Chrome Web Store policy mandates a privacy policy link for any extension that collects user data — failure to provide one is a direct cause of rejection or takedown. Beyond the store requirement, GDPR Art. 13 requires controllers to provide privacy information at the point of data collection, and CCPA §1798.100 requires consumers to be informed of data practices before collection. An extension that buries its privacy policy or omits it entirely prevents users from exercising their GDPR rights to access, correction, and erasure. Prominent, accessible disclosure is the first signal that a developer takes user privacy seriously.
High because missing or inaccessible privacy policy links are a direct Chrome Web Store policy violation that triggers removal — and they prevent users from exercising GDPR and CCPA data rights they are legally entitled to.
Add the privacy policy link to both required locations. In your extension's options.html or popup.html:
<footer>
<a href="https://example.com/privacy" target="_blank" rel="noopener noreferrer">
Privacy Policy
</a>
</footer>
In your Chrome Web Store listing description, include a direct markdown link:
Learn about our data practices: https://example.com/privacy
Both links must resolve to the same policy and must be clearly labeled — not embedded in small print or accessible only through a "More" toggle. Cross-reference the data-sharing-disclosed and retention-periods checks to ensure the linked policy is substantively complete.
ID: extension-data-privacy.privacy-disclosures.privacy-policy-visible
Severity: high
What to look for: Check the Chrome Web Store listing metadata for a privacy policy link in the description or listing fields. Examine the extension's options page (options.html) or popup for a link to the privacy policy. Look for clarity and prominence — is it easy to find?
Pass criteria: Count all locations where the privacy policy is linked. Privacy policy link is present in at least 2 locations: the store listing and the extension's options page. Links are clearly labeled and directly accessible (not buried in footer or small text).
Fail criteria: No privacy policy link in store listing. Options page lacks a privacy policy link or reference.
Cross-reference: For privacy policy content quality (retention periods, third-party disclosures), see the retention-periods and data-sharing-disclosed checks.
Skip (N/A) when: Never — privacy policy disclosure is required by Chrome Web Store policies.
Detail on fail: Specify what's missing. Example: "No privacy policy link in store listing metadata" or "Options page provides no way to access privacy policy. Last paragraph mentions 'see our privacy policy' but no link provided."
Remediation: Add privacy policy link to both locations:
<!-- In options.html or popup.html -->
<p>
<a href="https://example.com/privacy" target="_blank" rel="noopener">
Privacy Policy
</a>
</p>
And update the store listing description to include: "Learn about our data practices in our Privacy Policy."