listed, and consideration should be given to less invasive options. The less permissions an extension requests, the less permission warnings will be shown to a user. Users are more likely to install an extension with limited warnings.
 
-Extensions should not "future proof" access to user data by requesting permissions that they do not
-currently need, but may implement in the future. Include new permissions with extension updates and
-consider making them [optional][3].
+Extensions should not "future proof" access to user data by requesting permissions that they do not currently need, but may implement in the future. Include new permissions with extension updates and consider making them [optional][sec-optional-perms].
 
 ### activeTab {: #activeTab }
 
-Extensions using host permissions to inject scripts can often substitute [`activeTab`][4] instead.
-The `activeTab` permission will grant an extension temporary access to the currently active tab,
-only when the user _invokes_ the extension. Access is cut off when the user navigates away from or
-closes the current tab. It serves as an alternative for many uses of `<all_urls>`.
+Extensions using host permissions to inject scripts can often substitute [`activeTab`][activetab] instead. The `activeTab` permission will grant an extension temporary access to the currently active tab, only when the user _invokes_ the extension. Access is cut off when the user navigates away from or closes the current tab. It serves as an alternative for many uses of `<all_urls>`.
 
 ```json/4
 {
@@ -50,9 +38,7 @@ The activeTab permission displays no warning messages during installation.
 
 ## Opt for optional permissions {: #optional_permissions }
 
-Empower users to choose which features and permissions they need from an extension by including
-[optional permissions][5]. If a feature is not essential to the core functionality of an extension,
-make it optional and move the API or domain into the `optional_permissions` field.
+Empower users to choose which features and permissions they need from an extension by including [optional permissions][optional-perms]. If a feature is not essential to the core functionality of an extension, make it optional and move the API or domain into the `optional_permissions` field.
 
 ```json/3
 {
@@ -101,8 +87,7 @@ required permissions.
 
 ## Limit and secure user information {: #data_collection }
 
-Only request the minimum [user data][6] an extension needs. The less information an extension asks
-from a user means less exposure if the extension is compromised.
+Only request the [minimum amount of data][perms] an extension needs. The less information an extension asks from a user means less exposure if the extension is compromised.
 
 All requested user data should be treated with care. Store and retrieve data in a secure server with
 a registered domain. Always use HTTPS to connect and avoid keeping sensitive user data in the client
@@ -132,12 +117,14 @@ function saveTabData(tab) {
 }
 ```
 
-[1]: /docs/webstore/program_policies#userdata
-[2]: /docs/extensions/mv3/manifest
-[3]: #optional_permissions
-[4]: /docs/extensions/mv3/manifest/activeTab
-[5]: /docs/extensions/reference/permissions#manifest
-[6]: /webstore/user_data
+[activetab]: /docs/extensions/mv3/manifest/activeTab
+[api-storage]: /docs/extensions/reference/storage
 [api-tab]: /docs/extensions/reference/tabs/#type-Tab
 [api-window]: /docs/extensions/reference/windows/#type-Window
-[api-storage]: /docs/extensions/reference/storage
+[handling-reqs]: /docs/webstore/program-policies/data-handling/
+[limited-use]: /docs/webstore/program-policies/limited-use/
+[manifest]: /docs/extensions/mv3/manifest
+[optional-perms]: /docs/extensions/reference/permissions#manifest
+[perms]: /docs/webstore/program-policies/permissions/
+[sec-optional-perms]: #optional_permissions
+[user-privacy]: /docs/webstore/program-policies/#:~:text=protecting%20user%20privacy

site/en/docs/extensions/whatsnew/index.md

@@ -217,7 +217,7 @@ December 10, 2021
 
 Added [a new reference page](/docs/webstore/review-process) that provides an overview of the Chrome
 Web Store review process and explains how [developer program
-policy](/docs/webstore/program_policies/) enforcement is handled.
+policy](/docs/webstore/program-policies/) enforcement is handled.
 
 ### Chrome 98: scripting.executeScript() and scripting.insertCSS() accept multiple files {: #m98-execute-multiple-files }
 
@@ -370,7 +370,7 @@ resources can load an extension's pages and enables the use of low level web pla
 
 June 29, 2021
 
-The Chrome Web Store [Developer Program Policies](/docs/webstore/program_policies) have been updated
+The Chrome Web Store [Developer Program Policies](/docs/webstore/program-policies) have been updated
 with clarifications to the deceptive installation tactics, spam, and repetitive content policies.
 This update also includes a new two step verification requirement to publish on the Chrome Web
 Store. [Read the blog post](/blog/policy-update-2sv/) for more information.

site/en/docs/webstore/best_practices/index.md

@@ -54,7 +54,7 @@ If you already have a login system, consider correlating the Google Account ID t
 in your system. You can use the [Chrome Identity API][identity-api] to support Google accounts in the following
 ways:
 
-- Google OAuth2/OpenID: See [Identifying the User][identify-user]. 
+- Google OAuth2/OpenID: See [Identifying the User][identify-user].
 - OAuth2: See [Authenticate users with Google][oauth2-tutorial].
 
 ## Keep ex-users' data for 30 days or more
@@ -107,7 +107,7 @@ that is most appropriate:
 [identity-api]: /docs/extensions/reference/identity/
 [identify-user]: /docs/webstore/identify_user
 [mv3-overview]: /docs/extensions/mv3/intro/mv3-overview/
-[program policies]: /docs/webstore/program_policies/
+[program policies]: /docs/webstore/program-policies/
 [stay-secure]: /docs/extensions/mv3/security/
 [supplying-images]: /docs/webstore/images/
 [user-data-faq]: /docs/webstore/user_data/

site/en/docs/webstore/complaint-faq/index.md

@@ -19,7 +19,7 @@ You can use the [CWS Support form][cws-support-form] to raise concerns with Goog
   removed. If you believe your developer account was wrongly terminated, you can request further clarifications or to appeal the removal
   decision.
 - **General concerns:** You can also contact Google for all other concerns, account transfers,
-  technical support, developer dashboard issues, or any questions about terms and policies. 
+  technical support, developer dashboard issues, or any questions about terms and policies.
 
 ## How can I as a developer in the EU raise concerns related to the Platform To Business (P2B) regulations in Europe? {: #how-can-i-as-a-developer-in-the-eu-raise-concerns-related-to-the-platform-to-business-p2b-regulations-in-europe }
 
@@ -65,4 +65,4 @@ stats on the dashboard, extensions between developers, and developer account rec
 known to require longer investigation times.
 
 [cws-support-form]: https://support.google.com/chrome_webstore/contact/one_stop_support
-[program-policies]: /docs/webstore/program_policies
+[program-policies]: /docs/webstore/program-policies

site/en/docs/webstore/cws-dashboard-privacy/index.md

@@ -90,7 +90,7 @@ If you haven't done so yet, complete your listing by
 -  Filling out your [store listing][listing]
 
 [distribution]: /docs/webstore/cws-dashboard-distribution/
-[extension-policies]: /docs/webstore/program_policies/#extensions
+[extension-policies]: /docs/webstore/program-policies/#extensions
 [listing]: /docs/webstore/cws-dashboard-listing/
 [minimum-permissions]: /docs/extensions/mv3/security/#permissions
 [remote-code]: /docs/extensions/mv3/intro/mv3-overview/#remotely-hosted-code

site/en/docs/webstore/deceptive_installation_tactics/index.md

@@ -138,5 +138,5 @@ process FAQ][complaint-faq].
 [ads-misrepresentation]: https://support.google.com/adspolicy/answer/6020955
 [complaint-faq]: /docs/webstore/complaint-faq
 [cws-support-form]: https://support.google.com/chrome_webstore/contact/one_stop_support
-[program-policies]: /docs/webstore/program_policies
+[program-policies]: /docs/webstore/program-policies
 

site/en/docs/webstore/faq/index.md

@@ -342,7 +342,7 @@ Business related issues by contacting [CWS support][cws-support].
 [internationalize]: /docs/webstore/i18n
 [malware-policy]: https://www.google.com/about/company/unwanted-software-policy.html
 [manifest-version]: /docs/extensions/mv3/manifestVersion
-[program-policies]: /docs/webstore/program_policies
+[program-policies]: /docs/webstore/program-policies
 [region-distribution]: /docs/webstore/cws-dashboard-distribution/#setting-the-geographic-distribution
 [stackoverflow-extensions]: https://stackoverflow.com/questions/tagged/google-chrome-extension
 [support-url]: /docs/webstore/cws-dashboard-listing/#support-url

site/en/docs/webstore/manage/index.md

@@ -10,7 +10,7 @@ description: >
 This page describes how to manage an extension or theme ("item") that was previously submitted to
 the Chrome Web Store.
 
-## About the lifecycle of an item in the Chrome Web Store 
+## About the lifecycle of an item in the Chrome Web Store
 
 All Chrome Web Store items go through an automated [review process][cws-review]. In some instances a manual review
 is required, especially when sensitive permissions are requested. For this reason review times
@@ -20,7 +20,7 @@ it's important to keep track of your item's status. See the lifecycle diagram be
 {% Img src="image/BhuKGJaIeLNPW9ehns59NfwqKxF2/yakIoAzWEchO8urosQLs.png", alt="Diagram of lifecycle of a Chrome Web Store item", width="800", height="177" %}
 
 ## Check your item's status
- 
+
 The status of your item appears in the [developer dashboard][dev-dashboard] next to each item. The
 status can be Published, Pending, Rejected, or Taken Down.
 
@@ -31,7 +31,7 @@ To stay informed of your item's status, you can:
 
 -  **Enable email notifications**. There are mandatory emails like take down or rejection
    notifications that are enabled by default. To receive notification when your item is published or
-   staged, you can enable email notifications in the Account page. 
+   staged, you can enable email notifications in the Account page.
 
     {% Img src="image/BhuKGJaIeLNPW9ehns59NfwqKxF2/FgPIwRl3QEbNowNV1zRn.png", alt="How to enable
     email notifications", width="658", height="219" %}
@@ -56,11 +56,11 @@ Status Tab", width="700", height="276" %}
 If you have been informed about a violation and you do not rectify your item will be taken down. See
 [Violation enforcement][enforcement] for more details.
 
-{% Aside %} 
+{% Aside %}
 
 To request further clarification on the reasons for the take down or appeal the decision
 contact [Chrome Web Store Developer Support][cws-support]. For more examples and instructions on how
-you can remedy the problem check the [Troubleshooting guide][troubleshooting]. 
+you can remedy the problem check the [Troubleshooting guide][troubleshooting].
 
 {% endAside %}
 
@@ -179,8 +179,8 @@ statistics chart", width="800", height="299" %}
 ### Daily installs and uninstalls
 
 You can track customer acquisition and churn using these reports:
-- Track acquisition using the daily install report. 
-- Monitor user churn using the daily uninstalls analytics. 
+- Track acquisition using the daily install report.
+- Monitor user churn using the daily uninstalls analytics.
 
 These numbers include new and returning
   users. You can configure this data by country, language, operating system, or time period using
@@ -214,7 +214,7 @@ analytics id", width="787", height="121" %}
 [cws-review]: /docs/webstore/review-process/
 [cws-support]: https://support.google.com/chrome_webstore/contact/dev_account_transfer
 [dev-dashboard]: https://chrome.google.com/webstore/devconsole
-[dev-policies]: /docs/webstore/program_policies
+[dev-policies]: /docs/webstore/program-policies
 [enforcement]: /docs/webstore/review-process/#enforcement
 [support-tab]: #user-support-tab
 [troubleshooting]: /docs/webstore/troubleshooting/

site/en/docs/webstore/program-policies/accepting-payment/index.md

@@ -0,0 +1,20 @@
+---
+layout: "layouts/doc-post.njk"
+title: "Accepting Payment From Users"
+date: 2022-11-01
+---
+
+If you collect sensitive personal information through your Product for sales, you must follow these requirements:
+
+1. You must securely collect, store, and transmit all credit card and other sensitive personal information in accordance with privacy and data security laws and payment card industry rules.
+
+1. You must avoid misleading users. For example, clearly and honestly describe the products or services that you are selling and conspicuously post your terms of sale (including any refund and return policies).
+
+1. If your Product requires the user to pay to obtain basic functionality, you must make that clear in the description that the user sees when choosing whether to install it.
+
+1. You must clearly identify that you, not Google, are the seller of the products or services.
+
+1. Regardless of the method of payment, you may not process payment transactions that are prohibited for Google Checkout under the [Google Checkout Seller Terms of Service][checkout-terms]. This includes any illegal transaction or the sale or exchange of any illegal or prohibited goods or services, including the prohibited products set forth in the [Content Policies for Google Checkout][checkout-policies].
+
+[checkout-terms]: http://checkout.google.com/termsOfService?type=Seller
+[checkout-policies]: http://checkout.google.com/seller/content_policies.html

site/en/docs/webstore/program-policies/ads/index.md

@@ -0,0 +1,34 @@
+---
+layout: "layouts/doc-post.njk"
+title: "Ads"
+date: 2022-11-01
+---
+
+1. Ads are considered part of your Product for purposes of content review and compliance with developer terms, and therefore must comply with the above content policies.
+
+1. Ads which are inconsistent with the [content rating][content-rating] of your products or extension are also in violation of our developer terms.
+
+1. Currently, AdSense may not be used to serve ads in Products, per [AdSense policies][adsense].
+
+1. Ads must be presented in context or clearly state which product they are bundled with.
+
+1. Ads must also be easily removable by either adjusting the settings or uninstalling the product altogether.
+
+1. Ads may not simulate or impersonate system notifications or warnings.
+
+1. Forcing the user to click on ads or submit personal information for advertising purposes in order to fully use an app or extension provides a poor user experience and is prohibited.
+
+1. Ads associated with your product may not interfere with any ads on a third-party website or application. You may show ads alongside a third-party website only if all of the following criteria are met:
+
+    1. This behavior is clearly disclosed to the user.
+
+    1. There is clear attribution of the ads' source wherever those ads appear.
+
+    1. The ads do not interfere with any native ads or functionality of the website.
+
+    1. The ads do not mimic or impersonate the native ads or content on the third-party website, and the ads adhere to the content policy on [impersonation][impersonation] and [misleading behavior][misleading].
+
+[content-rating]: /docs/webstore/rating/
+[adsense]: https://support.google.com/adsense/bin/answer.py?hl=en&answer=48182
+[impersonation]: /docs/webstore/program-policies/impersonation-and-intellectual-property/
+[misleading]: /docs/webstore/program-policies/unexpected-behavior/

site/en/docs/webstore/program-policies/api-use/index.md

@@ -0,0 +1,7 @@
+---
+layout: "layouts/doc-post.njk"
+title: "API Use"
+date: 2022-11-01
+---
+
+1. Extensions must use existing Chrome APIs for their designated use case. Use of any other method, for which an API exists, would be considered a violation. For example, overriding the Chrome New Tab Page through any means other than the URL Overrides API is not permitted.