Privacy Policy for Social Login (Sign In With)

Last updated on 15 August 2022 by Stephen Titcombe (Legal writer at TermsFeed)

Privacy Policy for Social Login (Sign In With)

Simply put, social login is a single sign-on (SSO) technology that allows you to identify and register users on your website or app using information collected from their social media accounts.

To avoid legal liability, businesses that implement social login ("sign in with" buttons or "login with" buttons) will need to provide a Privacy Policy that complies with applicable privacy laws as well as the provisions of third-party social media platforms they integrate on their website or app.

In this article, we'll dive deep into the concept of social login integration and take an in-depth look at the privacy requirements of top social media platforms so that you're sufficiently equipped to comply with the requirements.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.
  2. TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  3. Answer some questions about your website or app.
  4. TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  5. Answer some questions about your business.
  6. TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  7. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.



Social Login Integration: An Overview

As a website or mobile app owner, one of your primary objectives is to get more user engagement for your services. An excellent way to support this objective is to streamline the process by which users register to use your services.

This is especially important in today's fast-paced digital world, where users can get easily discouraged by a long or complex registration process.

Social logins have gained traction in recent years and are now a leading solution for businesses to increase the number of registered users or sign-ups on their website or app.

As a faster and more convenient alternative to the standard account creation process, social logins are also a popular choice among users.

While social logins undoubtedly offer many benefits for businesses and users alike, they also raise several data privacy concerns that must be addressed.

Social media buttons

First introduced by Facebook in 2008, social login integration is now offered by multiple social networking platforms, including Google, LinkedIn, Twitter, and Instagram, to mention a few.

By leveraging the popularity of these social media platforms, you can now allow users to create accounts on or sign in to your website/app using the same credentials they use on their social platforms, all at the click of a button.

This essentially eradicates the "tediousness" associated with creating a new account which keeps most users from doing so. In other words, no sign-up forms have to be completed, and no new passwords have to be memorized with social logins implemented.

Needless to say, this login method presents plenty of benefits, which we'll briefly go over next.

Benefits of Social Login Integration

Benefits of Social Login Integration

The major benefits of social logins for businesses are as follows.

Enhanced User Experience

The user data you gather through social login can help you tailor your website's product or service offerings to suit the individual needs of users better, thereby providing a personalized experience for each user.

That said, providing a personalized experience shows users that you're willing to go the extra mile for them and will play a huge role in building customer loyalty, which (as you know) is the bedrock of every successful business.

Decreased Abandonment and Increased Conversion Rate

Nowadays, users are more likely to abandon their mission on your website or app once they are prompted to create an account in order to continue. This is especially true if your registration process is unreasonably long or complicated.

Social logins resolve this issue by making it faster and more convenient for users to register on your website or app. This, of course, decreases abandonment and increases your user conversion rate.

In sum, social logins work much better than standard account creation in turning potential customers into actual customers.

Accurate Data Collection

A common issue with standard account creation is the potential for users to submit inaccurate personal information in order to get through your registration process quickly.

This can corrupt your customer database and negatively impact your marketing campaigns, conversion rate, and other significant activities or metrics.

However, with social logins, the likelihood of getting inaccurate information is significantly reduced since you'll be collecting information directly from users' social media accounts.

Social Logins and Privacy Requirements

Social Logins and Privacy Requirements

Despite its many benefits for businesses, users, and even social media platforms (e.g., off-site tracking for ad targeting), social logins raise some privacy concerns stemming from its evident collection and transfer of personal information.

As a result, websites and apps that implement social logins must provide a Privacy Policy to protect themselves from liability.

Before we examine the privacy requirements of major social media platforms, let's briefly clarify what a Privacy Policy is and why you need one before you implement social logins.

What is a Privacy Policy?

A Privacy Policy is a legal agreement that describes how your website or app collects, uses, and stores users' personal information. It also specifies how you share information with third parties, and describes the rights of users with regard to their personal information.

Keep in mind that personal information is generally defined as "ny type of data that can directly or indirectly identify an individual."

In other words, names/usernames, email addresses, phone numbers, profile photos, and similar details are all considered personal information.

Importantly, you must demonstrate transparency in your Privacy Policy by including as many details as possible about your collection, use, and disclosure of personal information.

If you collect users' personal information through social logins, it's important to ensure that your Privacy Policy also mentions this.

Here's an example from Social Assurance:

Social Assurance Privacy Policy: What information do we collect clause

It's clear that having a Privacy Policy is a great idea, but it's also required by law. Let's look more at the reasons why you actually need a Privacy Policy if you're using any social login buttons functionality.

Why Do You Need a Privacy Policy for Social Logins?

Why Do You Need a Privacy Policy for Social Logins?

If you implement social login buttons on your website or app, there are two major reasons you need to provide a Privacy Policy. They are as follows:

  • It's required by law
  • It's required by the third-party social media platforms

It's Required By Law

Many privacy laws worldwide require websites and apps that collect or process personal information to provide a Privacy Policy.

If you implement social login on your website or app, you'll undoubtedly need a Privacy Policy since you collect users' personal information from social platforms.

Some regions and countries with privacy laws that require businesses to publish a Privacy Policy are as follows:

  • United States: Several state and federal privacy laws in the U.S. require businesses to publish and maintain a Privacy Policy. Most notably are privacy laws like the California Online Privacy Protection Act (CalOPPA), the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA), and the Children's Online Privacy Protection Act (COPPA).
  • European Union: The EU's General Data Protection Regulation (GDPR) is currently the most comprehensive privacy law in the world and requires businesses under its scope to publish a Privacy Policy.
  • United Kingdom: The UK's Data Protection Act 2018 and the UK GDPR are implementations of the EU GDPR. Consequently, businesses with users in the UK must also publish a Privacy Policy.
  • Australia: The Australia Privacy Act requires businesses that collect the personal information of Australians to post a Privacy Policy on their website and mobile app (if applicable).
  • Canada: Under the Personal Information Protection and Electronic Documents Act (PIPEDA), a Privacy Policy is a major requirement for private sector organizations in Canada.

Note that you may fall under the scope of several of these laws, depending on where your business is located and where your users reside. Moreover, non-compliance with any of these laws may lead to lawsuits and substantial fines or penalties.

It's Required by Third-Party Social Media Platforms

Social logins involve collecting and transferring personal information between social media platforms and websites or apps that integrate social login buttons.

To avoid potential liability, third-party social media platforms require any website or app that implements their social login button to provide a Privacy Policy.

We'll dive deeper into the privacy requirements of major third-party social media platforms later in this article.

That said, prominent social media players generally require website and app developers to do the following:

  • Ensure your Privacy Policy complies with applicable or relevant privacy laws
  • Make sure your actual data privacy practices reflect what is written in your Privacy Policy
  • Display your Privacy Policy in a conspicuous location, ideally before users make use of your social logins feature
  • Obtain consent from your users before taking any action on their behalf

Now that we're clear on what social logins are and why a Privacy Policy is required to implement them, let's examine the privacy requirements of top social networking platforms and see how you can comply.

Privacy Policy for Sign In With Twitter Social Login

Privacy Policy for Sign In With Twitter Social Login

Twitter was one of the early adopters of social login integration. In 2009, Twitter launched its social login button to help users quickly and conveniently sign in to any website or app that integrates the Twitter login feature. This way, users can easily circumvent any long or tedious registration process.

In order to use the Twitter login button, website and app developers must comply with Twitter's rules for having a Privacy Policy. To start, developers must comply with the basic requirements for using Twitter's login button as specified in its Developer Policy. This includes:

  • Making it easy for users to sign in and out of Twitter (e.g., through the OAuth protocol)
  • Displaying the Twitter login button as prominently as other sign-up or sign-in features on their website or app, and
  • Properly presenting users' Twitter identity once they use the Twitter login button

Here's how Twitter displays this:

Twitter Developer Policy: Rules for specific Twitter services or features chapter - Twitter Login section

In terms of privacy requirements, developers must maintain a reasonable level of commitment to the privacy and control of users when employing any of Twitter's services. In keeping with these principles, developers must do the following:

  • Provide a "clear, comprehensive, and transparent" Privacy Policy, and
  • Obtain "express and informed consent" from each user before taking any action on their behalf

Failing to comply with these requirements can result in an enforcement action, including suspension and termination from employing Twitter's services:

Twitter Developer Policy: Privacy and control are essential clause

Further below in its Developer Policy, Twitter expands on how developers can comply with the requirements outlined above. Let's go over each in turn.

Twitter Login Button Privacy Policy Requirement

To satisfy Twitter's Privacy Policy requirement, your Privacy Policy must, at minimum, include the following details:

  • The type of information you collect from your users
  • How that information is used and shared with third parties (including Twitter), and
  • How users can contact you with questions or requests regarding their information

Importantly, Twitter requires that you display your Privacy Policy to users before they "download, install, or sign up" to your website or app. In addition, your Privacy Policy must be as protective as the Privacy Policy of Twitter and its affiliates.

Finally, your Privacy Policy must comply with all applicable laws. For instance, suppose you provide services to users based in Germany and Canada. In that case, you will likely need to comply with the GDPR and PIPEDA.

Note that you must stop using Twitter's services if you're unable to comply with either its Privacy Policy or yours:

Twitter Developer Policy: Your Privacy Policy clause

In an effort to give users more control over their information, Twitter requires you as a developer to obtain "express and informed" consent from users before doing any of the following:

  • Acting on users' behalf, including (but not limited to) posting tweets, following or unfollowing accounts, changing account information, launching a Periscope Broadcast, and adding hashtags or any other content to tweets
  • Republishing content accessed outside the Twitter API or other Twitter tools
  • Using an individual's Twitter content to advertise a product or service
  • Storing non-public content like direct messages (DMs) or other confidential information
  • Publishing private tweets or other confidential information

Now, let's briefly look at some examples of businesses implementing the Twitter login button appropriately and how their Privacy Policy acknowledges the use of social logins.

Twitter Login Button Example

YouNow complies with Twitter's requirements by prominently displaying the Twitter login icon and linking its Privacy Policy before users sign up on its platform, as seen below:

YouNow sign in page with Twitter login icon and Privacy Policy link highlighted

In its Privacy Policy, YouNow acknowledges its use of social sign-in as well as the type of personal information it collects once users sign-up through its social sign-in feature.

YouNow Privacy Policy: Personal data that we collect clause - Direct Collection excerpt

Medium, on the other hand, uses a button to display its Twitter sign-in option while linking its Privacy Policy and Terms of Service:

Medium sign in page with Sign-in with Twitter button and I Agree to Privacy Policy, and Terms of Service section highlighted

Medium also links its Privacy Policy within the Twitter login registration form and describes its controls over users' Twitter accounts so users can make an informed decision about whether to continue:

Medium Authorize Access sign in with Twitter page

Lastly, the Privacy Policy of Medium provides specific details about the information it collects once users connect their Twitter profile with Medium:

Medium Privacy Policy: Information We Collect from Other Sources clause

You can take this same approach to implement a Twitter social login button with your mobile app, as the Poll Pay app has done here:

Poll Pay iOS app sign-in screen with Twitter button and Privacy Policy link highlighted

When users first open the app, they immediately see a screen with multiple sign in options, including one for Twitter. You can see the Privacy Policy is also linked at the bottom of the screen. Tapping the link allows users to access the Privacy Policy before deciding whether or not to move forward with using the app.

Now let's look at how Google directs this process and what it requires from websites or apps that choose to use its social login feature.

Privacy Policy for Sign In With Google Social Login

Privacy Policy for Sign In With Google Social Login

Google is one of the top providers of social login integration, as a substantial number of websites and apps use its sign-in button.

In order to use the Google login button, website and app developers must comply with Google's rules for having a Privacy Policy. Google's requirements for developers are very similar to those of Twitter. For instance, in its Sign-In Branding Guidelines, Google requires developers to display its sign-in button as prominently as other third-party sign-in options:

Google Sign-in Branding Guidelines: Google Sign-in and other third party sign-in options clause - Equal prominence section

When it comes to user privacy, Google requires developers to comply with all applicable privacy laws as well as the Google API Services User Data Policy. To this effect, developers must publish and adhere to a Privacy Policy as stipulated in the Google API Terms of Service:

Google API Terms of Service: User Privacy and API Clients clause

To provide further guidance, let's briefly go over the requirements of a Google-compliant Privacy Policy.

Google Login Button Privacy Policy Requirement

To comply with Google's Privacy Policy requirements, the following must be observed:

  • Your Privacy Policy must be "accurate, comprehensive, and easily accessible."
  • Your Privacy Policy must describe (in detail) how your website or app collects, uses, stores, or shares users' information.
  • Your privacy practices must reflect the provisions in your Privacy Policy. You may, however, consider employing additional in-product notifications to ensure that users understand how you will handle their information.
  • You must notify users of any change to your data processing practices (e.g., through an update notice) and seek their consent to your updated Privacy Policy.
  • You must conspicuously display your Privacy Policy agreement along with any in-product notifications regarding your use of personal information. Where applicable, your disclosures must also be timely.

Here's how Google presents these requirements in its API Services User Data Policy:

Google API Services User Data Policy: Be transparent about the data you access with clear and prominent privacy disclosures section

Like most social login providers, Google requires developers to obtain consent before collecting and using personal information.

In particular, Google requires you as a developer to:

  • Only obtain information that is absolutely necessary to provide the services specified in your policies.
  • Where applicable, request user consent before taking any action on users' information.

Here's how this is displayed:

Google API Services User Data Policy: Request relevant permissions section

It's important to note that failure to comply with any of Google's policies may cause Google to "revoke or suspend" your access to all Google products and services:

Google API Services User Data Policy: Enforcement section

Google Login Button Example

Tinder complies with Google's requirement for equal prominence by displaying its login button as prominently as other sign-in options. It also links its Privacy Policy in a conspicuous location as Google requires:

Tinder login page with Log in with Google button and Privacy Policy highlighted

Once users click the Google login button, they are prompted to enter their Google sign-in credentials and are informed that Google will share their basic information with Tinder if they wish to continue. In doing this, Tinder has fulfilled its consent requirements:

Google Sign-in to Tinder page

Among other relevant information required by Google, Tinder acknowledges its collection of users' information through Google login in its Privacy Policy:

Tinder Privacy Policy: Information we receive from others clause - Social Media section highlighted

Just like Tinder, Airbnb provides a prominent "continue with Google" button and links its Privacy Policy within the sign-in form:

Airbnb sign-in page with Continue with Google button and Privacy Policy highlighted

In its Privacy Policy, Airbnb lets users know that it obtains their information from third-party services when users link, connect, or log in to its platform:

Airbnb Privacy Policy: Personal information We Collect from Third Parties clause - Third-Party Services section

Now let's look at what you'll need to do if you integrate the Facebook login feature on your website or app.

Privacy Policy for Facebook Social Login

Privacy Policy for Facebook Social Login

As the first and most popular provider of social login integration, Facebook's login button is widely used by websites and apps the world over. Like other social logins, Facebook login improves user experience by allowing users to quickly sign up on a website or app without having to fill out a form or create a password.

However, developers must observe Facebook's regulations in order to enjoy the benefits of its login integration.

In order to use the Facebook login button, website and app developers must comply with Facebook's rules for having a Privacy Policy. The Developer Policies of Meta (Facebook's parent company) provides specific guidance to help developers compliantly implement its login button, as seen below:

Facebook Developer Policies: Login clause

For additional guidance on Facebook login integration, check out Facebook's article here with some of the company's suggested best practices.

Now let's take a look at Facebook's privacy requirements for developers.

Facebook Login Button Privacy Policy Requirement

To comply with Facebook's Privacy Policy requirement for developers, you must observe the following:

  • Provide a publicly available and easily accessible Privacy Policy.
  • Ensure your Privacy Policy complies with applicable laws and regulations.
  • Ensure your Privacy Policy accurately describes the information you process, how and why you process it, and how users can request that you delete it.
  • Ensure your data processing activities complies with the provisions of your Privacy Policy, applicable Meta Policies, and all applicable privacy laws and regulations.
  • Ensure your Privacy Policy remains consistent with applicable Meta terms or policies.
  • Retain all of your Privacy Policies while using Facebook and provide them upon request.
  • Link your Privacy Policies in the appropriate fields in your App Dashboard or App Store (if applicable) and ensure you keep the links up-to-date.

Here's how Facebook displays these requirements in its developer terms:

Facebook Meta for Developers Platform Terms: Privacy Policy section

Meta's Developer Policies includes a section titled "Give people control" that clearly outlines several requirements developers must observe with regard to users' information.

Among other requirements, developers must "obtain consent from users before publishing content or taking any other action on their behalf."

Facebook Developer Policies: Give people control clause

Facebook Login Button Example

Pinterest allows users with a Facebook account to log in automatically through its prominently displayed Facebook login button.

Note how Pinterest places its Privacy Policy below the login buttons to ensure users have read and consented to its data processing practices:

Pinterest sign-up page with Continue with Facebook button and Privacy Policy link highlighted

To obtain user consent, Pinterest informs users that it will connect their Facebook account to Pinterest if they click the continue button, as shown below:

Facebook log in to Pinterest page

Pinterest's Privacy Policy also mentions its connection to Facebook by letting users know what information it collects through Facebook login when users give their permission. This includes details like friends list and contact info to help improve users' experience:

Pinterest Privacy Policy: We collect information in a few different ways clause - When you give it to us or give us permission to obtain it section - Connect your Facebook or Google section highlighted

Fiverr also includes a Facebook login button alongside other third-party login buttons but doesn't link its Privacy Policy on the sign-in form:

Fiverr sign-in page with Continue with Facebook button highlighted

However, Fiverr's Privacy Policy can be found further below in the footer section of the website:

Fiverr website footer with Privacy Policy link highlighted

In its Privacy Policy, Fiverr mentions that its collects registration and profile information from third-party social media networks like Facebook, as shown below:

Fiverr Privacy Policy: Information We Receive from Third Parties clause - Login with third-party service section highlighted

You can implement a Facebook login button on a mobile app as well, as seen here from the Million Steps app:

Million Steps app with Continue with Facebook button and Privacy Policy link highlighted

Users are given a few different options for signing into the app upon downloading and opening the app for the first time. They're also linked to the company's Privacy Policy on this screen which they can tap to access before continuing.

Next up we'll check out how Apple directs users of its login functionality to implement it and disclose it properly.

Privacy Policy for Apple Social Login

Privacy Policy for Apple Social Login

As one of the biggest tech companies in the world right now, Apple needs no introduction. Not surprisingly, the Apple login button is among the most widely used social logins on websites and apps worldwide alongside Facebook and Google. With the Apple login button, users can now use their Apple ID to quickly sign in to any website or app that offers Apple login functionality, thereby circumventing the standard sign-up process.

In order to use the Apple login button, website and app developers must comply with Apple's rules for having a Privacy Policy. In order to implement this button on your website or app, you must observe Apple's extensive regulations. The Apple Human Interface Guidelines is a good place to start.

This document briefly explains how the Apple login button works and specifies several guidelines developers must follow to be considered compliant. They are as follows:

  • Ask users to sign in only in exchange for value (e.g., personalization, access to additional features, or synchronizing data)
  • Consider implementing the "Sign in with Apple" button for every version of your website or app (including non-Apple platforms)
  • Delay sign-in for as long as possible to let users familiarize themselves with your website or app before deciding to commit
  • If you run an ecommerce website or app, let users make a purchase before asking them to create an account
  • Outline the benefits of using the "Sign in with Apple" button
  • Consider letting users link an existing account to "Sign in with Apple"

In addition to these requirements, you must take note of Apple's Usage Guidelines for Websites and Other Platforms, most notably the prohibited uses, as seen below:

Apple Usage Guidelines for Websites and Other Platforms: Prohibited Uses section

Now let's go over Apple's privacy obligations for developers on its platform.

Apple Login Button Privacy Policy Requirement

In section 3.3.10 of its Developer Program License Agreement, Apple outlines several privacy obligations developers must observe, including the requirement to provide a Privacy Policy. These obligations are as follows:

  • Provide a Privacy Policy on your website or app, as well as in the app store (if applicable)
  • Clearly explain how you collect, use, store, disclose and delete users' information (typically with your Privacy Policy)
  • Take appropriate measures to protect personal information from unauthorized access, use, or disclosure
  • Stop collecting, using, and disclosing personal information once users withdraw their consent
  • Notify users of any information breach as stipulated by applicable privacy laws

Here's how Apple displays these provisions:

Apple Developer Program License Agreement: User Interface, Data Collection, Local Laws, and Privacy clause

For app developers, the Apple App Store Review Guidelines also require a compliant Privacy Policy to be provided:

Apple App Store Review Guidelines: Data Collection and Storage clause - Privacy Policy requirements highlighted

Like other major social platforms, Apple's consent requirements are explicitly addressed in its policies.

To comply accordingly, you must obtain consent from users before collecting their personal information. You must also get the approval of users before changing how you use personal information. Here's how it's stated in the Developer Program License Agreement:

Apple Developer Program License Agreement: No collecting user data without consent section

Apple Login Button Example

Here's how Bumble prominently displays its "continue with Apple" button on its sign-up page and links to its Privacy Policy below:

Bumble sign-up page with Continue with Apple button and Privacy Policy link highlighted

As required by Apple, Bumble's Privacy Policy acknowledges its use of Apple login and explains what information it collects and how it will be used when users connect to Apple.

Bumble also clarifies what happens to users' information when they disconnect the social login feature and how to stop all access to their information:

Bumble Privacy Policy: Linking other accounts to Bumble clause - Social media sign-in section

Like Bumble, Reddit offers a quick and easy Apple login button that links to the Privacy Policy within the login page:

Reddit log-in page with Continue with Apple button and Privacy Policy link highlighted

Within its Privacy Policy, Reddit goes on to describe the data it collects from third-party services when users link both services:

Reddit Privacy Policy: Information Collected from Other Sources clause - Linked services section

If your mobile app allows users to sign in with their existing Apple accounts, you can add such a button to your app's initial screen that users will see upon opening your app for the first time.

You can and should also link your Privacy Policy to this "welcome" screen, such as the Fancy Giveaways app has done here:

Fancy Giveaways iOS app with Continue with Apple button and Privacy Policy link highlighted

LinkedIn is next on our list of social login integrations and privacy requirements. Let's look at what it requires and how to comply.

Privacy Policy for LinkedIn Social Login

Privacy Policy for LinkedIn Social Login

As the leading social media platform for professional networking and career development, LinkedIn is highly relevant, especially in the B2B space.

Like other social logins, the LinkedIn login button reduces friction and helps business obtain more sign-ups for their websites and apps without the need to fill out a registration form.

In order to use the LinkedIn login button, website and app developers must comply with LinkedIn's rules for having a Privacy Policy. LinkedIn's privacy requirements for developers are also similar to those of Twitter and Google, with a few slight differences.

Let's briefly go over these requirements.

LinkedIn Login Button Privacy Policy Requirement

The LinkedIn API Terms of Use comprehensively explain the general requirements and privacy obligations developers must observe in order to use its services.

It's worth noting that, unlike other social logins, LinkedIn requires developers to provide a User Agreement in addition to their Privacy Policy. Essentially, your legal documents and privacy practices must meet specific standards as outlined below:

  • Your Privacy Policy must be readily available and prominently displayed, particularly where users access your website or download your app.
  • Your actual privacy practices must meet applicable legal standards.
  • Your Privacy Policy must accurately explain how you collect, use, store, and share users' personal information.
  • If you offer enterprise services, you must enter into separate agreements with your customers and explain how you will access their LinkedIn accounts and content on their behalf.
  • You must promptly notify LinkedIn of any violations of your User Agreement or Privacy Policy that may affect users.
  • Your Privacy Policy must be as "stringent and user-friendly" as LinkedIn's.

Here's how LinkedIn displays these requirements:

LinkedIn API Terms of Use: Your User Agreement and Privacy Policy clause

Like most other social networking platforms, LinkedIn requires developers to obtain consent from users before taking any action on their accounts or personal information.

To that effect, LinkedIn provides specific guidelines you must observe to get legally valid user consent. They are as follows:

  • When obtaining user consent, explain when you will collect users' personal information, how you will use it, and how users can withdraw their consent.
  • Consent must be freely given and meet the standards set by applicable privacy laws.
  • Consent should be provided through a statement or an explicit affirmative action.
  • When a user's member token and OAuth access token (i.e., a piece of data you use to make API requests on behalf of a user) expires, you must regain users' consent to continue collecting and storing their personal information.

Here's how LinkedIn presents these requirements in its API Terms of Use:

LinkedIn API Terms of Use: LinkedIn Member Consent clause

LinkedIn Login Button Example

Indeed includes a "Log in with LinkedIn" button along with other third-party social logins to help applicants with LinkedIn profiles quickly sign in to their Indeed account:

Indeed login page with Log in with LinkedIn button highlighted

When applicants click the login button and provide their LinkedIn sign-in information, Indeed seeks their consent to use their names, email addresses, and profile photos:

LinkedIn authorization page

Further below on the login page, Indeed links its Privacy Policy:

Indeed login page with Privacy Policy link highlighted

Within its Applicant Privacy Policy, Indeed briefly addresses its collection of Applicant Personal Data (APD) from third-party services and explains how that information is used:

Indeed Privacy Policy: APD Provided by Third Parties clause

Privacy Policy for Instagram Social Login

Privacy Policy for Instagram Social Login

In 2012, Instagram was acquired by the multinational tech conglomerate, Meta Platforms (also known as Facebook's parent company). As a subsidiary of Meta, Instagram is now governed by the same set of developer rules that apply to Facebook.

In other words, the technical requirements and privacy obligations for the Facebook login button (as described in the Facebook section of this article) also apply to the Instagram login button.

In order to use the Instagram login button, website and app developers must comply with Facebook's rules for having a Privacy Policy.

Here's how Meta discloses this update in its Developer Policies, in an information box at the top of the page:

Meta Developer Policies new terms notice

To recap, here are the key things to keep in mind when implementing the Instagram login button:

  • Adhere to the Meta Developer Policies to properly implement the login button (as displayed in the Facebook login section)
  • Publish a publicly available and easily accessible Privacy Policy
  • Include sufficient information about how you collect, use, disclose, and (upon request) delete personal information in your Privacy Policy
  • Ensure your Privacy Policy complies with applicable privacy laws, as well as Meta's terms and policies
  • Ensure you comply with the provisions in your Privacy Policy
  • Provide links to your Privacy Policy in prominent locations on your website or app, and keep the links updated
  • Comply with the requirements specified in the "Give people control" section of Meta's Developer Policies

Instagram Login Button Example

You've likely seen the option to log in to a site or app via your existing Instagram account, like this one:

Login buttons with Login With Instagram highlighted

Thismoment's Cookie Policy specifically addresses Instagram login and includes links to Instagram's Privacy Policy and Cookie Policy as shown below:

Thismoment Cookie Policy: Cookies Placed by Third Parties clause - Instagram section

In its Privacy Policy, Thismoment informs users that it collects their information from third-party services connected to their accounts. It also disclaims liability here by referring users to review the Privacy Policy of third-party services as well as any permission notice they receive:

Thismoment Privacy Policy: Information from services that you use to connect our service clause

For our final social login integration, we will take a look at how Amazon does this.

Privacy Policy for Amazon Social Login

Privacy Policy for Amazon Social Login

Although less commonly used than other social logins, Amazon login works just as well for businesses and users. It presents a quick and efficient solution for users to register or sign in to a website or app without having to fill out the standard registration form.

In order to use the Amazon login button, website and app developers must comply with Amazon's rules for having a Privacy Policy. To help developers implement its login button, Amazon provides a Login with Amazon Developer Guide for Websites. This guide explains in detail the technical implementation of the Amazon login button to help developers properly integrate it on their websites and apps.

Admittedly, Amazon's privacy requirements for websites and apps aren't particularly comprehensive. The most notable privacy requirement for developers is to provide a Privacy Notice URL in the applicable section of their website or app:

Login with Amazon Developer Guide for Websites: Client Application section

To remain compliant with Amazon's privacy requirements (and as a best practice), your Privacy Policy must inform users what type of information you collect from them when they use the Amazon login button.

Let's see an example.

Amazon Login Button Example

Aoyue allows users to skip the standard login method and sign in through its Amazon login button while outlining the advantages of doing so:

Aoyue login page with Sign in with Amazon button and login advantages highlighted

Notably, Aoyue doesn't link its Privacy Policy in the login form, but it does link it in the footer section of the login page (which is also a valid option):

Aoyue website footer with Privacy Policy link highlighted

Aoyue specifically addresses its implementation of Amazon login in its Privacy Policy.

Although the phrasing is not so easy-to-follow, Aoyue essentially lets users know that details like user ID, name, and email address will be collected when they use the Amazon login button but only after receiving express consent.

To obtain more information about the purpose and scope of the information collected, Aoyue refers users to Amazon's Privacy Policy, as shown below:

Aoyue Privacy Policy: Login with Amazon clause

The highlighted sections above state as follows:

"Using the Amazon login button on our website allows you to log in or register on our website using your Amazon user data. Only if you give your express consent in accordance with Art. 6 (1) point a GDPR prior to the registration process based on a corresponding notice about the exchange of data with Amazon, will we receive the publicly accessible information stored in your profile when you use the Amazon button, depending on your personally made data protection settings. This information includes the user ID, name, address, email address, age, and gender"

"The purpose and scope of the data collection and further processing and use of the data by Amazon, as well as your rights in this regard and setting options for protecting your privacy, can be found in Amazon's privacy policy: https://www.amazon.de/gp/help/customer/display.html?language=en_GB&nodeId=201909010."

Summary

As a developer, integrating a social login button undoubtedly presents benefits for your website or app. However, to implement these buttons appropriately, you need to observe certain privacy obligations.

Although the requirements are slightly different for each social login button outlined above, the core concept remains the same for all.

Regardless of which social login buttons you wish to use, here are the takeaways to ensure a compliant login integration:

  • Provide a publicly available Privacy Policy and send out update notices when you make any changes.
  • Let users know what personal information you collect about them, how you plan to use it, and who you plan to share it with (typically within your Privacy Policy).
  • Ensure your Privacy Policy complies with all applicable privacy laws.
  • Make sure your privacy practices reflect what is written in your Privacy Policy.
  • Comply with all requirements outlined in the Developer Terms and Policies of applicable third-party social media platforms.
  • Obtain consent from users before collecting and using their information.
  • Provide a way for users to withdraw consent anytime they wish.

Create Privacy Policy, Terms & Conditions and other legal agreements in a few minutes. Free to use, free to download.

Get started today ⇢

Screenshot of TermsFeed Generator

Stephen Titcombe

Stephen Titcombe

Legal writer at TermsFeed

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.