Data Deletion Request Callback

By NeoqueenAdmin, August 4, 2022

Apps that access user data must provide a way for users to request that their data be deleted. Your app can satisfy this requirement in one of two ways:

  • Implement a Data Deletion Request Callback.
  • Provide a URL with explicit instructions for app users on how to delete their data by way of a third-party website or tool. The third-party website may be the relevant section in the application’s Privacy Policy.

If your app type is Consumer or Gaming, either the callback or the URL is required for App Review and for Live mode.

The data deletion callback is called whenever an app user removes your app and requests that you delete their data. Your app users can do this by going to their Facebook profile and clicking the Send Request button on the Settings & Privacy > Settings > Apps and Websites page.

Screenshot of app being removed via Apps and Websites page with Send Request button visible

This generates a POST with a signed request that is sent to your app. The signed request contains an app-scoped ID identifying the user making the request. For an example of how to parse the request and the structure of the parsed request, see the following section.

In response to the user request, you should acknowledge receiving a user data deletion request through the technical means we provide, and provide a link and a confirmation number. The link and confirmation number must give the user access to a human-readable explanation of the status of their request, including a legitimate justification for any refusal to delete (where legitimate will vary based on jurisdiction and our case-by-case interpretation of our policy as it relates to their stated reasons).