@ryan - Just to clarify this process relates to the update to our Marketplace Vendor Agreement (effecting 31 March 2019) and unrelated to the cloud REST API deprecation notice (currently in effect, originally planned for 29 March 2019 but recently extended to 29 April 2019).
WRT the de-listing process happening before 31 March 2019 there may be some overlap with the work we’re doing for GDPR which is causing some confusion (apologies for that).
Prior to 25 May 2018 we contacted vendors in the Atlassian Marketplace with missing “Data security and privacy statements” in their app listings via email to inform them of the new requirement for Server Apps. This was a requirement for cloud apps prior to that notification.
In December 2019 we introduced a new field called “App stores personal data” and announced via the community and via email that this was a required field for all apps (with an additional requirement for cloud apps storing personal data to implement the personal data reporting API). The community post also included notice of the changes to the Marketplace Vendor Terms which introduced additional requirements for privacy policy and customer terms / EULA.
The de-listings to date should have been for the requirements already in effect (privacy policy and storing PD). If your app was de-listed and you contacted Atlassian Marketplace Vendor Support to have your app listing unhidden we may have informed you about the requirement for EULA / customer terms to prevent future de-listing per this requirement.