Facebook Lead Ads can help you generate interest in your business, distribute your promotional materials, grow your mailing list, and more. They also trigger the requirement for a Privacy Policy.

In this article, we're going to explain how to update your Privacy Policy so it complies with Facebook's Lead Advert Terms. We'll also look at some extra requirements if you target Facebook users in the UK or EU.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.

What are Facebook Lead Ads?

Facebook Lead Ads are designed to reduce friction in the lead generation process. Businesses typically use Facebook Lead Ads to offer a free product or opportunity. This is often simply a means by which to obtain a user's personal information or contact details.

When a user clicks on your ad, a form appears within Facebook itself. Facebook populates the form using some of the information it holds about the user. All the user has to do is fill in the blanks and click "submit."

Using Facebook Lead Ads is an alternative to redirecting a user to a landing page. This means that a user is more likely to provide you with their personal information.

If you use Lead Ads, you must let users know about Facebook's data collection practices. You can't create a Facebook Lead Ad without providing a link to your Privacy Policy. And Facebook has some specific requirements about what your Privacy Policy must contain.

Why Do Facebook Lead Ads Publishers Require a Privacy Policy?

Why Do Facebook Lead Ads Publishers Require a Privacy Policy?

Facebook Lead Ads allow you to collect Facebook users' personal information. Facebook also uses cookies and similar technologies when targeting users with your ads, and when measuring campaign analytics. The information you request via your Facebook Lead Ad relates to an individual consumer. Cookies can also reveal personal information. Therefore, you need a Privacy Policy that explains what personal information you collect and how you use it.

The obligation to create a Privacy Policy comes both from Facebook's Lead Ad Terms and from privacy law.

Facebook's Requirements

Facebook's Lead Ads Terms state that you must create a Privacy Policy before you can publish a Lead Ad:

Facebook Lead Ad Terms: Privacy Policy section highlighted - Updated for 2022

Facebook requires that:

  • You make all the disclosures necessary to comply with the law
  • You request users' consent for using their personal information if you're required to do so by law
  • You clearly disclose that your use of Facebook users' data will be governed by your Privacy Policy
  • You provide a link to your Privacy Policy

Note that Facebook doesn't explain what you should include in your Privacy Policy. This depends on which privacy laws you need to comply with, the nature of your business, and the nature of your Facebook Lead Ads campaign.

Your Privacy Policy will be unique to your business. But there are some clauses that all Lead Ads users should include, and we'll be looking at these below.

A Privacy Policy is required by law in pretty much every major market.

If you're targeting consumers in any of the following markets (and many more), failing to maintain a Privacy Policy could put you in violation of privacy law.

  • United States: The privacy laws of California require all operators of commercial websites accessible in California to publish a Privacy Policy.
  • European Union and United Kingdom: The General Data Protection Act (GDPR) requires all businesses to publish a detailed Privacy Policy.
  • Canada: Publishing a Privacy Policy is mandatory under the Personal Information Protection and Electronic Documents Act (PIPEDA).

What to Include in Your Facebook Lead Ads Privacy Policy

What to Include in Your Facebook Lead Ads Privacy Policy

Facebook requires that your Privacy Policy disclose how you collect personal information, what information you collect, and that you use Facebook Pixel.

Let's look at each in turn.

How You Collect Personal Information

Your Privacy Policy should explain all the ways in which you collect personal information.

These might include:

  • Forms: Order forms, sign-up forms, contact forms
  • Email: Customer services inquiries, complaints, etc.
  • Cookies: Including on your website and Facebook Page

For our purposes, your Privacy Policy should explain that you collect personal information via your Facebook Lead Ads.

Here's an example of how a business could do this:

Dolphins Pharmacy Privacy Policy: Facebook Lead Ads clause

You'll also need a section on how you collect personal information using cookies, which we'll cover below.

What Personal Information You Collect

Disclose specifically what personal information you collect.

You can use Facebook Lead Ads for various purposes, all of which involve collecting personal information from Facebook users. For example:

  • Newsletter/marketing/blog signups: Email address, name
  • Providing quotes: Information about the user's property (e.g. car model)
  • Setting up appointments: Approximate location, phone number
  • Offering training or courses: Job title, name of employer, education

Under Facebook's Advertising Policies, there are certain types of personal information you must not request via your Facebook Lead Ad (unless you have Facebook's prior written permission), including:

  • Account numbers
  • Criminal history
  • Financial information
  • Government-issued identifiers
  • Health information
  • Insurance information (e.g. policy numbers)
  • Political affiliation
  • Race or ethnicity
  • Religion
  • Sexual orientation
  • Trade union membership
  • Username or password

Here's how Driftrock informs consumers about what types of personal information the company collects:

Driftrock Privacy Policy: What information do we collect clause

Your business almost certainly collects other types of personal information through other means, and you'll need to disclose this too.

Your Use of the Facebook Pixel

You must explain your use of the Facebook Pixel in your Privacy Policy.

Many Lead Ads publishers use Facebook's tracking technology, the "Facebook Pixel," to track conversions. This is one of Facebook's recommended best practices for lead ads.

Integrating the Facebook Pixel on your website has significant privacy implications.

The Facebook Business Tools Terms sets out the information that Facebook requires you to include in your Privacy Policy if you use the Facebook Pixel:

Facebook Business Tools Terms: Special Provisions Concerning the Use of Certain Business Tools section

In summary, you have to give notice of the following:

  • That Facebook and other third parties use tracking technologies to gather data about your users' activities, both on your website or app and on other websites and apps
  • That this data is used to measure ad campaign effectiveness and to target ads
  • How users can opt out of the collection and use of their data

Here's an example from of what such a clause could look like>:

ID Fitness Privacy Policy: Facebook Pixel Notice clause

You can integrate this notice into your Privacy Policy. Facebook's terms require that you provide a link to your Privacy Policy in specific locations, namely:

  • Website: On each page on which you use the Facebook Pixel
  • Mobile app: Within your "Settings" (or similar) menu, and within the listing for your app on the Google Play Store and or Apple App Store

Note that if you're targeting users within the United Kingdom or the European Economic Area, you'll also need to obtain their consent before you set the Facebook Pixel on their device.

Adding A Privacy Policy to Facebook Lead Ads

Adding Your Privacy Policy to Your Facebook Lead Ad

When you've created your Privacy Policy, it's easy to add it to your Facebook Lead Ad. Simply select the "Privacy Policy" tab in the ad creation form and provide a link to your Privacy Policy:

Facebook Ad creation form: Privacy Policy link highlighted

Facebook provides a default disclaimer which displays a link to your Privacy Policy. You can also add a custom disclaimer.

Certain regions require businesses to obtain consent (permission) from consumers before using their personal information in certain ways. Facebook requires that your Facebook Lead Ad contains any "choice mechanisms" necessary under applicable law.

Among other things, consent must be specific to a particular purpose. You should avoid "bundling" consent requests. If you intend to use consumers' personal information for multiple purposes, you should request consent for each individual purpose.

For example, if you're requesting a user's email address in order to send them a free ebook, and you also want to add them to your marketing mailing list, you need to request consent for both activities.

Facebook makes it easy to request consent for multiple purposes. You can do this using the "custom disclaimer" feature, which you'll find on the ad creation form.

First, tick the box next to "Add custom disclaimer:"

Facebook Ad creation form: Privacy Policy - Add custom disclaimer checkbox highlighted

You'll see the "Consent checkbox" options. You can add multiple consent requests here.

In our example Lead Ad below, we've set up two consent requests:

Facebook Ad creation form: Custom Disclaimer - Consent options highlighted

The first request is permission to send the user an ebook. The user must consent to this in order to click "Submit." The second consent request is for email marketing. This is optional.

You can also use the "Text" box to add custom disclaimers. You may wish to give a more detailed explanation of how users' data will be processed. This might be necessary if you wish to share users' personal information with third parties. Or, if you are using your Lead Ad to allow users to enter a competition, you could use this box to explain your Terms and Conditions.


You can't create a Facebook Lead Ad without providing a link to your Privacy Policy.

You must ensure your Privacy Policy complies with relevant privacy law. In relation to your Facebook Lead Ads campaign, your Privacy Policy must explain:

  • How you collect personal information
  • What personal information you collect
  • How the Facebook Pixel works, and how users can opt out

You should also add consent checkboxes if you intend to collect Facebook users' personal information for multiple purposes.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy