Privacy Policy Requirements
Updated: Aug 29, 2024
Privacy policies for every app are reviewed to ensure compliance with
Developer Data Use Policy and
Quest VRCs. If you process Meta Platforms Technologies User Data or Device User Data (“User Data”), you will provide and comply with a publicly available and easily accessible privacy policy signed by a trusted website Certificate Authority to properly create an https connection. A website Certificate Authority is trusted if it is widely recognized and respected as a reliable issuer of digital website certificates. For more information, please visit
https://https.cio.gov/certificates/.
Privacy policies must comply with applicable law and regulations and must accurately and clearly explain:
- what User Data you are processing
- how you are processing that data
- for what purposes you are processing that data
- how users can request to delete that data
If your application does not process User Data, stating this in your privacy policy is sufficient to comply with our privacy policy requirements.
You may only process User Data as clearly described in your privacy policy and in accordance with all applicable law and regulations, and all other applicable terms and policies.
You must retain all of your privacy policies in effect while using platform features and provide them to us if we ask for them.
You will maintain a publicly available link to your privacy policy in the Privacy Policy field in the Additional Details page of your App Submission dashboard and ensure the link remains current and up to date.
(Learn more.).
Robust privacy policy practices
While this isn’t a substitute for legal guidance, here are some tips to keep in mind when developing your application’s privacy policy:
Organization level privacy policies:
- Organization level privacy policies are sufficient if the privacy policy references “application(s),” “services,” “games,” or other terms that reflect the application shipping to Meta Platforms Technologies. Privacy policies that only cover data processed on your website are not acceptable.
Data collected and purposes:
- Ensure the privacy policy identifies any type of user data processed and includes examples of the type of data. For example, usernames, or information about the device or internet connection (such as device ID or IP address).
- Ensure that your privacy policy identifies the purposes for which your Organization and/or application processes such data. For example, to provide users with the service identified in your terms of service, or to improve your products.
- Ensure that your privacy policy provides a specific path for users to request deletion of that data. This could be by way of a self-service option, an email request, or some other customer support channel. (Learn More.)
Need help writing your app’s privacy policy? Get the clarity you need fast with our new Trusted Developer Essentials video course featuring tips and resources from Meta experts and Data Protocol:
Writing Your Privacy Policy