Privacy Policy for Facebook Apps

By: Masha Komnenic CIPP/E, CIPM, CIPT, FIP Masha Komnenic CIPP/E, CIPM, CIPT, FIP | Updated on: January 19, 2023

Build a Free Privacy Policy
Privacy-Policy-for-Facebook-Apps

Facebook requires app developers to link to a privacy policy, which is a web page hosting a legal agreement that outlines how you collect, store, process, use, share, and sell personal information about your app users.

Besides Facebook, privacy policies are also required by data privacy laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and there are specific details you must include in your agreement.

In this article, we discuss why Facebook requires you to include a privacy policy in your app, and then we explain how to create and submit a Facebook privacy policy URL.

Table of Contents
  1. Why Do You Need a Privacy Policy to Work With Facebook?
  2. What to Include in Your Facebook App Privacy Policy
  3. Facebook’s Privacy Policy URL Requirements
  4. How To Enter Your Facebook Privacy Policy URL
  5. Facebook Privacy Policy FAQs
  6. Summary

Why Do You Need a Privacy Policy to Work With Facebook?

You need a privacy policy to work with Facebook as an app developer because Facebook needs to ensure they comply with relevant data privacy laws, many of which require privacy policies.

For example, the following laws outlined in the table below require you to communicate information typically through a privacy policy and threaten significant fines for businesses that don’t comply.

Data Privacy Law Legal Threshold Penalties for Noncompliance Official Legal Text
The General Data Protection Regulation (GDPR) Entities that target data subjects in the European Economic Area (EEA) that offer goods or services or monitor online behavior. $23 million or 4% of annual global turnover (whichever is higher) GDPR-info.edu
The California Online Privacy Protection Act (CalOPPA) Entities located in California or any entity that serves California residents. $2,500 per person per violation. California Legislative Information
The California Consumer Privacy Act (CCPA) Any for-profit entity that collects California consumer data and meets one of the following:

  • Generates $25 million or more in gross annual revenue
  • Buys, receives, sells, or shares the personal information of 50,000 or more consumers annually for commercial purposes.*
  • Derives 50% or more of your annual revenue from selling consumer data.
    • *Increasing to 100,000 under the CPRA
$2,500 per violation, up to $7,500 per intentional violation State of California Department of Justice
The California Privacy Rights Act (CPRA) Any for-profit entity doing business in California that meets one of the following:

  • Generated $25 million in gross annual revenue as of January 1 from the previous year
  • Sells, buys, or shares the personal data of 100,000 California households or consumers.
  • Derives 50% or more of your annual revenue from sharing or selling personal user data.
$2,500 per violation, $7,500 per intentional violation cpra.gtlaw.com
Children’s Online Privacy Protection Act (COPPA) Any for-profit entity that targets children under 18 in the US and collects personal data. Up to $40,654 per violation Federal Trade Commission
Personal Information Protection and Electronic Documents Act (PIPEDA) Any for-profit organization that collects, uses, or shares personal information of Canadian residents. Up to $100,000 CAD ($79,815 USD) Government of Canada Justice Laws Website

It’s important you understand that any of the laws mentioned above could apply to your Facebook app regardless of where you’re physically located.

Even if you use Facebook to host your app, it is your responsibility as the app owner to know what data privacy laws apply to your product and to follow the requirements accordingly.

What to Include in Your Facebook App Privacy Policy

The terms of your Facebook app’s privacy policy depend on several factors, such as what data privacy laws your app falls under, how you use personal data, the functionality you offer, and the goal of publishing the app.

But in the next section, we cover the most common clauses you should include in your Facebook app’s privacy policy.

Your Contact Information

You want your users to be able to contact you if they have any questions about your Facebook app privacy policy, so include this information in a clause in your agreement.

You can put this clause at the beginning or end of your policy, just ensure that the information you provide is up-to-date and accurate.

Below, see an example from King Games, the app developer responsible for Candy Crush Saga on Facebook, who lists multiple ways users may contact them about their privacy policy.

King-Games-app-developer-multiple-ways-users-contact-privacy-policy

The Type of Personal User Data You Collect

Under laws like the GDPR and the CCPA, your app users have the right to know what type of personal data you collect from them, so outline all details in a clause in your Facebook app’s privacy policy.

Below, see how the app Lake Coloring handles this clause in their Facebook-compliant privacy policy.

Lake-Coloring-clause-Facebook-compliant-privacy-policy

How You Use the Personal Information

Similar to the previous clause, laws like the GDPR and the CCPA also require you to inform your users about how you use the personal information you collect about them.

In the screenshot below, you can read how Lake Coloring explains how they use personal data in their privacy policy for their Facebook app.

Lake-Coloring-explains-personal-data-privacy-policy

If you Sell or Share Personal Data With Any Third-Parties

Data privacy laws, including the GDPR, the CCPA, the CPRA, and CalOPPA, require you to inform your users if you share or sell their personal data to any third parties, so put this information in a clause in your Facebook app’s privacy policy.

Below, read the highlighted text in the screenshot to see how Scopely, the app developer for the Facebook app Bingo Bash, handles this clause in their privacy policy.

Scopely-clause-privacy-policy

Your Legal Basis or Legitimate Interests Over the User Data

To comply with data privacy laws like the GDPR, you must have a legal basis for collecting user data, which you should clearly explain in a clause in your privacy policy for your Facebook app.

You may need to provide a legal basis for each category of personal data your app collects, and they can be different.

For example, see how thoroughly app developers at King Games explain their legal basis for collecting specific user data in their privacy policy for the Facebook app Candy Crush Saga.

King-Games-legal-basis-collecting-specific-user-data

Data Retention and Storage

Laws like the GDPR dictate how long you’re legally allowed to store and retain user data, so you should outline your process in a clause in your Facebook app’s privacy policy.

In the screenshot below, read how Scopely communicates their data retention practices for their Facebook app, Bingo Bash.

Scopely-data-retention-practices

Explain Your Users’ Rights Over Their Data

You must clearly outline your users’ rights over their data for your Facebook app privacy policy to comply with laws like the GDPR and the CCPA. You must also explain how your users can follow through on those rights within this clause.

Below, see an example from King Games’ privacy policy for their Facebook app, Candy Crush Saga.

King-Games-privacy-policy-Facebook-app

Their users can click on the highlighted text to reveal more specific, detailed information about the different rights they have over their data, as pictured below.

King-Games-detailed-information-rights-over-their-data

The developers at King Games include a lot of information about how their users can act on their data privacy rights and put relevant links directly in their policy for their users. We recommend you be just as thorough in your own Facebook app privacy policy.

Facebook’s Privacy Policy URL Requirements

Facebook requires any app created for its platform to include a privacy policy, which must be hosted on a URL you submit to Facebook before the app can go live.

Below, see an example of what a Facebook URL is referring to using our privacy policy link, which leads to a dedicated page on our website.

Facebook-URL-referring-privacy-policy-link

All third-party services that rely on Facebook’s tools or data must enter a link to their privacy policy, from games listed on the Facebook App Center to any app that includes the “sign in with Facebook” option.

Below, see a screenshot from Facebook’s Platform Policy, which explains their privacy policy and app requirements.

Facebook-Platform-Policy

To publish your app through Facebook, you must provide a privacy policy by logging in to the Facebook for Developers Dashboard and entering your the URL of your hosted privacy policy.

Doing so makes the privacy policy available to the public, so consumers can read and choose to consent to the agreement before downloading or using your app.

The highlighted text in the example below shows how the app Bingo Bash displays a link to their privacy policy on their page in the Facebook App Center.

Bingo-Bash-link-privacy-policy-page-Facebook-App-Center

How To Enter Your Facebook Privacy Policy URL

Once you have your Facebook app’s privacy policy ready, you can publish it online and submit the URL to Facebook through the Developer Dashboard in four easy steps, which we outline for you in the next section.

Step 1: Publish Your Privacy Policy

You must publish your Facebook-compliant privacy policy somewhere online before you can link it to the Facebook Developer Dashboard, so consider hosting it in the following locations:

  • A google doc
  • A dedicated page on your website

Alternatively, you can use our Privacy Policy Generator which can host the policy for you — along with giving you the option to host it on your own site.

Step 2: Change Your Facebook Developer Settings

Next, log into the Facebook for Developers Dashboard and locate the settings menu on the left-hand side of the screen, which looks like the screenshot below.

Facebook-for-Developers-Dashboard-settings-menu

Simply select the Basic option to view the form that requires your privacy policy URL.

Step 3: Enter Your App Information

On the next screen, you can enter your company or app name, contact information, and provide links to your Facebook privacy policy and terms and conditions.

Take a look at what this page looks like in the screenshot below.

Facebook-privacy-policy-and-terms-and-conditions-company-app-name

If you enter an invalid privacy policy URL into the Facebook form, you will receive the warning message pictured below.

Facebook-form-invalid-privacy-policy-URL

Step 4: Submit Your Facebook Privacy Policy Link for Approval

Finally, click the App Review button once you’ve filled out all the appropriate information and linked your privacy policy. Facebook will complete the review process for your app.

App-Review-button-appropriate-information

Congratulations, you have officially submitted your Facebook app with a privacy policy for review and approval!

Adding a Privacy Policy Link to Your Website

Separate from Facebook requirements, global privacy laws require you to post a link to your app’s privacy policy on the homepage of your site or service.

Here are the essential requirements of four data privacy laws that apply to how you need to present your privacy policy:

  • The General Data Protection Regulation (GDPR) — The GDPR requires all companies worldwide (including those in the United States) that target users in the European Union to clearly disclose how they process these users’ data. These strict transparency requirements can be satisfied by publishing a thorough privacy policy in the footer of your website.
  • California Online Privacy Protection Act (CalOPPA) — Under CalOPPA, any business that collects personal information must outline its data practices in a privacy policy and post it on the homepage of their website or app.
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) — Businesses subject to the CCPA and the CPRA must create a privacy policy that includes a conspicuous link reading “Do Not Sell or Share My Personal Information”. Residents of California should be able to click this link to refuse the sale or sharing of their data.

Accessibility and transparency are key concepts in today’s era of digital regulation, and your consumers have the right to know how you use their data without navigating through pages of confusing legalese or getting lost in a maze of documentation.

A clear and easy to find privacy policy link satisfies the requirements of global privacy laws by allowing users to quickly find out how you handle their data.

Most websites place their privacy policy link in their footer, like on the homepage of Amazon’s Alexa software pictured below.

Amazon-Alexa-software-privacy-policy-link-footer

It also helps if you build a privacy policy appropriate for the type of website or app you own.

For example, build your policy using a privacy policy template for email marketing if you operate in the digital outreach sphere. Alternatively, if you run an online business, take advantage of an ecommerce privacy policy template to create the right policy for your company.

Facebook Privacy Policy FAQs

Below, check out some of the most frequently asked questions we get about Facebook apps and privacy policy requirements.

What is a privacy policy link on Facebook?

A privacy policy link on Facebook is the URL that leads to the webpage where you host your privacy policy.

Sharing your privacy policy for your Facebook app using a URL ensures that your agreement is available to the public, so consumers can access it, read it, and choose if they consent to the policy before downloading and using your app.

How do I add a privacy policy URL to my Facebook page?

Follow these easy steps to add your privacy policy URL to your Facebook page:

  • Publish your privacy policy on a webpage with a URL you can copy and paste
  • Log into your Facebook for Developers Dashboard
  • Change your Facebook developer settings to Basic to find the essential legal policy settings
  • Fill out all information on the screen, including pasting the link to your privacy policy in the appropriate field, and select App Review to submit it

Summary

Now that we’ve walked through how to create a privacy policy URL for a Facebook app and add a link to your website, let’s recap the main points:

  • A privacy policy explains how you process users’ personal information
  • Privacy policies are a legal requirement under many data privacy laws around the globe
  • A Facebook privacy policy URL is the web address of your privacy policy
  • Facebook requires all apps that use its platform to submit a privacy policy
  • It’s a best practice to include a link to your privacy policy in your website footer

Your Facebook-compliant privacy policy should explain to your users how you collect, store, process, share, or sell their personal information and must abide by all the global privacy laws under which your app falls.

When it comes to privacy policies for Facebook apps, we’ve got your back. Our free, downloadable privacy policy template can be customized to meet all Facebook app requirements and abides by laws like the GDPR, the CCPA, the CPRA, CalOPPA, and more.

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources