This post mainly answers the question how and why you have to include a privacy policy in your Facebook application.

Let’s assume you’ve built a Facebook application, you’ve got it running and you are thinking about including a privacy policy. What do you have to do?

1) Do I have to include a privacy policy when maintaining a Facebook app?

There are two sides to this question from a legal perspective. But actually only one answer: YES.

  • There is the legal side of it: Depending on where you are you may fall under European, American (Californian) or Australian privacy laws. The list could go on since most countries have some sort of privacy regulations that extend onto the web – and hefty penalties for non-compliance.
  • Apps on the web: web apps collect some sort of personally identifiable information as a rule of thumb for various reasons. Either you need personal information to make sure the app works, you’d like to improve insights into how the application is being used or you’d like to monetize the services serving ads. Many of these behavior patterns must be disclosed to people via something like a privacy policy: More information about the legal framework can be found here.
  • There is the company policy side to it as well: Does Facebook require me in their terms to have a privacy policy when I use their service? See the answer in the next paragraph (2).

2) Am I required by Facebook to post a privacy policy for my Facebook app?

Yes. Facebook requires users of their app platform to use a privacy policy for an app as soon as you collect data from their users. In Facebook’s platform policies you will find the following:

You will have a privacy policy that tells users what user data you are going to use and how you will use, display, share, or transfer that data. In addition, you will include your privacy policy URL in the App Dashboard, and must also include a link to your app’s privacy policy in any app marketplace that provides you with the functionality to do so.


Until you display a conspicuous link to your privacy policy in your app, any data accessed by your app (including basic account information) may only be used in the context of the user’s experience in that app. A user’s friends’ data can only be used in the context of the user’s experience on your application.

as well as

Web sites or services directed to children under 13: If you use Social Plugins or our JavaScript SDK for Facebook on sites and services that are directed to children under 13, you are responsible for complying with all applicable laws. For example, if your web site or service is directed to children in the United States, or knowingly collects personal information from children in the United States, you must comply with the U.S. Children’s Online Privacy Protection Act.

Note how Facebook tells you to be consistent with California’s privacy laws concerning children: They tell you to comply with the U.S. Children’s Online Privacy Protection Act which introduces more stringent rules for your apps when you target children under the age of 13.

3) How do I add a privacy policy for a Facebook app?

3.1 This process is straight forward. Navigate to the Facebook App Details page and find your app. Find the Facebook application in question and click on Edit App.