Platform Policy

If you use Social Plugins, Facebook SDKs, or operate a Platform app or website, you must follow our Statement of Rights and Responsibilities and these additional rules unless you have our written permission to do otherwise.

Introduction
I. Features and Functionality
II. Data Collection and Use
III. Content
IV. Application Integration Points
V. Enforcement
VI. Changes
VII. Branding and Promotion
VIII. Advertising Guidelines
IX. Payments Terms
X. Ads API
XI. License
XII. Definitions

Introduction

Date of Last Revision: August 20, 2013

Facebook Platform is an extension of Facebook, whose mission is to make the world more open and connected.

This agreement was written in English (US). To the extent any translated version of this agreement conflicts with the English version, the English version controls.

Additional Languages


Principles

Create a great user experience

  • Build social and engaging applications
  • Give users choice and control
  • Help users share expressive and relevant content

Be trustworthy

  • Respect privacy
  • Don't mislead, confuse, defraud, or surprise users
  • Don't spam - encourage authentic communications

I. Features and Functionality

  1. You must not violate any law or the rights of any individual or entity, and must not expose Facebook or Facebook users to harm or legal liability as determined by us in our sole discretion. In particular you will (if applicable): comply with the Video Privacy Protection Act (VPPA), and obtain any opt-in consent necessary from users so that user data subject to the VPPA may be shared on Facebook. You represent that any disclosure to us will not be incidental to the ordinary course of your business.
  2. You must not include functionality that proxies, requests or collects Facebook usernames or passwords.
  3. You must not circumvent (or claim to circumvent) our intended limitations on core Facebook features and functionality.
  4. If you offer a service for a user that integrates user data into a physical product (such as a scrapbook or calendar), you must only create a physical product for that user's personal and non-commercial use.
  5. If you exceed, or plan to exceed, any of the following thresholds please contact us as you may be subject to additional terms: (>5M MAU) or (>100M API calls per day) or (>50M impressions per day).
  6. Your app or website must offer an explicit "Log Out" option.
  7. Special provision for apps on Pages: When a user visits your Page, if they have not given explicit permission by authorizing your Facebook app or directly providing information to your Page, you may only use information obtained from us and the user's interaction with your Page in connection with that Page. For example, although you may use aggregate analytics for your individual Page, you must not combine information from any other sources to customize the user's experience on your Page and may not use any information about the user's interaction with your Page in any other context (such as analytics or customization across other Pages or websites).
  8. You must not use or make derivative use of Facebook icons, or use terms for Facebook features and functionality, if such use could confuse users into thinking that the reference is to Facebook features or functionality.
  9. Mobile Web Apps that are running within the Facebook iOS app must not accept payments. In particular, these apps must not reference, use, or otherwise encourage the use of Facebook Payments or other non-iOS approved payment methods.
  10. Reciprocity and Replicating core functionality: (a) Reciprocity: Facebook Platform enables developers to build personalized, social experiences via the Graph API and related APIs. If you use any Facebook APIs to build personalized or social experiences, you must also enable people to easily share their experiences back with people on Facebook. (b) Replicating core functionality: You may not use Facebook Platform to promote, or to export user data to, a product or service that replicates a core Facebook product or service without our permission.
  11. The primary purpose of your Canvas or Page Tab app on Facebook must not be to simply redirect users out of the Facebook experience and onto an external site.
  12. You must not include data obtained from us in any search engine or directory without our written permission.
  13. Special provisions for games:
    a. Desktop web games off of Facebook.com may only use Facebook Login (Authentication, excluding user connections such as friend list), Social Plugins and publishing (e.g., Feed Dialog, Stream Publish, or Open Graph). When authenticating, these games may not request additional permissions other than age, email, and our Publishing Permissions.
    b. Games on Facebook.com and mobile must not share the same app ID with desktop web games off of Facebook.com. You must not use Canvas apps to promote or link to game sites off of Facebook, and must not use emails obtained from us to promote or link to desktop web games off of Facebook.com.
    c. Games on Facebook.com or Mobile Web must use Facebook Payments as their sole and exclusive payment method for all virtual goods and currencies made available to users within the game. All other payment options are prohibited within games on Facebook.com or Mobile Web unless they go through Facebook Payments rather than directly through that payment option. By “Payment Method” we mean any method that allows a user to complete a transaction in a game that is on Facebook.com or Mobile Web, including, without limitation, by exchanging monetary value for virtual currency or virtual goods, whether directly at the time of purchase or via any previous transaction such as the user's earlier purchase of a prepaid gift card or electronic code. In-game rewards of virtual currency or virtual goods earned by users through game-play activity alone are exempt from this definition.
    d. Games on Facebook.com or Mobile Web may reward users with virtual currency or virtual goods in exchange for user actions that do not involve third parties, but rewards for user actions that involve third parties must be powered by Facebook Payments by integrating Facebook Payments offers. For example, you may not reward users with virtual currency or virtual goods in exchange for any action in which personally identifiable information is shared with a third party, you may not reward users with virtual currency or virtual goods in exchange for third party downloads, such as toolbars or ringtones, and you may not reward users with virtual currency for engaging in passive actions offered by third parties, such as watching a video, playing a mini-game, or taking an anonymous poll.

II. Data Collection and Use

  1. You will only request the data you need to operate your application.
  2. You may cache data you receive through use of the Facebook API in order to improve your application’s user experience, but you should try to keep the data up to date. This permission does not give you any rights to such data.
  3. You will have a privacy policy that tells users what user data you are going to use and how you will use, display, share, or transfer that data. In addition, you will include your privacy policy URL in the App Dashboard, and must also include a link to your app's privacy policy in any app marketplace that provides you with the functionality to do so.
  4. Until you display a conspicuous link to your privacy policy in your app, any data accessed by your app (including basic account information) may only be used in the context of the user's experience in that app. A user's friends' data can only be used in the context of the user's experience on your application.
  5. Subject to certain restrictions, including on use and transfer, users give you their basic account information when they connect with your application. For all other data obtained through use of the Facebook API, you must obtain explicit consent from the user who provided the data to us before using it for any purpose other than displaying it back to the user on your application.
  6. You will not directly or indirectly transfer any data you receive from us, including user data or Facebook User IDs, to (or use such data in connection with) any ad network, ad exchange, data broker, or other advertising or monetization related toolset, even if a user consents to such transfer or use. By indirectly we mean you cannot, for example, transfer data to a third party who then transfers the data to an ad network. By any data we mean all data obtained through use of the Facebook Platform (API, Social Plugins, etc.), including aggregate, anonymous or derivative data.
  7. You will not use Facebook User IDs for any purpose outside your application (e.g., your infrastructure, code, or services necessary to build and run your application). Facebook User IDs may be used with external services that you use to build and run your application, such as a web infrastructure service or a distributed computing platform, but only if those services are necessary to running your application and the service has a contractual obligation with you to keep Facebook User IDs confidential.
  8. If you need an anonymous unique identifier to share outside your application with third parties such as content partners, advertisers, or ad networks, you must use our mechanism. You must never share this anonymous unique identifier with a data broker, information broker, or any other service that we may define as such under our sole discretion.
  9. You will not sell or purchase any data obtained from us by anyone. If you are acquired by or merge with a third party, you can continue to use user data within your application, but you cannot transfer data outside your application.
  10. If you stop using Platform or we disable your application, you must delete all information about a user you have received from us unless: (a) it is basic account information; or (b) you have received explicit consent from the user to retain their data.
  11. You cannot use a user’s friend list outside of your application, even if a user consents to such use, but you can use connections between users who have both connected to your application.
  12. You will delete all data you receive from us concerning a user if the user asks you to do so, and will provide an easily accessible mechanism for users to make such a request. We may require you to delete data you receive from the Facebook API if you violate our terms.
  13. You will not include data you receive from us concerning a user in any advertising creative, without explicit consent from that user.
  14. You must not give your secret key and access tokens to another party, unless that party is an agent acting on your behalf as an operator of your application. You are responsible for all activities that occur under your account identifiers.
  15. Sharing information with Facebook:
    a. You must not use, display, share, or transfer a user's data in a manner inconsistent with your privacy policy, and must not give us information that you independently collect from a user or a user's content without that user's consent.
    b. You must provide an opt-out to users where required.
    c. You must not knowingly share information with us that you have collected from children under the age of 13 unless you obtain verifiable parental consent that covers Facebook's collection, use and disclosure in compliance with applicable law.
    d. Web sites or services directed to children under 13: If you use Social Plugins or our JavaScript SDK for Facebook on sites and services that are directed to children under 13, you are responsible for complying with all applicable laws. For example, if your web site or service is directed to children in the United States, or knowingly collects personal information from children in the United States, you must comply with the U.S. Children’s Online Privacy Protection Act. You must also adhere to our usage notes.
    e. We can analyze your app, content, and data (including data about users' use of your app) for any purpose, including commercial (such as for targeting the delivery of ads on and off Facebook and indexing content for search) or to provide you with insights about the effectiveness of your ads or the use of your app.
    f. We can monitor your use of, or collect usage data related to, SDKs (including unique identifiers, associated IP addresses, version numbers, and which tools or services are being used and how they are being used).
    g. We will use information we receive from you in accordance with our Data Use Policy.

III. Content

A. General

  1. Responsibility for content: You are responsible for all content of and within your application, including advertisements, user-generated content, and any content hosted, streamed or otherwise delivered to users by third parties. You must make it clear that this content is not provided by Facebook. You must also comply with the Facebook Community Standards.
  2. Demographic restrictions: You are responsible for restricting access to your content in accordance with our content policies and all applicable laws and regulations. Although we provide controls to assist with this, please note that we make no representations regarding the sufficiency of any controls provided to you and that you are ultimately responsible for establishing legally compliant restrictions for each country where your app is visible.
  3. Advertisements and cross-promotions:
    a. You must not include advertisements, cross-promote other applications, or provide web search functionality in content distributed through Facebook social channels.
    b. You can only utilize advertising or similar monetization related products or services from companies that appear on this list of Advertising Providers within Apps on Facebook.com.
  4. Promotions: If you run, reference, or facilitate a promotion (contest, competition, or sweepstake) on Facebook, you must comply with Facebook’s Promotions Guidelines.
  5. Permission from Facebook: You must not promote, or provide content referencing, facilitating, or containing online gambling, online real money games of skill or online lotteries without our written permission.
  6. Quality of content: you are responsible for providing users with a quality experience and must not confuse, defraud, mislead, spam or surprise users. For example, you must monitor your app's negative feedback in Application Insights to ensure it stays below our thresholds, avoid excessive advertisements or bugs, and ensure the description of your app is consistent with your app's content.

B. Content Rights

  1. You agree that you will not promote or provide content that references, facilitates, contains or uses content that infringes upon the rights of any third party, including intellectual property rights, privacy, publicity, moral or other personal or proprietary rights, or that is deceptive or fraudulent.
  2. You must ensure that you own or have secured all rights necessary to copy, display, distribute, deliver, render and publicly perform all content of or within your application to Facebook users in all countries where you make the content available.
  3. You are responsible for all licensing, reporting and payout obligations to third parties required in connection with content of or within your application.
  4. You must use commercially reasonable geo-filtering technology to block access to your application's content in countries where you are unauthorized to deliver such content, or where delivery of such content would otherwise infringe the rights of a third party.
  5. Although we have no obligation to do so, in our sole discretion we may request, and you are required to provide us, proof that your application and any content of or within your application is properly licensed.

C. Third Party Content

If your application contains content submitted or provided by third parties, you must comply with the following rules:

  1. In the United States you must take all steps required to fall within the applicable safe harbors of the Digital Millennium Copyright Act including designating an agent to receive notices of claimed infringement, instituting a repeat infringer termination policy and implementing a "notice and takedown" process. In other countries, you must comply with local copyright laws and implement an appropriate "notice and takedown" process upon receiving a notice of claimed infringement.

IV. Application Integration Points

  1. You must not incentivize users to use (or gate content behind the use of) Facebook social channels, or imply that an incentive is directly tied to the use of our channels.
  2. You must not pre-fill any of the fields associated with the following products, unless the user manually generated the content earlier in the workflow: Stream stories (user_message parameter for Facebook.streamPublish and FB.Connect.streamPublish, and message parameter for stream.publish), Photos (caption), Videos (description), Notes (title and content), Links (comment), and Jabber/XMPP.
  3. If a user grants you a publishing permission, actions you take on the user's behalf must be expected by the user and consistent with the user's actions within your app.
  4. Platform integrations, including social plugins:
    a. Your advertisements must not include or be paired with any Platform integrations, including social plugins such as the Like button, without our written permission.
    b. You must not sell or purchase placement of our Social Plugins, and must not facilitate or participate in any like exchange program.
    c. You must not incentivize users to Like any Page other than your own site or application, and any incentive you provide must be available to new and existing users who Like your Page.
    d. You must not obscure or cover elements of our social plugins, such as the Like button or Like box plugin.
    e. Ad networks, ad exchanges, and data brokers must not use Facebook’s Platform, logos, and trademarks (including, but not limited to, Platform APIs, social plugins, the Share button, and the F logo).
  5. Facebook messaging (i.e., email sent to an @facebook.com address) is designed for communication between users, and not a channel for applications to communicate directly with users.

V. Enforcement

We can take enforcement action against you and any or all of your applications if we determine in our sole judgment that you or your application violates Facebook Platform Terms and Policies. Enforcement action is both automated and manual, and can include disabling your application, restricting you and your application's access to Platform functionality, terminating our agreements with you, or any other action as we in our sole discretion deem appropriate.

Communication with developers takes place via an email sent from the facebook.com or facebookmail.com domain to the contact email address registered to the application. To stay in touch, please ensure that your email address is current and that you do not filter out any such messages.

VI. Changes

We can change these Platform Policies at any time without prior notice as we deem necessary. Your continued use of Platform constitutes acceptance of those changes.

VII. Branding and Promotion Policy

  1. You must follow the guidelines set forth in the Facebook Brand Resource and Permissions Center.
  2. Your app's description, display name and icons must adhere to our Advertising Guidelines.

IX. Facebook Developer Payments Terms

Developers participating in the program for accepting payments are subject to these terms.

X. Ads API

  1. Separate apps: You must use separate apps for your staging, self-service, managed service, and white-labeled apps. If you offer a white-label version of your app, you must only do so by creating a unique app for each end-advertiser (or requiring each end-advertiser to create their own app) and you must include a required field for the third party to agree to Facebook's Platform Policies.
  2. Separate ad accounts: You must use separate ad accounts for each end-advertiser and use our multi-client manager functionality to structure your end-advertiser accounts. You must never combine multiple end-advertisers within the same ad account, and this includes their connections on Facebook (ex: pages and apps).
  3. Freemium: If you offer a free or trial version of an ads API app, you must allow no more than 50 ad creations per day per customer, require phone or email verification for all new accounts, and prohibit affiliate networks from using your technology.
  4. Pricing transparency:
    a. You must only charge fees for the use of your tools and managed services, and must only do so on a fixed fee (per campaign or period) or variable percentage of ad spend. You must disclose to your clients the actual amount that you spent on Facebook advertising based on the auction pricing, including the actual Facebook metrics (e.g. CPC, CPM rate) and the amount you charged as fees. We reserve the right to disclose this information to your client upon their request. We may require documentation from you to ensure your compliance with this policy.
    b. You must not sell ads on a fixed CPM or CPC basis when using the Facebook advertising auction without our prior permission.
  5. Data collection and use:
    a. You may place 1x1 pixel view tags on certain advertisements with our prior authorization.
    b. All data collected or obtained by you or the end-advertiser, including but not limited to all view tag data that is not otherwise available through the Facebook service, and all data derived therefrom, may only be used by you or the end-advertiser on an anonymous basis to optimize and measure the performance of that end-advertiser's Facebook campaign. Neither you nor the end-advertiser may use data for the following purposes: retargeting whether on or off of the Facebook service; to commingle data across an advertiser's campaigns from multiple platforms; to build or augment any user profiles, or to use piggybacking or redirects with the 1x1 pixel tags, or for any other purpose not expressly authorized by us.
    c. You must not permit any person (other than an agent acting on the end-advertiser's behalf) to access the end-advertiser's Ad or Sponsored Story advertising statistics, including but not limited to, fixed CPM rates and any other raw, aggregate, or anonymous statistics derived from this data.
  6. Separate Reporting: If you use last-click attribution, create reporting tools that separate Facebook reporting from other channels. For example, don't create reporting dashboards that directly compare Facebook Ads metrics to search or display marketing metrics on a last-click basis. If you support other channels, you must either create a separate Facebook tool, include Facebook metrics in a separate Facebook section of your tool, or show multi-touch attribution results side-by-side with last-click attribution results. You may report Facebook mobile ads ROI metrics as they relate to other mobile ads channels.
  7. Self-service reporting for Homepage ads: You must include a self-service reporting dashboard, through which end-advertisers may access up-to-date reports (raw ad statistics) for all available data points of their Homepage Ad and Sponsored Story campaigns.
  8. Bidding types: You must implement all bidding types, including Optimized CPM, and you must not default to a specific type (ex: you must not default to CPC and hide oCPM).
  9. Custom Audiences:
    a. If you use custom audiences you must comply with the Custom Audience Terms.
    b. You may create a custom audience on a client's behalf but must only use the client's customer data to do so (ex: you must not collect or provide any additional data to create a custom audience).
    c. You must not use Facebook User IDs to create custom audiences unless the person associated with the User ID has logged into your client's app and your client has secured any necessary consent from that person (ex: you must not create a custom audience based on users who have engaged with a Facebook Page).
    d. You must not sell custom audiences, and must not transfer a custom audience to anyone without our permission.
    e. Your custom audience tool may provide the same functionality and targeting options that Facebook provides, but you must not provide additional data or targeting options.
  10. Enforcement: You must immediately revoke an end-advertiser's access to your app upon our request.

XI. License

  1. We give you a license to use the code, APIs, data, and tools you receive from us for use with the Facebook Platform. Don't sell, transfer, or sublicense our code, APIs, or tools to anyone without our prior written permission. If they need a license, they should get it from us.
  2. Facebook SDKs:
    a. Facebook and its licensors reserve all right, title and interest, including all intellectual property and other proprietary rights, in and to all SDKs.
    b. Subject to your compliance with our Platform Policies, you may use SDKs (or any components thereof) solely to develop and distribute applications for use with the Facebook Platform, and you may also distribute any code libraries or sample source code included in the SDKs for inclusion in such applications. You will not modify, translate, create derivative works of, or reverse engineer any SDK (or any components thereof). Any SDKs you receive from us are provided to you on an "as is" basis, without warranty of any kind.

XII. Definitions

  1. By "Application" we mean canvas page application, Platform integration, or any other technical integration we have assigned an application identification number.
  2. By "Facebook social channel" we mean Application Info Section, Page Tab, Feed, Requests (including invites), inbox attachments, Chat, Cover, Bookmarks, or any other feature of a user profile or Facebook communication channel in which or through which an application can provide, display, or deliver content directed at, on behalf of, or by permission of a user.
  3. By “basic account information” we mean: name, email, gender, birthday, current city, and profile picture URL.
  4. By "Facebook Platform Terms and Policies" we mean the Statement of Rights and Responsibilities and the Platform Policies.
  5. By "User data you receive from Facebook" we mean any data or content (including any images, text, or other information or materials) you receive from us, that was provided by users to us, or was associated by us with a particular user.
  6. By "SDK" we mean any object code library, sample source code, or documentation you receive from us that helps you create applications for use with the Facebook Platform.

Examples and Explanations

We want you to be successful on Facebook Platform, and we believe that the best way to do so is to provide a great user experience. Our Platform Policies will help you do this by explaining what’s required; these examples and explanations will help you understand how to put that into practice.