Nav Logo
Why Meta Quest?
Design
Develop
API reference
Distribute
Blog
Support
Login

DATA PROCESSING TERMS - 1.2

Where you are in the European Economic Area (“EEA”) or United Kingdom (“UK”), you acknowledge and agree that your use of some APIs associated with Oculus Software Development Kit (the “Services”) may involve sending Personal Data (as defined below) to Facebook Ireland Limited (“Oculus”, “we”). To the extent that we Process (as defined below) such Personal Data as your Processor (as defined below), these Data Processing Terms apply in addition to our other applicable terms and policies made available to you, including those on our Developer Portal (“Applicable Developer Terms”).

Oculus and you agree to the following:

1. Definitions

1.1 For the purposes of these Data Processing Terms, the following terms have the meaning set out below:

1.1.1 "Controller", "Processor", "Data Subject", "Personal Data", "Personal Data Breach" and "Processing" shall have the same meanings as in the GDPR and "Processed" and "Process" shall be construed in accordance with the definition of "Processing".

1.1.2 "Data" means Personal Data controlled by you which is Processed by Oculus as a Processor in connection with its provision of Services, including, without limitation, as described in Annex A.

1.1.3 "GDPR" means the General Data Protection Regulation (Regulation (EU) 2016/679). References to GDPR and its provisions include the GDPR as amended and incorporated into UK law after the GDPR ceases to apply in the UK.

2. Data Processing Terms

2.1 These Data Processing Terms shall apply only if and to the extent that Data Processed by Oculus as a Processor on your behalf is subject to the GDPR.

2.2 Oculus shall:

2.2.1 only Process Data in accordance with the Applicable Developer Terms, including without limitation, for the purposes described in Annex A;

2.2.2 ensure that any person authorised to Process Data under these Data Processing Terms is bound by appropriate obligations of confidentiality;

2.2.3 implement appropriate technical and organisational measures to protect the Data;

2.2.4 assist you by appropriate technical and organisational measures insofar as this is possible (taking into account the nature of the Processing) to enable you to fulfil any obligations to respond to requests for the exercise of Data Subject rights by a Data Subject under the GDPR;

2.2.5 assist you in ensuring compliance with your obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of the Processing and the information available to Oculus;

2.2.6 on termination of the Applicable Developer Terms, delete or anonymise the Data within the period set forth in the Applicable Developer Terms, or within a maximum period of 180 days, unless EEA, EEA Member State or UK law (as applicable) requires further storage;

2.2.7 make available to you all information that is reasonably necessary to demonstrate Oculus's compliance with its legal obligations as a Processor under Article 28 of the GDPR; and

2.2.8 upon your reasonable written request, and subject to the confidentiality obligations set out in the Applicable Developer Terms (if any) or as agreed between you and us, Oculus shall make available to you no more than once in any 12 month period, information regarding Oculus’s compliance with Oculus’s obligations under these Data Processing Terms in the form of third-party certifications and/or audit reports as Oculus may deem appropriate to be carried out as part of Oculus's own internal audit programs. To the extent this is conducted by an independent third party auditor, such third-party auditor is deemed approved by you.

2.3 You agree that Oculus may subcontract its data processing obligations under these Data Processing Terms to sub-processors, but only by way of a written agreement with the sub-processor, which imposes obligations on the sub-processor no less onerous than as are imposed on Oculus under these Data Processing Terms. Where the sub-processor fails to fulfil such obligations, Oculus shall remain fully liable to you for the performance of that sub-processor's obligations. You hereby authorize Oculus to engage Facebook Inc. (and its affiliates) as its sub-processor(s). Oculus shall notify you of any additional sub-processor(s) in advance. If you reasonably object to such additional sub-processor(s), you may inform Oculus in writing of the reasons for your objections. If you object to such additional sub-processor(s), you should stop using the Services and providing Data to Oculus.

2.4 Oculus shall notify you without undue delay of the discovery by Oculus of any Personal Data Breach involving the Data. Such notice shall include, where possible at the time of notification, or as soon as possible after notification, details of the nature of the Personal Data Breach and number of records affected, the category and approximate number of affected Data Subjects, anticipated consequences of the Personal Data Breach and any actual or proposed remedies for mitigating the possible adverse effects of the Personal Data Breach.

2.5 For transfers from Oculus to Facebook Inc. you acknowledge that Oculus may transfer Data in accordance with Module 3 (Processor to Processor) of the standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR and approved by the European Commission Decision 2021/914, dated 4 June 2021 (as amended or superseded) (“Processor to Processor SCCs”), with any optional clauses as chosen by Oculus. Oculus reserves the right to use alternative transfer means recognised by the GDPR and other applicable data protection laws in the EEA, UK and Switzerland (such as an adequacy decision).

General

3.1 In the event of any express conflict between the Applicable Developer Terms, these Data Processing Terms, and the Processor to Processor SCCs: (i) these Data Processing Terms shall take precedence over any inconsistent provision in the Applicable Developer Terms; and (ii) the terms of the Processor to Processor SCCs (as applicable) shall take precedence over any inconsistent provision in these Data Processing Terms.

3.2 These Data Processing Terms, in conjunction with the Applicable Developer Terms, constitute the entire understanding and agreement between you and Oculus with respect to its subject matter.

3.3 These Data Processing Terms shall automatically terminate upon the termination or expiration of the Applicable Developer Terms.

Annex A

Data Processing Description

This Annex A forms part of the Data Processing Terms and describes the Processing that Oculus will perform on your behalf in respect of: (a) Oculus Software Development Kit (particularly the Spatial Audio VoIP API) and (b) Oculus Cloud Backup.

1. Categories of Data

The Data to be Processed concern the following categories of Personal Data (please specify):

  • (a.) VOIP/audio data and spatial data (with randomized ID)

  • (b.) Developer User Data (as defined in the Oculus Developer Data Use Policy) such as game / app state, game progress and preferences through Oculus Cloud Backup.
2. Special Categories of Data

The Data transferred concern the following special categories of Data (please specify):

  • Any special categories of Data provided to you by us as part of your use of the Services.

3. Data subjects

The Data to be Processed concern the following categories of Data Subjects (please specify):

  • Users of your app(s)

4. Processing activities

The Data will be subject to the following basic Processing activities (please specify):

    • (a.) Oculus Software Development Kit (particularly the Spatial Audio VoIP API)

    • to return realistic audio (or spatial audio data) based on the position of users within your app(s);

    • to derive metadata from the activity of users within your app(s) (inclusive of zone ID, length of time associated with the zone ID, randomized ID, App ID, bits of audio dropped, latency for zone) which is necessary in order to provide support and/or operate the Services; and

    • to anonymize the metadata so that it is no longer Personal Data for the purposes of GDPR. You understand and agree that Oculus may retain such anonymized metadata for its own legitimate purposes, including improvement and development of the Services.

    • (b.) Oculus Cloud Backup

    • to store, host and otherwise back up the Data to the Oculus cloud through Oculus Cloud Backup;

5. Purpose

Oculus shall Process the Data:

  • As necessary to provide support and/or operate the Services under the Applicable Developer Terms or otherwise in accordance with your documented instructions.

Nav Logo
Build with Meta
Social Technologies
Meta Horizon
AI
Horizon Worlds
About us
Careers
Research
Products
Virtual reality / Meta Horizon
Developer Blog
Download SDKs
Meta for Work
Programs
Start
Meta Horizon Creator Program
Discover
Why Meta Quest?
What is mixed reality?
Platforms and tools
2D apps for Meta Horizon OS
Devices
Meta Avatars
Success stories
Use cases
Support and legal
Developer policies
Legal
Privacy
Forums
Support
Build with Meta
Social Technologies
Meta Horizon
AI
Horizon Worlds
About us
Careers
Research
Products
Virtual reality / Meta Horizon
Developer Blog
Download SDKs
Meta for Work
Programs
Start
Meta Horizon Creator Program
Discover
Why Meta Quest?
What is mixed reality?
Platforms and tools
2D apps for Meta Horizon OS
Devices
Meta Avatars
Success stories
Use cases
Support and legal
Developer policies
Legal
Privacy
Forums
Support
Build with Meta
Social Technologies
Meta Horizon
AI
Horizon Worlds
About us
Careers
Research
Products
Virtual reality / Meta Horizon
Developer Blog
Download SDKs
Meta for Work
Programs
Start
Meta Horizon Creator Program
Discover
Why Meta Quest?
What is mixed reality?
Platforms and tools
2D apps for Meta Horizon OS
Devices
Meta Avatars
Success stories
Use cases
Support and legal
Developer policies
Legal
Privacy
Forums
Support
English (US)
© 2025 Meta