How to write G Suite privacy policy which Google Cloud Platform/API Trust & Safety loves?

Updated: June 3, 2020

The addon will need some scopes for working properly. For example, the Bulk Barcode QR Code Generator & Mail merge addon requires the script.external_request scope because this add-on will need to call a Paypal web service for showing all pricing options which user can choose. If you do not get OAuth approval from Google Cloud Platform/API Trust & Safety team, when user clicks “Authorize access” button, they will see a warning message this app isn't verified.

Almost all users will give up your add-on immediately when they see the above error. To get verification, you need to send an OAuth Request via Google Cloud console. First of all, you need to write a clear and concise privacy policy like this. Here are all steps you need to know
1.Host privacy policy page in a trusted domain

  • You should host the website in the trusted domain and Google will verify it. I highly recommend to use [Google domain[(https://domains.google/)] because it is very cheap and it is very easy to be verified by Google Cloud.
    2.Explain about all scopes
  • You have to explain all scopes which add-on will use in the Privacy policy. For example, Bulk Barcode QR Code Generator addon has used 3 scopes
    script.container.ui and script.external_request and spreadsheets
  • Google will show the information which user can understand easily like this:
  • Privacy policy page has to explain why add-on uses these scopes. For example, Bulk Barcode QR Code Generator will use Connect to an external service because add-on will use Paypal web service API for payment. You can take a look at Privacy policy of this addon for more details.
<