Best Practices

Before you access use cases, permissions or features (for some apps this is called advanced access) or complete your Data Use Checkup, please review the following best practices regarding how you or your organization handles data.

If you’ve been asked to improve your data handling practices, please review these best practices and make any updates needed before re-submitting the data handling questions.

If you need additional clarification about the data handling questions, you can reach out to Meta directly. Within the Data Handling Questions, on the bottom of the page you will see a section titled Need Help? Go to Developer Support. Click on the link and you will receive a pop-up through which you can submit a clarifying question.

Before You Start

To prepare to answer the data handling questions, we recommend that you:

  • Review our Platform Terms and Developer Policies.
  • Review the Data Handling Questions Content.
  • Review the best practices on this page.
  • Review the Business Verification process and ensure the app is connected to a verified business. Apps that request advanced access for permissions or features must be connected to a verified business. See our blog post for more information on Business Verification.
  • Review our App Review process which is required when you request advanced access to most permissions and features.
  • Review our Data Use Checkup process, which is an annual checkup to make sure your API access and data use comply with our Platform Terms and Developer Policies.

Permissions

Review and only request the permissions and features that your app needs to function as intended.

For apps that require access to use cases, permissions or features (for some apps this is called advanced access): Be careful to only request and use the use cases, permissions or features that your app needs to function as intended.

For apps that have been published live with a use case, or that have advanced access to permissions and/or features: Review the permissions and/or features connected to the app. Learn more about access levels.

Data Processor or Service Provider

Review your data processors or service providers, including your own companies, and the countries in which they process the personal data of users received from Meta. We encourage the use of data processors or service providers located in countries with strong data protection laws. For example, here is a list of countries that the European Commission has deemed to have adequate data protection laws.

Many data processors or service providers provide location(s) on their corporate website.

Policies for Disclosing Personal Data of Users

Review your policies for disclosing personal data of users to public authorities. We encourage you to have policies and procedures for reviewing the legality of requests from public authorities for access to personal data of users and provisions for challenging the legality or scope of those requests if you consider them unlawful. Finally, we encourage you to have policies or processes to disclose the minimum data necessary to respond to lawful requests from public authorities to access personal data of users.

Meta may restrict or deny access if you answered that you are prohibited from telling us whether you provided the personal data of users to public authorities, or about your procedures for handling such requests.

Documentation of Requests

Review your procedures and processes for documenting requests from public authorities. We encourage documentation of the request, your response to the request and the outcome of the request.

For Apps Requiring Access to Use Cases, Permissions or Features

How to start data handling questions

If you create an app with a use case or require access to permissions or features (for some apps this is called advanced access), you will be prompted to answer data handling questions before App Review.

Ensure app is connected to a verified business

Creating a new app requires that you connect apps to a verified Meta Business Account. If you don’t have one, follow this process to create a new Business Account and verify it. Only business administrators can complete this step. After you submit business verification, you can continue to the next step.

Answer data handling questions

Your answers are auto-saved. After clicking submit, your responses will be evaluated.

View your results

Your data handling questions submission will be reviewed promptly. If you are granted the use case or advanced access, you may continue to the App Review process, if you are requesting other permissions and features that require it.

If your app was not granted the use case or advanced access, please review the guidance provided and make the adjustments recommended before submitting your request again.

For Apps That Have been Published Live with a Use Case, or that have Advanced Access to Permissions and Features

Completing the Data Use Checkup

You will receive notifications in your email and Alerts Inbox indicating that DUC is required. Please follow the DUC process. You will be prompted to answer and submit your answers to the data handling questions.

View your results

Once you submit your Data Use Checkup, within a few days you will receive a message in an email and the Alerts Inbox with results. If the checkup is complete, no further action will be required. If changes to your data handling practices are required, you will be asked to update these and re-submit the data handling questions.