Privacy Policy Expectations

This document contains the minimum expectations for what your privacy policy should include. Please note that this is not intended to be, and is not, an exhaustive list of all possible considerations that are involved in creating a privacy policy. Your privacy policy should comprehensively and fully disclose all of your privacy practices and also comply with any applicable laws and regulations, so you may need to include additional or unique information to comply with certain laws and regulations.

Something Went Wrong

We're having trouble playing this video.

Learn more

Find more video resources from Data Protocol.

Why Meta Requires Developers to have a Privacy Policy

Privacy disclosures help users understand what data you collect, why you collect it, and what you do with that data. Disclosures generally should be comprehensive, accurate, and easy for users to understand.

What a basic privacy policy should say

What information do you collect

In general, you should disclose the information that you collect from the user or about the user, either directly or via third parties. This includes any information collected automatically, such as browser information, server information, or usage information; in addition to information that you get from the user, either directly or via a permissions API.

How you process that information and the purpose for collecting that information.

Your privacy policy should disclose how you use the information you collect and a clear purpose for why you are processing user data. For example, you may use the information to provide certain services to users, to recognize them the next time they use your app, or to send them promotional emails.

How can the user request that their data be deleted?

Your privacy policy should describe a clear way for users to request the deletion of their data. This may be an email or a contact form, which should be up to date and valid.

In addition to some content requirements, our policies also require that links to your privacy policy be made available as follows:

Meta Platform Terms - 4. Privacy Policy

4.a “You will provide, maintain, and comply with a privacy policy that is available through an active, publicly available, easily accessible (including by our crawlers), and non-geoblocked URL. This URL must also be disclosed in the privacy policy field in the settings of your App Dashboard.”

The purpose of this policy is to provide your users and the public with a privacy policy on your website. Make sure that your privacy policy isn’t hidden or difficult to find, and that it isn’t geo-blocked to prevent users from certain locations from viewing it.

Crawler Access to Privacy Policies and URLs:

As part of our ongoing efforts to protect people's privacy on Facebook, we use crawlers to ensure that URLs are live and accessible to people using third party apps. As such URLs must be publicly available. We're updating our policies to ensure developers allow our crawler to access URLs specified in apps’ settings. This includes any developer-controlled URLs, including the privacy policy URL, connect URL, and other product-specific URLs.

All developers must provide a link to a privacy policy that explains what data is collected and how it is used, explain the purposes for which the data is being processed, and how users may request deletion of that data.
The linked page must be clearly marked as a privacy policy.
The privacy policy must be your own privacy policy, and not the policy of another company.
Ensure links to privacy policy are live, clickable, accessible to Meta’s crawlers and not geo-blocked on the App Dashboard and on the website.
Broken privacy policy links are considered violations and are subject to enforcement.
We recommend using the sharing debugger to check if the URL is valid (having an 200 response code) before submitting the change.

For more information, see:

To update the privacy policy URL, go to the App Dashboard and update the URL in Settings.