|
| 1 | +# Privacy Policy Hosting |
| 2 | + |
| 3 | +Use this checklist to complete release issue #435 after the privacy policy text |
| 4 | +from #434 is approved. |
| 5 | + |
| 6 | +## Current Status |
| 7 | + |
| 8 | +- Final privacy policy URL: `TBD` |
| 9 | +- Hosting status: blocked until #434 provides approved policy text. |
| 10 | +- Release owner: `TBD` |
| 11 | +- Hosting owner: `TBD` |
| 12 | +- Last validation date: `TBD` |
| 13 | + |
| 14 | +Do not mark #435 complete until the final URL is active, public, and recorded |
| 15 | +below. |
| 16 | + |
| 17 | +## Hosting Requirements |
| 18 | + |
| 19 | +- Host the approved policy at a public `https://` URL. |
| 20 | +- Serve the policy as a normal web page, not as a PDF or downloadable file. |
| 21 | +- Do not require login, app installation, team membership, or special network |
| 22 | + access. |
| 23 | +- Do not publish it as a publicly editable document. |
| 24 | +- Do not geofence or otherwise restrict access by country, region, device, or |
| 25 | + account. |
| 26 | +- Keep the URL stable enough to use in the Google Play privacy policy field and |
| 27 | + in the app. |
| 28 | + |
| 29 | +## Recommended Hosting Flow |
| 30 | + |
| 31 | +1. Confirm #434 is complete and the policy text has product/legal approval. |
| 32 | +2. Choose the final hosting surface, such as the product website or another |
| 33 | + owner-managed static site. |
| 34 | +3. Publish the approved text as a standalone HTML page. |
| 35 | +4. Validate the URL using the checklist below. |
| 36 | +5. Record the final URL in this document, comment it on #435, and use the same |
| 37 | + URL for #436 and #437. |
| 38 | + |
| 39 | +## Validation Checklist |
| 40 | + |
| 41 | +- [ ] The URL starts with `https://`. |
| 42 | +- [ ] A private/incognito browser session can open the page without signing in. |
| 43 | +- [ ] `curl -I <final-url>` returns a successful HTTP status. |
| 44 | +- [ ] The response is a web page and not a PDF or file download. |
| 45 | +- [ ] The page is read-only for public visitors. |
| 46 | +- [ ] The page is reachable from a non-team network. |
| 47 | +- [ ] The page is not blocked by country, account, or device restrictions. |
| 48 | +- [ ] The visible page title clearly identifies it as OnTime's privacy policy. |
| 49 | +- [ ] The page content exactly matches the approved policy text from #434. |
| 50 | +- [ ] The final URL is recorded in this document and in the #435 issue thread. |
| 51 | + |
| 52 | +## Evidence Form |
| 53 | + |
| 54 | +Fill this out when the page is live. |
| 55 | + |
| 56 | +| Field | Value | |
| 57 | +| --- | --- | |
| 58 | +| Final privacy policy URL | `TBD` | |
| 59 | +| Approved policy source | `#434` | |
| 60 | +| Hosting surface | `TBD` | |
| 61 | +| Release owner | `TBD` | |
| 62 | +| Hosting owner | `TBD` | |
| 63 | +| Validation date | `TBD` | |
| 64 | +| HTTP status from `curl -I` | `TBD` | |
| 65 | +| Browser validation notes | `TBD` | |
| 66 | + |
| 67 | +## Handoff To Follow-Up Issues |
| 68 | + |
| 69 | +- #436: add the final URL as the in-app privacy policy link. |
| 70 | +- #437: enter the final URL in the Google Play Console privacy policy field. |
| 71 | +- #441: check Data safety answers against the approved policy and hosted page. |
0 commit comments