Legal pages for Facebook Apps

When it comes to creating a Facebook app, most of your time will probably be spent on app development and technical execution.

However, there's a crucially important aspect of every Facebook app that you must not forget about: legal pages.

These legal pages can be of a wide range: a Terms of Service page, a Privacy Policy page, the User Agreement page, and so on.

While only the Privacy Policy is required by law, two agreements are required by Facebook if you're using their APIs to develop an app: the Privacy Policy and the Terms of Service.

Privacy Policy for Facebook Apps

A Privacy Policy agreement is very important component of a Facebook app.

This legal agreement is used to inform users exactly what data you're collecting from them, how that data is being stored and used, and to what scope.

This information will allow your users to decide if they're comfortable with the level of personal data you intend to collect, and allows them to make an informed decision to proceed with using your Facebook app or not.

Requirements by the law

Most countries have privacy laws in place that require websites and mobile apps to have some sort of disclosure (statement) of what personal data is being collected from users.

If your Facebook app will be collecting any personal information from users, such as email addresses, names, etc., you will need a Privacy Policy.

In the US, the California Online Privacy Protection Act, or CalOPPA, dictates that if any personally identifiable information is collected from or about users who live in the state of California through a website or app, that website or app must conspicuously post this legal agreement.

The statement must let the users know about the business data collection and use.

In the EU, both the Data Protection Directive and the ePrivacy Directive work to ensure that users of websites and apps are informed if their personal data is collected and used. Compliance with these Directives can be met by clearly posting an easily understandable Privacy Policy.

You'll also need to comply with the EU Cookies Directive by placing a separate Cookies Policy to disclose how you use cookies.

Web sites and apps from all over the world are regularly accessed by users from all over other parts of the world. CalOPPA and the EU Directives reach far beyond California and the EU due to the broad nature of the internet and apps nowadays.

Facebook has users in almost all countries, so an app made for Facebook will without a doubt be likely accessed by users in California and the EU, thus triggering the requirement of a Privacy Policy if any personal data is collected through your Facebook app.

However, even if you don't collect personal data with your Facebook app, you still need to include a link to your Privacy Policy to satisfy the requirements from Facebook.

You can simply say in your Privacy Policy you don't collect any data, but you will need to satisfy the 4 requirements outlined in the next section.

Requirements by Facebook

As a developer of a Facebook app, you'll be required to adhere to the Platform Policy of Facebook.

This "Platform Policy" includes a section titled "Give people control" that includes information on the requirement of having an "accessible Privacy Policy" in place:

Facebook requires that app developers do the following:

1. Provide a publicly available and easily accessible Privacy Policy that explains what data the apps collecting and how that data will be used
2. Include the URL to this legal agreement in the App Dashboard
3. Link to the legal agreement in any app marketplaces that allows you to do so, such as Apple App Store
4. Comply with your own Privacy Policy

Here are the guidelines from Facebook on users' privacy to all app developers:

• Your app's Privacy Policy must be displayed so that users can easily reach and read it.
• Your app can only ask users to provide necessary data to operate.
• Users must be able to agree or disagree to provide personal data unless it's basic account information.
• A user' friends' data can only be used in the context of user' experience on the application.
• Users' private information cannot be used outside the scope of the application.
• Apps cannot users data from Facebook users for any advertising creatives.
• If Facebook disables an application or if it stops using the platform, all data from Facebook must be deleted.
• Your app is not allowed to sell any data.
• As a developer you're entirely responsible for the whole content of and within the application, which refers to ads, user-generated content and any other content that your app may host and deliver to users through third parties or not. Developers have to state clearly that the app's content is not provided by Facebook.
• You are prohibited to promote or provide content comprising such things as fraudulent content, hateful, threatening, pornographic, defamatory content, violence, nudity graphics etc.

Note that Facebook also requires Facebook Page admins to have a Privacy Policy, as well as those engaging in Facebook Retargeting.

The Privacy Policy of Buffer tells users that in order to become a registered user, information such as "IP address, full user name, password, email address, city, time zone, telephone number, and other information" may be collected, and that this contact information may be used "to market to" users and to provide them with "information about, our products and services, including but not limited to our Service."

This information is made available to users on the dialog page where users must choose to accept that Buffer will be to their Facebook accounts, through the legal links find at the bottom of the dialog window:

The same link to their Privacy Policy is on their official website:

Instructions to add Privacy Policy

Once you have a Privacy Policy and you're ready to add it to your Facebook app, do the following steps.

Your Facebook app won't go live and won't be listed in Facebook's App Center without the URL to this legal agreement added in the "Support Info section".

The steps are:

1. Go to the Facebook Developers website and log in as a developer
2. Go to the App Details page
3. Go to the Contact Info> tab
4. Locate the "Privacy Policy URL box noted in the image above
5. Enter the URL of your Privacy Policy in the field:

Terms of Service for Facebook app

Terms of Service sections are incredibly important components of every Facebook app as they dictate how users can use your app, their responsibilities, what should be expected of your app, and so on.

A Terms of Service can prevent abuses and will allow you to manage expectations, as well as give you legal recourse if users violate your terms and rules.

Requirements by Facebook

While a Terms of Service isn't required by law to be included on websites or mobile apps, it's a requirement from Facebook if you're developing an app for their platform.

You wouldn't want to skip this valuable agreement of your app anyway.

The language in Facebook's Terms of Service agreement makes it clear that developers must follow what is laid out in the legal agreement and in the guidelines or risk having their accounts, including their apps, shut down.

Facebook reserves the right to stop providing services if a developer doesn't comply with the rules by stating that, "if you violate the letter or spirit of this Statement, or otherwise create risk or possible legal exposure for us, we can stop providing all or part of Facebook to you."

As a developer of an app, you can include similar language in your own Terms of Service agreement to make sure that your app isn't misused or that your content isn't compromised.

Instructions to add Terms of Service

Once you have the Terms of Service created and you're ready to add it to your Facebook app, do the following steps.

Remember that your Facebook app will not go live without you completing these steps.

1. Go to the Facebook Developers website and log in as a developer
2. Go to the App Details page
3. Go to the Contact Info tab
4. Locate the Terms of Service URL box noted in the image below
5. Enter the URL to your Terms of Service:

While only a Privacy Policy is required by law, Facebook requires app developers to include both a Privacy Policy and a Terms of Service in order for the app to become live.