Guidelines for the Mozilla Products [DRAFT]

The Mozilla Product team is responsible for developing product strategies and working with relevant stakeholders to turn those strategies into a product roadmap. User privacy is a key component of all Mozilla products. The Products team, working in concert with other Mozilla teams, design and deliver competitive features and capabilities that respect a user's privacy and put him in control of what data he stores, for what purpose, and who can see that data.

Mozilla Privacy Principles

No Surprises

Specific features are designed to collect, store, and distribute as little user data as possible while still fulfilling the user's expectations for that feature.

Collected data should be used only for the purposes for which users have granted us permission.

Real Choices

The Product team works to make sure that all privacy sensitive features are designed with the user's privacy as a priority consideration.

Sensible Settings

We understand that users can be overwhelmed and learn to disregard prompts and other security and privacy questions so we design our product with sensible defaults and judicious use of interrupting prompts and dialogs.

In product and web-based help documentation and explanatory texts are a valuable tool that allows for most people to accept defaults while still being able to get more information on their decisions if they need it so we strive to make feature descriptions and help documentation as accessible and accurate as possible.

Limited Data

When we design features, we design them to only capture, send, or store data that are genuinely useful to improving the features or quality of the product.

User Control

Features are designed so that users can manage, including easily delete, locally stored data at any time. For example, a user can clear her browsing history, bookmarks, or passwords.

Features which interact with third parties are designed to help users make informed decisions about what data they share with third parties. For example, users can disable the sending of cookies or submitting data that would move from a secure to an insecure connection.

User data that is potentially personally identifiable will not be sent to Mozilla without the user's consent and in our products we strive to make that choice clear and free from overly technical jargon.

We design features so that users have the ability to review as much as possible of data they're sending to Mozilla or third parties.

Trusted Third Parties

When working with third parties, we should make it clear to users that third party policies apply.