A. General Rules

1. Required privacy policy and other notifications
   1. Expressly provide users with your privacy policy and adhere to it (for both information you get from a Google+ API about the user and from the user directly).
   2. Don't change your privacy policy without providing reasonable advance notice to your users. If you list your application with us, ensure that the privacy policy link in your application listing is up to date.
2. Information you may not collect, store, or share
   1. Don't collect, store, or share sensitive personal information such as credit card, bank account, driver's license, or social security numbers, except as necessary to collect payment.

B. Personal information from the Google+ APIs

This section applies to users’ personal information your application gets by calling the Google+ API.

1. Using and sharing data from the API
   1. Don't use users' personal information for purposes beyond the limited and express purpose of your application (including as it may reasonably evolve due to ongoing development), without getting specific opt-in consent from the user.
   2. Don't sell, rent, or otherwise provide a user's personal information to any third party without getting specific opt-in consent from the user. Opt-in consent isn't required to provide users' personal information to third parties, like infrastructure providers or customer service contractors, whose services are reasonably necessary to help you build or run your applications. You're responsible for how those third parties handle this information, and you must contractually require them to keep it confidential.
2. Non-public information from the API

   For non-public personal information obtained through the Google+ API, whether originally from your users or from people who have shared with your users:

   1. Don't expose that information to other users or to third parties without explicit opt-in consent from the user.
   2. Don’t use stale data. You can cache or store data you’ve obtained through the Google+ API, but to the extent reasonably possible within the context of your application, use fresh data recently fetched from the API. If the fresh data reveals that content is gone (for instance, because a user deleted it), delete it and don’t use your stale copy.
3. Deletion rules
   1. Give users a reasonably convenient way to delete any of their personal information you’ve obtained from the API.
      1. Don't show the user that their data has been deleted without actually deleting the data within a reasonable period of time.
      2. If you created an account for the user associated with their identity on Google+ (including internal accounts not explicitly exposed to the user) you must give the user a reasonably convenient way to delete that association.
      3. If a user deletes or disables their account on your system, you must give the user a reasonably convenient way to delete all personal information you obtained from the Google API.
   2. As the only exceptions to the above, you may keep the following information:
      1. Information you're required by applicable law to retain.
      2. Information you're required to retain by a separate agreement with Google.
      3. Aggregated information that does not include any of the user's personally identifying information, and would not allow that information to be inferred.

Please also note the Data Portability requirement in our Google+ Platform Terms of Service requiring you to allow users to export data equivalent to what you access via the API.

C. What you can't do in your application

1. Application listing and purpose

   If you list your application on Google+, we give you the ability to describe your application.

   1. Don't be dishonest or incomplete about the application's purpose or type in your description.
   2. Don't trick users into installing something that's significantly different from what your description leads them to expect.
   3. Don't include repetitive text, irrelevant keywords, or misleading formatting in your description.
   4. Don't list your application more than once or create multiple listings that all point to an application with essentially the same functionality.
2. User Experience
   1. Don’t mislead your users about what your application does, or trick them into using it.
   2. Don't include functionality that proxies, requests, or collects usernames, passwords, or other personal authentication information for Google accounts.
   3. Don't mimic functionality or warnings on the user's computer system or on Google.
   4. Don't induce users to violate Google's terms of service or other applicable Google policies.
   5. Don't allow unlawful gambling. You may include simulated gambling, but if you do, you must prevent your users from converting their simulated winnings into something of value outside your application, such as transferable virtual goods, virtual currency, or money.
3. Posts to the stream and notifications initiated by your application
   1. Don't do any of the following without the user taking an explicit action each time to initiate it:
      1. Post an update to the user's stream or send a notification (including invite).
      2. Modify the user's circles in any way.
      3. Share the user's location information.
   2. Don't send any posts on behalf of the user without:
      1. Showing an accurate preview of what's about to be posted and making sure the user is aware of what will cause the share action.
      2. Allowing users to append their own text.
      3. Letting users pick the individuals or circles with whom they want to share.
      4. Indicating that your application is the source of the post or notification.
   3. Don't circumvent a user's Google+ privacy settings, including the user's circles or other permission settings.
   4. Don't circumvent technical limitations on your use of Google-provided APIs, such as limits on the number or frequency of stream posts. Don't screen scrape or use any non-documented APIs.
   5. Don't circumvent any Google+ user interfaces that ensure the user is aware of and agrees to stream posts or the like made on his or her behalf.
   6. Don’t circumvent any Google+ user interfaces or settings that limit the visibility of information, such as stream posts, from others.
   7. Don't share with any third party any personal authentication mechanism granted by Google or by any user to you, including your personal certificate or a user's authorization token.
   8. Don't override the default sharing option to be “Your circles,” “Extended circles,” or “Public.”
   9. Don't encourage stream posts for banal purposes.
   10. Don't mislead users about requirements to access any functionality in your application.
   11. Don't require your users to post to the stream or issue a notification (including invites) in order to access application functionality. Posts to the stream and notifications should always be optional.
4. Security

   We take security very seriously: we can suspend your application without notice if it appears to have a security or stability issue that could affect Google or its users.

   1. If you experience a security breach or misuse of information, you must notify Google by completing this form.
   2. If you experience a breach exposing private user information, you must also notify your users.
5. Additional rules for the Google+ canvas

   Where content from your application appears while the user is on the Google+ canvas, a few extra rules apply.

   1. User experience
      1. Provide meaningful functionality. Don't just provide a link to a webpage, a piece of static content, or a pointer to install an application off of Google+. (It's OK to provide a link to install a native mobile application that uses the Google+ APIs.)
      2. Don't generate pop-ups or pop-unders in a new window.
      3. Don't employ distractions from the primary purpose of the application, like long-running animations, auto-playing video or audio, or strobing/flashing backgrounds.
      4. Don't use your application to promote or advertise alcohol, tobacco, ammunition and firearms, or other content not suitable for users under the relevant age of majority (whether in an on-canvas application, via stream posts, or other content that appears on Google+).
   2. Monetization policies
      1. Only use Google's in-app payments for in-app purchases in applications located on the Google+ canvas.
      2. Clearly and honestly describe the products or services that you are selling. Conspicuously post your terms of sale (including any refund and return policies).
      3. Make it clear that you, not Google, are the seller of your products and services.
      4. Don't require users to pay to obtain basic application functionality without explaining in your application's description that payment will be required.
      5. Please also note the requirements in our Google+ Platform Additional Terms regarding user data and third-party advertising.
6. Additional rules for Google+ history

   If you use the Google+ history API the following additional rules apply:

   1. Only write moments to Google via the history API when the user performs an activity on your application. This data should always be relevant to the user's activity.
   2. Any data you communicate through the history API must be fresh and accurately represent users' activities on your application.

D. Related Policies

1. If you use Google+ buttons, you must follow the Google+ Buttons Policy.
2. Violations of these policies are violations of the Google+ Platform Terms of Service, and can result in the disablement or removal of your application, being prohibited from providing future applications, or termination of your Google account(s).