Here you’ll find the policies which all partners or merchants who have a Spot on Google Pay must comply with to provide a positive user experience.

Google Pay will exercise its sole discretion in the interpretation and enforcement of these policies in conjunction with the product's Terms of Service; Google Pay reserves the right to expand or edit these policies at any time. Any Spot (and all Spot content) must comply with our Google Pay Policies for Businesses, as well as any requirements in the Spot Experience guide.

A Spot must also comply with all applicable laws and regulations in any region or country that they target — for example, by including any specific disclosures required by local law.

Our policies cover the following areas:


Privacy and security

User experience

Content policies

Policy violations


Clear purpose

A Spot should inform users of its principal and significant functions in a simple and easy-to-understand manner. Each Spot should provide a concise summary of the functionality of the Spot and feature branded elements to help users associate the Spot with the underlying service provider. Please refer to the Spot Experience guide for details on our requirements.

Deceptive behavior

We don't allow any Spot that attempts to deceive users or enable dishonest behavior. We don’t allow any Spot which contains false or misleading information or claims, including in the description, title, icon, and screenshots e.g. a Spot which claims functionalities that are not possible to implement.

We don’t allow any Spot which uses another app or entity’s brand, title, logo, or name in a manner that may result in misleading users. Don’t try to imply an endorsement or relationship with another entity where none exists. Impersonation can occur even if there isn’t an intent to deceive, so please be careful when referencing any brands that do not belong to you.


Functions or features which require payment for use should make this known to users in a clear and unambiguous manner; users should not be misled regarding when payments will be required, or be offered a paid service without clear indication that they are agreeing to pay for it.

Any Spot must use Google Pay APIs for all payments transactions which take place through the Spot; payments should not be routed through any third-party payment services or processors without going through Google Pay. No digital goods transactions can take place through Google Pay.

Privacy and security

Any Spot that is deceptive, malicious, or intended to abuse or misuse any network, device, or personal data is strictly prohibited.

User data

You must be honest and transparent with users when you explain the purpose for which a Spot requests and handles user data (i.e. information collected from or about a user, including device information and contact information).

This means disclosing the collection, use, and sharing of all user data in a manifest file (i.e. listing all API calls and describing your use cases) as well as privacy policy, and limiting the use of the data to the purposes disclosed, and consented to by the user.

You must only use and retain data for purposes which users have clearly agreed to. Users should be able to readily understand the value of providing the data that a Spot requests, as well as the consequences of sharing that data. If you wish to access Google user data you must also comply with the Google API Services User Data Policy as well as our policies on the use of APIs.

Any contact information (e.g. email addresses or phone numbers) obtained may only be used for transaction-related communications; contact information must not be used for unsolicited spam or remarketing purposes. Any links in post-purchase communications with users should primarily direct users to the Spot.

Privacy policy

A Spot must include an easily accessible link to its privacy policy which thoroughly discloses the manner in which the Spot accesses, uses, stores, or shares user data. Your use of user data must be limited to the practices explicitly disclosed in your published privacy policy. If you change the way a Spot uses user data, you must notify users.

Device and network abuse

We don’t allow a Spot to make changes to the user’s device settings or request any device permissions except through our APIs.

We don’t allow any Spot to:

  • Interfere with,

  • Disrupt,

  • Damage, or

  • Provide unauthorized access to

Devices, networks, or services, including the user’s device, other devices or computers, servers, networks, APIs, other apps on the device, any Google service, or an authorized carrier’s network.

Malicious behavior

We don't allow any Spot that steals data, secretly monitors user activity, harms users in any way, or is otherwise malicious e.g. a Spot that introduces or exploits security vulnerabilities, or a Spot which links to or facilitates the distribution or installation of malicious software.

Any Spot which acts as surveillance or commercial spyware is explicitly prohibited.

Use of APIs

A Spot must not misuse APIs (e.g. access them in an unauthorized manner or for a purpose inconsistent with their documented function) or bypass APIs for functionality provided through the platform.

All API access must be in accordance with the Google APIs Terms of Service, the Google Pay APIs Terms of Service, the Google Pay APIs AUP, and the Google API Services User Data Policy. All Google Pay API calls should be clearly documented in a manifest list submitted together with a Spot. Please refer to the Spot Experience guide for instructions on the use of platform APIs.

User experience


A Spot should provide a stable, responsive user experience. We do not allow any Spot that crashes, force closes, freezes, or otherwise functions abnormally. A Spot should perform as reasonably expected by the user given the description of its functionality in the primer. Significant changes to functionality (e.g. addition of new features, changes in the core user journey, or use of new APIs) should be reported to Google.

We will take into consideration technical qualities such as latency, data, storage, and memory usage, when assessing the listing of a Spot on the platform.

For more details on the user experience, accessibility, and performance standards we expect from a Spot, please refer to the Spot Experience guide.


We don't allow any Spot that spams users by sending unsolicited messages, payment requests, or any repetitive or low-quality communications (e.g. unreadable or gibberish content).

A Spot must not send any messages, email, or other communications on behalf of the user without first giving the user the ability to confirm the content and intended recipients.

For more information on how to comply with our policies on engaging with users, refer to the Spot Experience guide.


A Spot should not display third party ads (ads for products or services not offered by the partner, or ads provided by third party ad serving infrastructure).

Content policies

Products and services offered

Developers on The Spot Platform (and all Spot content) must comply with our Google Pay Policies for Businesses and not provide any prohibited products and services, or promote any restricted products or services.

Offers and communications content

Developers on The Spot Platform (and all Spot content) must also comply with our Google Pay Policies for Businesses on offers and communications content.

Policy violations

A Spot which violates the above policies may be suspended. Furthermore, a developer account may be suspended if you have several violations or a serious violation. If this happens, any Spot associated with the suspended account will be disabled. We may no longer allow you to transact on Google Pay. Any related accounts may also get permanently suspended and you may not be allowed to open a new account. We may also report any illegal activity in accordance with applicable laws.