Contact mechanism provided for privacy-related inquiries

Why it matters

GDPR Art. 13(1)(a) requires the data controller's contact details to be provided to users. GDPR Art. 77 gives users the right to lodge a complaint with a supervisory authority if their privacy concerns are not addressed — that right is meaningless without a contact mechanism for raising concerns first. CCPA §1798.130 requires businesses to designate at least two means for consumers to submit data rights requests. Chrome Web Store policy also requires developers to be contactable about their data practices. An extension with no privacy contact forces users with legitimate concerns directly to regulatory complaints or store reviews, both of which damage the developer's standing.

Remediation

Add a privacy contact to your options.html and your privacy policy. In the UI:

<!-- In options.html -->
<footer>
  <p>Privacy questions? Contact us: 
    <a href="mailto:privacy@example.com">privacy@example.com</a>
  </p>
</footer>

In PRIVACY.md:

## Contact Us

For questions about your data or to request deletion, email:
privacy@example.com

We respond to privacy requests within 30 days.

Use a dedicated privacy email address rather than a general support alias — it signals that privacy requests are handled separately and seriously, and makes GDPR Art. 17 deletion requests easier to track.

Detection

ID: extension-data-privacy.third-party-sharing.privacy-contact
Severity: low
What to look for: Check the extension's privacy policy, options page, or manifest for a way to contact the developer about privacy concerns. Look for an email address, support form, or link to a contact page.
Pass criteria: Count all contact mechanisms found across the privacy policy, options page, and manifest. Privacy policy or options page includes at least 1 clear way to contact the developer for privacy questions (email, form, or link).
Fail criteria: No contact mechanism provided for privacy inquiries.
Skip (N/A) when: Never — contact for privacy issues is often a legal requirement (GDPR, CCPA).
Detail on fail: Example: "No privacy contact information provided in policy or extension UI" or "Email address listed in privacy policy is outdated (bounces)."

Remediation: Add a privacy contact to your policy and options page:

<!-- In options.html -->
<p>
  Questions about privacy? Email us at
  <a href="mailto:privacy@example.com">privacy@example.com</a>
</p>

And in your privacy policy:

## Contact Us

If you have concerns about your privacy or our data practices,
please contact us at privacy@example.com.

External references

gdpr · Art. 13(1)(a) — Identity and contact details of the controller

gdpr · Art. 77 — Right to lodge a complaint — requires controller contact info

ccpa · §1798.130 — Methods for submitting consumer requests

external · chrome-web-store-user-data-policy — Chrome Web Store User Data Privacy Policy — Contact info required for privacy inquiries

Why it matters

Remediation

Add a privacy contact to your options.html and your privacy policy. In the UI:

<!-- In options.html -->
<footer>
  <p>Privacy questions? Contact us: 
    <a href="mailto:privacy@example.com">privacy@example.com</a>
  </p>
</footer>

In PRIVACY.md:

## Contact Us

For questions about your data or to request deletion, email:
privacy@example.com

We respond to privacy requests within 30 days.

Detection

ID: extension-data-privacy.third-party-sharing.privacy-contact
Severity: low
What to look for: Check the extension's privacy policy, options page, or manifest for a way to contact the developer about privacy concerns. Look for an email address, support form, or link to a contact page.
Pass criteria: Count all contact mechanisms found across the privacy policy, options page, and manifest. Privacy policy or options page includes at least 1 clear way to contact the developer for privacy questions (email, form, or link).
Fail criteria: No contact mechanism provided for privacy inquiries.
Skip (N/A) when: Never — contact for privacy issues is often a legal requirement (GDPR, CCPA).
Detail on fail: Example: "No privacy contact information provided in policy or extension UI" or "Email address listed in privacy policy is outdated (bounces)."

Remediation: Add a privacy contact to your policy and options page:

<!-- In options.html -->
<p>
  Questions about privacy? Email us at
  <a href="mailto:privacy@example.com">privacy@example.com</a>
</p>

And in your privacy policy:

## Contact Us

If you have concerns about your privacy or our data practices,
please contact us at privacy@example.com.

External references

gdpr · Art. 13(1)(a) — Identity and contact details of the controller

gdpr · Art. 77 — Right to lodge a complaint — requires controller contact info

ccpa · §1798.130 — Methods for submitting consumer requests

external · chrome-web-store-user-data-policy — Chrome Web Store User Data Privacy Policy — Contact info required for privacy inquiries

Contact mechanism provided for privacy-related inquiries

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History

Contact mechanism provided for privacy-related inquiries

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History