Tutorial
Getting Started
When you click into your data access renewal assessment, you will be taken to a homepage that outlines the different sections of the assessment and the status of each section. At this point, you will be able to select which section of the assessment you would like to complete first. It is recommended that you complete these sections in order but it is not required.
The homepage will also provide a high level overview of the new process and the changes to expect. This will include a date in which you will need to complete the assessment in order to avoid access restrictions, things to know before you get started, and tips to consider during the process. Screenshots of this page can be found below.
Tracking Your Progress
Once you begin, you will be able to track your progress through the new progress bar located at the top of the assessment. The progress bar will update between sections to show how much of each section you have completed, and you will also be able to skip ahead to different sections as needed. If you choose to skip ahead to different sections, each section’s progress bar will be updated accordingly so you can track your progress in between sections.
Business Connection
Business connection will ask you to select a verified organization to connect to your app. This part of the assessment will allow you to select a business from your connected business portfolio. This section will list both verified and unverified organizations (pictured below). If your organization is not verified, you will need to submit Business Verification from the Business Suite. You can find the instructions on how to verify your business here.
If the business you want to connect to the app is already verified, select it and click Connect to proceed. Once connected, you will be able to proceed to the next step by clicking the next button in the bottom right corner of the screen. This does not need to be done immediately.
Allowed Usage
During the allowed usage section of data access renewal, you will be asked to certify that your app is using all advanced access permissions, features, and APIs according to their allowed usage. All the permissions and features that your app is currently accessing will be listed in this section. Any permissions and features that are not needed should be removed during this step, however your app may still be evaluated for permissions and features it could previously access. To certify your usage, click the checkbox next to the certification statement for each permission.
Data Handling Questions
The data handling section will ask you about your data handling practices. These questions are designed to validate that personal data received from Meta will be processed and transferred securely and in compliance with Meta’s Platform Terms and Developer Policies. This is part of Meta’s continued commitment to protecting people’s privacy and personal data—a responsibility that we share with all developers in our ecosystem.
Please note that "Platform Data" means any information, data or other content that you obtain from us, through Platform or through your app, whether directly or indirectly and whether before, on or after the date you agree to these terms, including data anonymised, aggregated or derived from such data. Platform Data includes all access tokens, the app secret, Meta user IDs, email addresses, profile pictures and usernames.
Platform Data may include a subset of personal data or personal information that relates to an identified or identifiable person.
Questions and choices can be found in the data handling section.
Data Protection
The Data Protection section is an annual requirement for some apps that require additional evaluation based on the data they can access. The questions in the assessment are designed to determine whether developers are complying with our Platform Terms as it relates to the use, sharing and protection of Platform Data. Apps that do not have to complete data protection will not see the data protection section in their overview page or in the progress bar.
The data protection section is split into four categories: app purpose, data sharing, data deletion, and data security.
The app purpose section is focused primarily on your app’s use of data and its purpose. Data sharing is focused on sharing data, including with service providers or sub-service providers. Data deletion dives deeper into when and how Platform Data is deleted from your systems. And lastly, data security will ask questions about how data is stored. To find the detailed list of questions you will be asked in the data protection section, please click here. You can also find the detailed data security requirements and guidance on how to answer here.
Reviewer Instructions
To keep the Meta platform and community safe, and in accordance with our Platform Terms, we periodically review apps for compliance with data use and other policies by evaluating user experience and how your app is using its current permissions, features, and products. In the last section of HCA, you will be asked to provide information to ensure that our reviewers can access the app and review all of its functionality.
The information provided should help our reviewers access your app, verify user experience, and test how your app uses the data received from Meta. When providing instructions, please verify that your app is currently functioning as expected and that your privacy policy is publicly accessible. If codes or gift cards are required to test your app, please make sure to provide ones that are currently valid.
This portion of data access renewal will first ask you to provide a valid privacy policy URL. If the URL is valid, you will be taken to the next section to provide details for how to find and access the app. There are different sections for a website and for mobile apps. Please provide instructions for both if applicable. You can find the list of questions for these sections here.
Submitting Your Assessment
Once you’ve completed every section of the assessment, you will be taken back to the overview page where you can optionally review each section. If you are certain that you have completed every section and are ready to submit, you can do so by clicking the ‘Submit’ button at the bottom of the page. You will be asked to certify that the answers you have given are true and that you are following Meta’s Platform Terms and Policies (pictured below).
Once you’ve submitted data access renewal you will get a confirmation message at the top of the page. Most submissions will be reviewed within 10-15 business days and you may get a request for more information if needed. If there are issues that need to be resolved, the process could take longer. View details on your submission here.