Privacy Policy URL for Facebook App

If you're currently developing an app for Facebook, you may be required to enter the URL of your Privacy Policy at the "Privacy Policy URL" field.

This requirement is mandatory when you want to make your app public and have the app featured in the App Store of Facebook or whenever your app requests information from users, i.e. the Sign-in with Facebook.

This means that a Privacy Policy is required for all Facebook apps - including yours - before the app is authorized to appear live.

But why is Facebook requiring you to have a URL to your Privacy Policy?

Because a Privacy Policy agreement is required by law if you collect personal information (email address, name, photo, and so on) from users.

A Privacy Policy is a legal statement that specifies what the owner of a business will and will not do with the personal data collected from its users.

When you use the APIs from Facebook, you're requesting personal information from users through Facebook. This triggers a number of laws aimed at protecting personal information, including the General Data Protection Regulation (GDPR).

Because you collect personal information from Facebook users, you're not only required to have this legal agreement for your Facebook app, but also have it for your website, mobile app, and so on.

Here's how the Privacy Policy URL field looks on your account dashboard, where you need to add the URL to this agreement:

Here's how you can find the Privacy Policy URL field:

1. Go to the Facebook for Developers website
2. Click the My Apps option in the top navigation menu



3. Click on the name of the app you want to add a Privacy Policy to
4. Click on Settings and select Basic



5. Add your Privacy Policy URL in the Privacy Policy URL field

Your Facebook App will not go live if you don't have a public URL for the "Privacy Policy URL" field.

This applies to apps that request personal information from users, but even for apps that don't collect any kind of personal information from users. If your app doesn't collect personal data, you may need a much simpler Privacy Policy just inform users of this.

The Privacy Policy must be hosted on your own website. Facebook doesn't offer any kind of static page hosting service for this.

If your app doesn't have a website yet, create your website and host the agreement there. You can read some of these best practices where to place the link to your Privacy Policy.

The URL must be public and accessible by all users, logged-in or not. Don't restrict the URL with a password in any way.

If your app is only used to allow users to log in using their Facebook accounts (the "Sign-in with Facebook" functionality), you'll still need to have a Privacy Policy ready as this will appear in the "Login Dialog" permission dialog when users click Okay:

If your app is going to appear in Facebook App Store (or App Center), the URL you saved in the dashboard will appear in the profile page of your app:

Buffer, the social sharing application, is using a Facebook app to allow users to login to Buffer directly with their Facebook accounts (the "Sign-in with Facebook" button):

This makes it easy for your app users to access your Privacy Policy before deciding whether or not they want to provide you with any of the personal information that you're requesting to access.

Please note that Facebook is also requiring you to have a URL for a Terms of Service agreement:

While a Terms of Service agreement isn't required by law like a Privacy Policy is, there are a number of good reasons to have one.

Keep your Facebook app compliant by creating and providing these two important legal agreements. It will help protect the legal rights of your customers, make sure your app gets to be distributed without issue, and show that your business is trustworthy and transparent.

Download the instructions: How to add the Privacy Policy URL to your Facebook app