How to write a privacy policy
Key considerations for your business and audience when writing your own privacy policy.
Create a tailored Privacy Policy, Terms & more in under 5 minutes.
By now, most of us are aware that many country require websites to provide a privacy policy to their visitors. But even if you skip the website and run your business through a Facebook page, you’ll still need a privacy policy. We’re going to show you exactly how to make one and add it to your Facebook page.
Our privacy policy generator is the fastest and easiest way to generate a privacy policy for your Facebook page. We’ll show you how to use it below.
Start by select the primary use for your policy. Even if you don’t have a website, if you’re using this exclusively for your Facebook page, select ‘website’.
If you’re using a free account, you’ll only have access to a privacy policy. But, if you’re using one of our compliance packs, you can generate several other legal documents to use with your Facebook page, such as your terms and conditions and return policy.
For now, select privacy policy and move on to the next step. You can return later if you want to generate another document.
We’ll need to know your company name, location and website address in order to white label your policy. If you don’t have a website, add a link to your Facebook page in the box labelled ‘Website Address*’.
Select the statements that apply to your Facebook page.
Provide a primary contact for compliance with GDPR, CalOPPA, PIPEDA & CCPA
Select the laws you need to comply with. Remember, you’ll need to abide by the laws of the countries your users live in, not jsut the one your business operates in.
Next, click ‘complete your order’ and your policy will be generated instantly.
There’s several ways you can add your privacy policy to your Facebook page.
We’ll host your policy for free as long as you have an active account with us! Once you’ve created your privacy policy, simply click the button labelled ‘link’ which will take you to your very own privacy policy page, hosted on our website.
Highlight and copy the URL of your hosted privacy policy
Paste the link to your privacy policy in the ‘Privacy and legal info’ section of your Facebook page.
Create a new page on your website specifically for your privacy policy. If you already have a privacy policy page, head to step 3.
Use any of the below methods to add your policy to your website.
Highlight and copy the URL of your privacy policy page
Paste the link to your privacy policy in the ‘Privacy and legal info’ section of your Facebook page.
You’re probably wondering, why do I need a privacy policy, doesn’t Facebook / meta have their own? To answer your question, in two parts. Yes, they have their own policy, but you as the Facebook page administrator / owner are the person collecting personal data, so you’ll still need a privacy policy explaining your own data processing practices.
The below is outlined in ‘Meta’s Policies for Pages, groups and events’
“Should you wish to collect content or information from people who interact with your Page, group or event (e.g. information obtained from a call-to-action button) you must first provide them with notice. People from whom you collect content or information must explicitly consent to your use of their data. You must clearly explain that you (and not Meta) are collecting this data.”
Essentially, your users have already consented to Facebook / Meta collecting their data, they haven’t provided you with any, and this is a key distinction.
If you’re the admin of a Facebook page you’ll need to:
More than 20 countries have data privacy laws that legally require you to have a privacy policy if you collect personal data from their citizens. It doesn’t matter how you collect it, be it through a website, a Facebook page, or pigeon mail. This is because the scope of the GDPR and other privacy laws isn’t limited to website data collection – it applies to any processing of personal data, regardless of the method used.
If You… | You Need to Comply With |
Have European visitors/customers | GDPR |
Have California customers | CalOPPA, CCPA, CPRA |
Target children under 13 in the US | COPPA |
Have Canadian customers | PIPEDA |
Law | Penalty |
GDPR | Up to 4% of your yearly revenue or $23M (whichever is higher) |
CCPA | Up to USD 2,500 for unintentional violations or USD 7,500 for an intentional violation. |
CalOPPA | $2,500 per violation (each person affected) |
COPPA | Up to $40,654 per violation |
PIPEDA | While there are no fines, failure to comply with PIPEDA opens you up to civil actions, class actions, or private rights of action. |
If you want to write your own privacy policy, we’ve written a detailed guide for you to follow.
Just remember that Facebook Page admins need to have a Privacy Policy that specifies
For Facebook Pages with audiences in the EU or UK, additional GDPR compliance measures are necessary. As a Page admin, you are considered a “joint controller” along with Meta under GDPR when using Page Insights. This means you share responsibility with Meta for protecting personal data collected via Facebook’s Page Insights.
Meta assumes primary responsibility for GDPR compliance for Insights data. However, as a Page admin, you must:
Under GDPR, you must establish a “lawful basis” for processing user data. The six legal bases under GDPR include user consent, legitimate interests, and contractual necessity. To process the data of EU users, you must establish a legal basis for collecting their information. Common legal bases include:
Clarifying your legal basis strengthens your compliance with GDPR and assures EU users of your commitment to data protection.
If your page’s data processing activities are significant enough to warrant it, appointing a Data Protection Officer (DPO) may be advisable, especially under GDPR requirements. Your Privacy Policy should:
Page Insights provides aggregated data on user behavior, such as page views and post engagement, which helps admins better understand their audience. However, under GDPR, this is considered personal data. Include information about Page Insights in your Privacy Policy and how this data benefits users through improved Page experience and relevant content.
As part of the Page Insights feature, Facebook collects data on user interactions with your Page, such as clicks, comments, and reactions, for analytics purposes. The Page Insights Controller Addendum mandates that admins acknowledge their joint responsibility with Facebook for processing this data. This means:
By incorporating this information, you fulfill your responsibilities as a co-controller of data under GDPR.
Be sure to provide users with information on how they can control these sharing practices, such as opting out of certain cookies or tracking features.
Meta provides an “Information about Page Insights” section accessible on all Facebook Pages, summarizing the shared responsibilities under GDPR for Page admins and Meta.
If you’re looking to meet the requirements of global data privacy laws, take a look at our amazing tool. We offer a simple solution, ensuring you meet legal standards while maintaining user confidence in your data handling practices.