Data Safety/Data Safety Consultation Meeting Notes/2012-02-14/Marketplace Data Safety Questionnaire

From MozillaWiki
Jump to: navigation, search

Data Safety Review Questionnaire
Project: Marketplace
Contact (name / email): Ragavan Srinivasan (ragavan@mozilla.com) and Justin Scott (fligtar@mozilla.com)
Date request received: x Jan 2012
Data Safety Review Date: 14 Feb 2012

About Your Project

  1. Brief description of your project:
    • Mozilla Marketplace allows users to discover, purchase, and install apps and add-ons from a variety of devices. It allows developers developers to submit their apps and add-ons, and charge money for them.
  2. Links to your project documentation (both internal and external, wikis, etc.):
  3. Current state of your project:
    • Rearchitecting AMO codebase and infrastructure to support payments, apps, and new designs and features.
  4. Key release / launch dates:
    • Feb. 23 - Developer Registration milestone
    • March 29 - Consumer Beta
    • June 21 - Launch
  5. Core technical components and features:
    • marketplace.mozilla.org, the interface through which users and developers interact
    • backend APIs and services
  6. Stakeholders involved with your project (internal and external):
    • add-on developers
    • AMO editors
    • add-on users
    • app developers
    • partners
    • AMO developers
    • Apps team
    • Firefox team
    • Identity team
    • B2G team
  7. Does your project deploy new or modify web application code that runs on Mozilla infrastructure? (Yes / No)
    • yes
  8. Does your project deploy or modify client-run software (such as Firefox or Android applications)? (Yes / No)
    • kinda (we distribute apps and add-ons, which run client code)
  9. Does your project change how we generate, store, share or collect information from users? (Yes / No)
    • yes
  10. Do you have a privacy policy for your project / site? (Yes / No)
    • yes, standard
    1. If yes, provide link:

User Data

  1. Does your project collect data from users? (Yes / No)
    • yes
    1. If yes, what type of data would you need to collect? (e.g., email, name, location, log data, URLs, browser history, etc.)
  2. Why do you need to collect user data?
    • (answer copied from draft privacy policy)
    • In the Marketplace:
      • When you register or log in to the Marketplace using BrowserID, your email address will be used to verify your identity.
      • Your registered email address may be used to inform you of activity or transactions in the Marketplace specifically related to you, and you may choose to opt-in to additional communications at any time.
      • If you write app or add-on reviews, create a collection, or create other content in the Marketplace, your chosen display name or username will be displayed publicly.
      • You may optionally fill in details of your user profile, such as a homepage or profile picture, that will be displayed publicly.
      • When you perform a search in the Marketplace, your search terms may be used in aggregate to better understand usage of the Marketplace.
      • If you purchase an App, we sign your receipt with the email address that you registered with the Marketplace. The developer of that App may access that email address to verify your receipt.
      • When you purchase an App or Add-on from a developer, they may receive information about you from your selected payment provider, as described in that provider’s privacy policy.
      • We help you maintain a history of your transactional activity (e.g., which Apps you have purchased). No financial information (e.g., credit card info that you have used to make purchases in the Marketplace) is collected, retained or used by Mozilla at this time.
      • We record the Apps and Add-ons that you purchase or download while logged in to your Marketplace account, and may use this data to provide relevant recommendations on other Apps and Add-ons you may be interested in.
      • For an enhanced Marketplace experience, you may opt in to link your Marketplace account with your accounts on social networks. This is entirely optional and may be removed by you at any time.
      • If you ask us to send an App or Add-on to your phone, we will ask for your phone number and, with your permission, save it for future convenience.
      • If you are a developer who submits an App or Add-on to the Marketplace, we will ask for detailed information about your product that may be displayed publicly, unless otherwise noted. If you wish to use payments in your product, we will ask for your legal name and address in order to validate your identity.
    • Outside the Marketplace:
      • Add-ons installed in Firefox and other Mozilla products may check for new versions with the Marketplace each day, as well as for updates to other metadata as described in the Firefox Privacy Policy. In aggregate, these pings are used to determine the number of active users of an add-on. You may opt out of the metadata as described here, and add-on updates as described here.
      • The Get Add-ons page of the Add-ons Manager in Firefox may include the add-ons you have installed in order to provide relevant recommendations of other add-ons to install, as described in the Firefox Privacy Policy. You may opt out of this as described here.
      • Apps installed may... (still need to determine what pings apps will do)
  3. How is this data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.)
    • Entered by the user in forms, primarily.
  4. Will your project / team members need to retain user data? (Yes / No)
    • Yes
    1. If yes, for how long?
      • Depends on the data. Content created on the site (submission, reviews, collections) are kept unless deleted by the user, and in some cases, past that (we need to continue verifying receipts even if an App is removed from the marketplace). Account information is kept until deleted by the user.
      • Logs of submissions and uploads are kept much longer for security.
  5. Will user data be collected from global locations (outside the U.S.) and stored in those locations? (Yes / No)
    • Data will be collected internationally, but is currently only planned to be stored in the US. Eventually it will be stored in other countries we have datacenters.
    1. If yes, provide locations (i.e., country names) for data collection and data storage:
  6. Will any user data be shared or accessed by third party partners, customers or providers? (Yes / No)
    • Yes.
    1. If yes, please answer questions below:
    2. What is the data being shared or accessed?
      • Email address.
    3. How would the data be communicated / transferred to the third parties?
      • Signed receipts
    4. Who are the third party vendors and in what countries are they based?
      • App developers all over the world.
Retrieved from "https://wiki.mozilla.org/index.php?title=Data_Safety/Data_Safety_Consultation_Meeting_Notes/2012-02-14/Marketplace_Data_Safety_Questionnaire&oldid=402758"