Facebook Platform Policies
This agreement was written in English (US). To the extent any translated version of this agreement conflicts with the English version, the English version controls.
Date of Last Revision: August 8, 2012
Facebook Platform is an extension of Facebook, whose mission is to make the world more open and connected.
Platform applications and developers are required to comply with, and are subject to, the following documents:
- Statement of Rights and Responsibilities: requirements for anyone who uses Facebook.
- Principles: the spirit of the law for Platform.
- Policies: the letter of the law for Platform.
Here are some Examples and Explanations for specifics.
Create a great user experience
- Build social and engaging applications
- Give users choice and control
- Help users share expressive and relevant content
- Respect privacy
- Don't mislead, confuse, defraud, or surprise users
- Don't spam - encourage authentic communications
I. Features and Functionality
- You must not violate any law or the rights of any individual or entity, and must not expose Facebook or Facebook users to harm or legal liability as determined by us in our sole discretion. In particular you will (if applicable): comply with the Video Privacy Protection Act (VPPA), and obtain any opt-in consent necessary from users so that user data subject to the VPPA may be shared on Facebook. You represent that any disclosure to us will not be incidental to the ordinary course of your business.
- You must not include functionality that proxies, requests or collects Facebook usernames or passwords.
- You must not circumvent (or claim to circumvent) our intended limitations on core Facebook features and functionality.
- If you offer a service for a user that integrates user data into a physical product (such as a scrapbook or calendar), you must only create a physical product for that user's personal and non-commercial use.
- If you exceed, or plan to exceed, any of the following thresholds please contact us as you may be subject to additional terms: (>5M MAU) or (>100M API calls per day) or (>50M impressions per day).
- Your website must offer an explicit "Log Out" option that also logs the user out of Facebook.
- Special provision for apps on Pages: When a user visits your Page, if they have not given explicit permission by authorizing your Facebook app or directly providing information to your Page, you may only use information obtained from us and the user's interaction with your Page in connection with that Page. For example, although you may use aggregate analytics for your individual Page, you must not combine information from any other sources to customize the user's experience on your Page and may not use any information about the user's interaction with your Page in any other context (such as analytics or customization across other Pages or websites).
- You must not use or make derivative use of Facebook icons, or use terms for Facebook features and functionality, if such use could confuse users into thinking that the reference is to Facebook features or functionality.
- Games that are an App on Facebook or Mobile Web must use Facebook Payments as their sole and exclusive payment method for all virtual goods and currencies made available to users within the game. All other payment options are prohibited within games that are on Apps on Facebook or Mobile Web unless they go through Facebook Payments rather than directly through that payment option. By “Payment Method” we mean any method that allows a user to complete a transaction where the user receives virtual currency or virtual goods in a game that is an App on Facebook or Mobile Web in exchange for anything of value, including, without limitation, by exchanging monetary value for virtual currency or virtual goods, whether directly at the time of purchase or via any previous transaction such as the user's earlier purchase of a prepaid gift card or electronic code. In-game rewards of virtual currency or virtual goods earned by users through game-play activity alone are exempt from this definition.
- Mobile Web Apps that are running within the Facebook iOS app must not accept payments. In particular, these apps must not reference, use, or otherwise encourage the use of Facebook Payments or other non-iOS approved payment methods.
- Applications may reward users with virtual currency or virtual goods in exchange for user actions that do not involve third parties, but rewards for user actions that involve third parties must be powered by Facebook Payments by integrating Facebook Payments offers. For example, you may not reward users with virtual currency or virtual goods in exchange for any action in which personally identifiable information is shared with a third party, you may not reward users with virtual currency or virtual goods in exchange for third party downloads, such as toolbars or ringtones, and you may not reward users with virtual currency for engaging in passive actions offered by third parties, such as watching a video, playing a mini-game, or taking an anonymous poll.
- Competing social networks: (a) You may not use Facebook Platform to export user data into a competing social network without our permission; (b) Apps on Facebook may not integrate, link to, promote, distribute, or redirect to any app on any other competing social network.
- The primary purpose of your Canvas or Page Tab app on Facebook must not be to simply redirect users out of the Facebook experience and onto an external site.
- You must not include data obtained from us in any search engine or directory without our written permission.
II. Storing and Using Data You Receive From Us
- You will only request the data you need to operate your application.
- You may cache data you receive through use of the Facebook API in order to improve your application’s user experience, but you should try to keep the data up to date. This permission does not give you any rights to such data.
- A user's friends' data can only be used in the context of the user's experience on your application.
- Subject to certain restrictions, including on transfer, users give you their basic account information when they connect with your application. For all other data obtained through use of the Facebook API, you must obtain explicit consent from the user who provided the data to us before using it for any purpose other than displaying it back to the user on your application.
- You will not directly or indirectly transfer any data you receive from us, including user data or Facebook User IDs, to (or use such data in connection with) any ad network, ad exchange, data broker, or other advertising or monetization related toolset, even if a user consents to such transfer or use. By indirectly we mean you cannot, for example, transfer data to a third party who then transfers the data to an ad network. By any data we mean all data obtained through use of the Facebook Platform (API, Social Plugins, etc.), including aggregate, anonymous or derivative data.
- You will not use Facebook User IDs for any purpose outside your application (e.g., your infrastructure, code, or services necessary to build and run your application). Facebook User IDs may be used with external services that you use to build and run your application, such as a web infrastructure service or a distributed computing platform, but only if those services are necessary to running your application and the service has a contractual obligation with you to keep Facebook User IDs confidential.
- If you need an anonymous unique identifier to share outside your application with third parties such as content partners, advertisers, or ad networks, you must use our mechanism. You must never share this anonymous unique identifier with a data broker, information broker, or any other service that we may define as such under our sole discretion.
- You will not sell any data. If you are acquired by or merge with a third party, you can continue to use user data within your application, but you cannot transfer data outside your application.
- If you stop using Platform or we disable your application, you must delete all data you have received through use of the Facebook API unless: (a) it is basic account information; or (b) you have received explicit consent from the user to retain their data.
- You cannot use a user’s friend list outside of your application, even if a user consents to such use, but you can use connections between users who have both connected to your application.
- You will delete all data you receive from us concerning a user if the user asks you to do so, and will provide an easily accessible mechanism for users to make such a request. We may require you to delete data you receive from the Facebook API if you violate our terms.
- You will not include data you receive from us concerning a user in any advertising creative, even if a user consents to such use.
- You must not give your secret key to another party, unless that party is an agent acting on your behalf as an operator of your application. You are responsible for all activities that occur under your account identifiers.
- Responsibility for content: You are responsible for all content of and within your application, including advertisements, user-generated content, and any content hosted, streamed or otherwise delivered to users by third parties. You must make it clear that this content is not provided by Facebook. You must also comply with the Facebook Community Standards.
- Demographic restrictions: You are responsible for restricting access to your content in accordance with our content policies and all applicable laws and regulations. Although we provide controls to assist with this, please note that we make no representations regarding the sufficiency of any controls provided to you and that you are ultimately responsible for establishing legally compliant restrictions for each country where your app is visible.
- Advertisements and cross-promotions:
a. You must not include advertisements, cross-promote other applications, or provide web search functionality in content distributed through Facebook social channels.
b. You can only utilize advertising or similar monetization related products or services from companies that appear on this list of Advertising Providers within Apps on Facebook.com.
- Promotions: If you run, reference, or facilitate a promotion (contest, competition, or sweepstake) on Facebook, you must comply with Facebook’s Promotions Guidelines.
- Permission from Facebook: You must not promote, or provide content referencing, facilitating, or containing online gambling, games of skill or lotteries without our written permission.
B. Content Rights
- You agree that you will not promote or provide content that references, facilitates, contains or uses content that infringes upon the rights of any third party, including intellectual property rights, privacy, publicity, moral or other personal or proprietary rights, or that is deceptive or fraudulent.
- You must ensure that you own or have secured all rights necessary to copy, display, distribute, deliver, render and publicly perform all content of or within your application to Facebook users in all countries where you make the content available.
- You are responsible for all licensing, reporting and payout obligations to third parties required in connection with content of or within your application.
- You must use commercially reasonable geo-filtering technology to block access to your application's content in countries where you are unauthorized to deliver such content, or where delivery of such content would otherwise infringe the rights of a third party.
- Although we have no obligation to do so, in our sole discretion we may request, and you are required to provide us, proof that your application and any content of or within your application is properly licensed.
C. Third Party Content
If your application contains content submitted or provided by third parties, you must comply with the following rules:
- In the United States you must take all steps required to fall within the applicable safe harbors of the Digital Millennium Copyright Act including designating an agent to receive notices of claimed infringement, instituting a repeat infringer termination policy and implementing a "notice and takedown" process. In other countries, you must comply with local copyright laws and implement an appropriate "notice and takedown" process upon receiving a notice of claimed infringement.
IV. Application Integration Points
- You must not incentivize users to use (or gate content behind the use of) Facebook social channels, or imply that an incentive is directly tied to the use of our channels.
- You must not pre-fill any of the fields associated with the following products, unless the user manually generated the content earlier in the workflow: Stream stories (user_message parameter for Facebook.streamPublish and FB.Connect.streamPublish, and message parameter for stream.publish), Photos (caption), Videos (description), Notes (title and content), Links (comment), and Jabber/XMPP.
- If a user grants you a publishing permission, actions you take on the user's behalf must be expected by the user and consistent with the user's actions within your app.
- Platform integrations, including social plugins:
a. Your advertisements must not include or be paired with any Platform integrations, including social plugins such as the Like button, without our written permission.
b. You must not sell or purchase placement of a Like button or Like box plugin.
c. You must not incentivize users to Like any Page other than your own site or application, and any incentive you provide must be available to new and existing users who Like your Page.
d. You must not obscure or cover elements of our social plugins, such as the Like button or Like box plugin.
e. Ad networks, ad exchanges, and data brokers must not use Facebook’s Platform, logos, and trademarks (including, but not limited to, Platform APIs, social plugins, the Share button, and the F logo).
- Facebook messaging (i.e., email sent to an @facebook.com address) is designed for communication between users, and not a channel for applications to communicate directly with users.
We can take enforcement action against you and any or all of your applications if we determine in our sole judgment that you or your application violates Facebook Platform Terms and Policies. Enforcement action is both automated and manual, and can include disabling your application, restricting you and your application's access to Platform functionality, terminating our agreements with you, or any other action as we in our sole discretion deem appropriate.
Communication with developers takes place via an email sent from the facebook.com or facebookmail.com domain to the contact email address registered to the application. To stay in touch, please ensure that your email address is current and that you do not filter out any such messages.
We can change these Platform Policies at any time without prior notice as we deem necessary. Your continued use of Platform constitutes acceptance of those changes.
- By "Application" we mean canvas page application, Platform integration, or any other technical integration we have assigned an application identification number.
- By "Facebook social channel" we mean Application Info Section, Page Tab, Feed, Requests (including invites), inbox attachments, Chat, Cover, Bookmarks, or any other feature of a user profile or Facebook communication channel in which or through which an application can provide, display, or deliver content directed at, on behalf of, or by permission of a user.
- By “basic account information” we mean: name, email, gender, birthday, current city, and profile picture URL.
- By "Facebook Platform Terms and Policies" we mean the Statement of Rights and Responsibilities and the Platform Policies.
- By "User data you receive from Facebook" we mean any data or content (including any images, text, or other information or materials) you receive from us, that was provided by users to us, or was associated by us with a particular user.
VIII. Branding and Promotion Policy
You must follow the guidelines set forth in the Facebook Brand Resource and Permissions Center.
Developers participating in the program for accepting payments are subject to these terms.
XI. Ads API
- You must use separate accounts for each client and use our multi-client manager functionality to structure your client accounts.
- You may offer a white-label version of your application to third parties, but may only do so by creating a unique application for each third party (or requiring each third party to create their own application), and then requesting that we grant these applications access to our Ads API. If you create a unique application on behalf of the third party, you must include a required field for your clients to agree to Facebook Terms and Policies.
- You may place 1x1 pixel view tags on certain advertisements with our prior authorization. All data collected or obtained by you or the advertiser, including but not limited to all view tag data that is not otherwise available through the Facebook service, and all data derived therefrom, may only be used by you or the advertiser on an anonymous basis to optimize and measure the performance of that advertiser's Facebook campaign. Neither you nor the advertiser may use data for the following purposes: retargeting whether on or off of the Facebook service; to commingle the data across multiple campaigns; to build or augment any user profiles, or to use piggybacking or redirects with the 1x1 pixel tags, or for any other purpose not expressly authorized by us.