Responsible Platform Initiatives

Best Practices

Before you access use cases, permissions or features (for some apps this is called advanced access) or complete your Data Use Checkup, please review the following best practices regarding how you or your organization handles data.

If you’ve been asked to improve your data handling practices, please review these best practices and make any updates needed before re-submitting the data handling questions.

If you need additional clarification about the data handling questions, you can reach out to Meta directly. Within the Data Handling Questions, on the bottom of the page you will see a section titled Need Help? Go to Developer Support. Click on the link and you will receive a pop-up through which you can submit a clarifying question.

Before You Start

To prepare to answer the data handling questions, we recommend that you:

  • Review our Platform Terms and Developer Policies.
  • Review the Data Handling Questions Content.
  • Review the best practices on this page.
  • Review the Business Verification process and ensure the app is connected to a verified business. Apps that request advanced access for permissions or features must be connected to a verified business. See our blog post for more information on Business Verification.
  • Review our App Review process which is required when you request advanced access to most permissions and features.
  • Review our Data Use Checkup process, which is an annual checkup to make sure your API access and data use comply with our Platform Terms and Developer Policies.

Permissions

Review and only request the permissions and features that your app needs to function as intended.

For apps that require access to use cases, permissions or features (for some apps this is called advanced access): Be careful to only request and use the use cases, permissions or features that your app needs to function as intended.

For apps have been published live with a use case, or that have advanced access to permissions or features: Review the permissions and features connected to the app. Switch any permissions and features that are not needed to standard access, or no access. Learn more about access levels.

Data Processor

Review your data processors, including your own companies, and the countries in which they process the personal data of users received from Meta. We encourage the use of data processors located in countries with strong data protection laws. For example, here is a list of countries that the European Commission has deemed to have adequate data protection laws.

Many data processors provide location(s) on their corporate website.

Policies for Disclosing Personal Data of Users

Review your policies for disclosing personal data of users to public authorities. We encourage you to have policies and procedures for reviewing the legality of requests from public authorities for access to personal data of users and provisions for challenging the legality or scope of those requests if you consider them unlawful. Finally, we encourage you to have policies or processes to disclose the minimum data necessary to respond to lawful requests from public authorities to access personal data of users.

Meta may restrict or deny access if you answered that you are prohibited from telling us whether you provided the personal data of users to public authorities, or about your procedures for handling such requests.

Documentation of Requests

Review your procedures and processes for documenting requests from public authorities. We encourage documentation of the request, your response to the request and the outcome of the request.