Mozilla Firefox

Firefox Extension Privacy Policy

Mozilla addons.mozilla.org has historically been one of the strictest extension stores when it comes to privacy review. Here is what your Firefox extension privacy policy must cover in 2026.

Last updated · Reviewed for compliance

AK
Written by Anupam Kumar
Updated
8 min read
Reviewed for compliance

Mozilla AMO 2026 rules

Mozilla requires Firefox extensions that collect any user data to publish a clear privacy policy and to declare data collection through the addons.mozilla.org listing. Mozilla's review process is human led for many extensions and reviewers actively compare policy text against extension behaviour. Vague or boilerplate policies that do not match the extension's actual data flows are rejected or sent back with detailed feedback.

How the Mozilla AMO Review Works

Firefox extensions are distributed through addons.mozilla.org, often called AMO. AMO has both automated and human review tracks, depending on what your extension does. Extensions that request sensitive permissions, request all sites access, or use remote scripts typically get human review.

During human review, a Mozilla volunteer or staff reviewer reads your privacy policy and compares it against your extension's behaviour. They check whether your manifest permissions match what the policy describes, whether the extension contacts any servers the policy does not name, and whether the data collection statement on your AMO listing is accurate.

Mozilla rejects extensions whose policies are generic boilerplate, do not name the extension, or contradict the extension's actual behaviour. Specificity is the single most important quality of a Firefox extension privacy policy.

The AMO Listing Data Collection Field

When you create or update an AMO listing, you fill in a data collection field that tells users at install time what your extension collects. This is separate from the privacy policy URL but must be consistent with it.

Be honest in this field. Users see it before they install. Mozilla penalises listings whose data collection field understates what the extension actually does, and reviewers will ask you to correct it.

If your data collection list and your privacy policy disagree, Mozilla treats it as a misleading listing. Always update both at the same time when something changes.

What a Firefox Extension Privacy Policy Must Include

Name your extension, your company or developer name, and a contact email at the top. Reviewers check that the document clearly belongs to the extension being submitted.

List every category of personal data the extension collects, accesses, or transmits. Be specific. Include any data sent to your own servers, any data sent to third party services, and any data stored locally that could be considered personal.

Describe how the data is used, who has access, how it is secured, and how long it is retained. Add a section explaining how users can request access, correction, or deletion. If your extension users are in the EU or UK, include the GDPR legal basis for processing.

End with a last updated date and a note about how users will be notified of material changes to the policy.

Common Issues Mozilla Reviewers Flag

Boilerplate policies that look like they were generated for a generic website. Mozilla flags these regularly. Customize the template to your specific extension before submission.

Missing third party disclosures. If your extension contacts Google Analytics, an error reporting service, an ad network, or any other third party, name them. Reviewers see the network traffic during testing.

Policies that contradict the manifest. If your manifest requests the history permission but the policy says we do not access browsing history, reviewers reject the listing. Make sure the policy reflects what the manifest enables.

Frequently Asked Questions

Does every Firefox extension need a privacy policy?

Mozilla requires a privacy policy for any extension that collects or transmits user data. Extensions that genuinely process nothing personal can submit without one, but reviewers still recommend a brief policy that clearly states no data is collected, to avoid confusion at install time.

Can I reuse my Chrome extension privacy policy for Firefox?

Yes, with care. The legal substance carries over because both browsers use the WebExtensions API. Update the policy to reference both Chrome and Firefox by name, and double check that any browser specific behaviour you describe matches the Firefox build of the extension.

How long does Mozilla AMO review take with a privacy policy in place?

Automated review can complete in minutes. Human review usually takes a few business days for routine extensions, longer for those with sensitive permissions. A clear, accurate privacy policy speeds up review because it removes the most common reason for back and forth with reviewers.

Does Firefox have a data handling certification like Chrome?

Mozilla uses the data collection field on the AMO listing instead of a separate certification page. The field captures the same information at a higher level. Be sure your data collection field, your privacy policy, and your manifest all agree.

Generate a Mozilla AMO ready privacy policy

Specific, reviewer friendly, GDPR ready, and updated for 2026 Firefox extension review.

Related Resources

Privacy Policy for Chrome Extension

Companion guide for the Chrome Web Store.

Chrome Extension Privacy Policy Template

Template that works for Firefox after small edits.

Chrome Extension GDPR Compliance

EU and UK user rights for browser extensions.

Edge Extension Privacy Policy Requirements

The Microsoft Edge sister rules.