This is Meta's Platform Terms document — the legally binding rules that app developers and businesses must follow when they build products using Facebook, Instagram, WhatsApp, or other Meta technologies. The most important thing it means for developers is that Meta can suspend or terminate your access to its platform — and all user data obtained through it — at any time, and you must delete that data upon termination with no right to retain it. If you are a developer using Meta's APIs, you should audit your data handling practices immediately to ensure you are not storing, selling, or transferring platform data in ways that violate these terms.
This document is Meta's Platform Terms (formerly Facebook Platform Policy), governing the contractual relationship between Meta Platforms, Inc. and third-party developers and entities who access Meta's APIs, SDKs, and platform technologies, with legal basis grounded in Meta's unilateral terms acceptance model. The most significant obligations include mandatory compliance with Meta's usage policies, data use restrictions (prohibiting the sale of platform data, restricting data transfers, and requiring deletion upon request or termination), and submission to Meta's audit rights and enforcement mechanisms including unilateral suspension or termination of platform access. A notable provision allows Meta to modify the terms at any time with notice delivered solely via developer documentation updates, placing the burden of monitoring policy changes entirely on developers — a departure from the industry standard of affirmative notice for material changes. The document engages GDPR (particularly Art. 6 lawful basis, Art. 28 processor obligations, and Art. 44-49 transfer restrictions), CCPA/CPRA (§1798.100 et seq.), COPPA (16 CFR Part 312) given restrictions on data from minors, and FTC Act Section 5 unfair or deceptive practices standards; compliance teams must assess whether their data handling under this policy satisfies independent regulatory obligations beyond Meta's contractual requirements.
🔒 Institutional analysis locked
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Upgrade to Professional — $149/mo2 changes analyzed since monitoring began.
This new provision specifically restricts targeting and advertising practices toward minors, introducing explicit COPPA compliance requirements absent from the previous version.
This new provision shifts legal and financial risk to developers by requiring indemnification of Meta and its personnel for any claims arising from platform use or terms violations.
Removal of comprehensive sensitive data restrictions eliminates explicit prohibitions on collecting health, financial, biometric, and government ID information, potentially expanding what data developers can access.
Removal of explicit mandatory user consent requirements weakens data protection by eliminating requirements for affirmative, informed, specific, and unambiguous consent prior to data access.
Provision substantially weakened by removing the requirement for discretionary justification, now allowing termination 'for any reason' without specified cause.
Requirement narrowed from user-initiated deletion requests (with 90-day timeline) to only termination scenarios, and changed from 'tell you otherwise' to requiring 'written permission' for retention.
Scope of prohibited transferees narrowed by removing 'data aggregation or analytics provider' and 'any other party that collects, brokers, or sells data about people,' now limited to advertising and monetization-related services only.
Scope shifted from general app compliance auditing to privacy-specific audits, and added explicit language that audit results may be used to determine platform access continuation.
License scope dramatically narrowed to apply only to 'feedback, suggestions, or other content' rather than all platform use, and removed explicit mention of derivative works and post-termination survival.
Cross-platform context
See how other platforms handle 90-Day Platform Data Deletion Obligation and similar clauses.
Compare across platforms →