Privacy Policy URL for Facebook Apps

Privacy Policy URL for Facebook Apps

If you offer functionality to allow your users to sign into your app or website via their Facebook accounts, you'll need to provide a URL to your Privacy Policy. This is according to Facebook's Platform Policy for developers.

This article will explain this requirement of Facebook, explain why it's also a legal requirement, and help you comply with both.

Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:

  1. Click on "Start creating your Privacy Policy" on our website.
  2. Select the platforms where your Privacy Policy will be used and go to the next step.
  3. Privacy Policy Generator - Select platforms - Step 1

  4. Add information about your business: your website and/or app.
  5. Privacy Policy Generator - Add your business info - Step 2

  6. Select the country:
  7. Privacy Policy Generator - Add your business info - Step 2

  8. Answer the questions from our wizard relating to what type of information you collect from your users.
  9. Privacy Policy Generator - Answer questions from our wizard - Step 3

  10. Enter your email address where you'd like your Privacy Policy sent and click "Generate". Privacy Policy Generator - Enter your email address - Step 4

    And you're done! Now you can copy or link to your hosted Privacy Policy.

What's a Privacy Policy and Why Do You Need One?

What's a Privacy Policy and Why Do You Need One?

A Privacy Policy is a legal document usually included on apps and websites. It's where you make declarations and disclosures about your personal data collection and processing practices.

This document generally explains how and why personal data is collected, and how and why it's processed. Depending on which privacy laws you are complying with, your Privacy Policy may need to include other information, such as whom you share data with, and users' rights regarding their personal data.

No matter which privacy laws you are complying with, the basic idea of a Privacy Policy is to inform your users about what will be done with their personal information so that they can decide whether or not they want to provide you with it.

As a result of major privacy laws like CalOPPA and the more recent GDPR, it is nearly impossible to escape the need for a Privacy Policy any time you collect or process the personal information of internet users. Virtually every country now has internet privacy laws regulating the handling of personal information.

Under these privacy laws, there are certain things you are required to disclose in a Privacy Policy before you can collect or process the personal information of your users. Failure to comply with privacy laws can result in hefty fines and other penalties if you fall under their jurisdiction.

Social media platforms thrive on the sharing of personal information. Naturally, social media apps and websites tend to have lengthy Privacy Policies in order to be compliant with relevant privacy laws for the swathes of personal information that they handle.

So, if you have a Facebook app or an app that utilizes the "sign in with Facebook" feature, you need to have an adequate Privacy Policy in place by law. When using Facebook's APIs you will also need to comply with the requirements set forth by Facebook itself.

Providing Facebook with your Privacy Policy URL

Providing Facebook with your Privacy Policy URL

When developing an app for Facebook, you will be prompted to enter a URL for your Privacy Policy. This is simply a link to an internet page where your Privacy Policy is posted so that potential users can refer to your policies before using your app.

Here's the requirement, straight out of Facebook's Platform Policy for Developers:

Facebook Developer Platform Policy: Privacy Policy URL requirements section

The Privacy Policy URL field is mandatory when linking your app to Facebook's app store or when prompting your users to sign in via Facebook. What this means is that a Privacy Policy is required for all apps before they are able to work with Facebook.

When you use Facebook's APIs, you are essentially requesting personal data from users through Facebook. This would put both you and Facebook under the jurisdiction of a number of privacy laws. This is why Facebook requires you to provide an adequate and accessible Privacy Policy: to ensure that you (and therefore Facebook) are compliant with those laws.

If you collect or process personal information via your app, you should already have a Privacy Policy in place, so providing a URL to Facebook should not be an issue.

If you do not currently have a Privacy Policy available online, you should create one.

Here's what the Privacy Policy URL field will look like in the account dashboard when you are preparing your app:

Facebook developer account dashboard's Privacy Policy URL field

To find the Privacy Policy URL field, follow the steps below:

  1. Go to your Facebook Developer Dashboard.
  2. In the left navigation menu, click on Settings, then click on Basic in the submenu.
  3. The Privacy Policy URL field will be on this page, as shown below:

Facebook Developer dashboard with Privacy Policy URL field highlighted

A Privacy Policy URL is a required field that must be entered in order for your app to go live. Here's the pop-up notice that Facebook shows if you try to switch the toggle button from off to on without providing a Privacy Policy URL:

Facebook Developer Dashboard: Invalid Privacy Policy URL pop-up

This is the case for all Facebook apps, even those that do not collect or process personal data.

Even if your app does not handle personal information, it is still a good idea to have a simple Privacy Policy in place. This policy could simply state that your app does not collect or process any personal data, along with any other disclosures that may be relevant and helpful to have..

It is important to note that Facebook does not provide an area to host your Privacy Policy. It is assumed that you have your own webpage where you provide your agreement. This is why Facebook asks for the URL to your Privacy Policy page on your website rather than having you provide the entire Privacy Policy.

The URL to your Privacy Policy must be made public and be easily accessible to all users, whether or not they are logged in.

Requiring users to log in to view the Privacy Policy is counterintuitive and not compliant with most major privacy laws. The reason you are providing Facebook with a link to your Privacy Policy in the first place is so users can decide if they agree to your policies before using your app. Requiring them to create an account (providing personal information) and log in before being able to view your Privacy Policy goes against this and is not compliant with most major privacy laws.

Even if your app only uses the "Sign in with Facebook" feature for account creation, you will still be required to provide a URL to your Privacy Policy which will appear in the log-in dialog.

This ensures that any app affiliated with Facebook has an adequate Privacy Policy agreement in place to protect Facebook users.

Here's an example of a Privacy Policy being available in a Facebook log-in dialogue box:

Klout sign-in with Facebook: Information Klout receives

Apps that appear in the Facebook App Store (also known as the App Center) will have a Privacy Policy URL available on the app's initial access page. This is a convenient place for users to access these documents before deciding if they want to use the app or not.

Facebook App Center: Words with Friends Play Now screen with Zynga Privacy Policy

Including your Privacy Policy URL with your Facebook app allows potential users to read your policies before they decide to use your app. While the majority of users probably won't bother, some will. Your privacy-conscious users will appreciate a clear and concise policy that informs them how you plan to use their personal information.

Having a proper Privacy Policy also helps with the legitimacy of your app and/or company, showing that you take your business, your users and the law seriously.