When a user asks a developer to delete their data or removes app permissions, the developer must delete that data within 90 days — and must also delete data if Meta removes their API access.
This analysis describes what Meta's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes a specific operational timeline and procedural mechanism for data deletion compliance. It clarifies that deletion obligations are triggered by user request, consent withdrawal, or permission removal, with a defined 90-day performance window.
If you revoke a third-party app's access to your Facebook data, that app is contractually required to delete your data within 90 days — giving you a meaningful data erasure right enforced through Meta's developer terms.
How other platforms handle this
Please note there are situations where Spotify is unable to delete your data, for example when: it's still necessary to process the data for the purpose we collected it for; we have an overriding interest in continuing to process the data, for example where we need the data to protect our services f...
If you follow the instructions here, your account will be deactivated and your data will be queued for deletion. When deactivated, your X account, including your display name, username, and public profile, will no longer be viewable on X.com, X for iOS, and X for Android. For up to 30 days after dea...
When you delete your account, your profile is no longer visible to other users and disassociated from content you posted under that account. Please note, however, that the posts, comments, and messages you submitted prior to deleting your account will still be visible to others unless you first dele...
Monitoring
Meta has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If a User requests that you delete their data or withdraws their consent for you to access or use their data, you must promptly comply and, in any event, within 90 days of their request. You must also delete Platform Data you have received if your app's access to the relevant permission or feature is removed, unless we tell you otherwise or applicable law requires retention.— Excerpt from Meta's Meta Platform Policy
(1) REGULATORY FRAMEWORK: This provision directly implicates GDPR Art. 17 (right to erasure/'right to be forgotten'), which requires deletion without undue delay and generally within one month, making the 90-day window potentially non-compliant for EU users unless the 'complex request' extension under Art. 12(3) applies. CCPA/CPRA §1798.105 requires businesses to delete consumer personal information upon verifiable request within 45 business days (with one 45-day extension), making the 90-day period potentially non-compliant for California residents. COPPA 16 CFR §312.10 requires deletion of children's personal information when no longer needed. Enforcement authorities include: Irish DPC and EU SAs (GDPR), CPPA and California AG (CCPA/CPRA), FTC (COPPA). (2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes a specific operational timeline and procedural mechanism for data deletion compliance. It clarifies that deletion obligations are triggered by user request, consent withdrawal, or permission removal, with a defined 90-day performance window.
If you revoke a third-party app's access to your Facebook data, that app is contractually required to delete your data within 90 days — giving you a meaningful data erasure right enforced through Meta's developer terms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Meta.