Privacy Policy Link required for Facebook login App creation is not accepted

I checked and i did use https.

Whatever error message you are getting, search the internet for it as I’m sure you’re not the first.

Did Facebook give you any more detail? We haven’t run into this so any information will have to be provided to/by you.

1 Like

Screen Shot 2020-11-13 at 12.12.47

Using this site Policy

Hmm, if they’re looking for deletion information, try setting it to /tos instead and see if that makes them happy.

Alternatively, edit your privacy policy to include a “send a private message to @moderators to remove your own information from the forum” statement.


There is some stuff about it here: Overview - Facebook Login - Documentation - Facebook for Developers and Data Deletion Callback - App Development - Documentation - Facebook for Developers

I don’t know if that’s exactly the right place to look.

That sounds like the best way round it. If Discourse were to delete all the Facebook data automatically (I can’t remember - it’s just name, email and profile picture I think) then it would effectively mean anonymising the Discourse user, which mightn’t be what the user wanted when removing the login app from Facebook.

I don’t remember any of this from when I set up Facebook login - I just blindly followed the instructions from this forum and it seemed to work ok.

Edit: Thinking again, I don’t think there is any review process for what Discourse needs. Maybe you ticked something wrong at an earlier stage (asking for too much information)? Or maybe there’s just an new empty box for the deletion information that needs an URL that wasn’t mentioned in the instructions.

I’ve just checked at and there is now an extra input box which isn’t shown in the instructions at step 5 of Configuring Facebook login for Discourse.

It is underneath “Privacy Policy URL” and is called “User Data Deletion”. It lets you enter a URL for “Data Deletion Callback URL” or “Data Deletion Instructions URL”. The prompt in the box says “You can also provide a link”. My box is blank and I don’t propose to change anything in case I break it…

A tooltip states: “The General Data Protection Regulation (GDPR) requires developers to provide a way for people to request that their data be deleted. To be compliant with these requirements, you must provide either a data deletion request callback or instructions to inform people how to delete their data from your app or website. Learn More


As an update i entered the URL of my privacy policy on this Facebook debugger, and i get this result:

Seems those are missing but not sure how to fix this.


These could be added in meta tags using a theme component, I think. There’s something about og:type at The Open Graph protocol

1 Like

Leaving it blank for now seems like a reasonable approach to me.

I just configured Facebook logins for my test site. I added a Data Deletion section to my Discourse site’s Privacy page. In that section I explained both how to remove permissions for the Facebook App from the Associated Accounts section of the user’s preferences page and how to request account deletion or anonymization by contacting the site’s Staff group. I then added a link to that section of the Privacy page to the Facebook User Data Deletion field.

I am not certain that this meets Facebook’s criteria, but I was able to set the app to Live. Facebook login is now working on the site. I’ll keep an eye on it to see if Facebook requests any changes to the app’s configuration.


Can you share your Data Deletion section that you added to your Privacy page?, seems this is the way.

I wasn’t sure exactly what they were looking for, so I added two sections to my site’s Privacy page:

Data Deletion

Accounts on this site can be anonymized or deleted at the users request. Contact our @support group for details.

App Removal

Any apps authorized for logging users onto the site can be removed by going to the Associated Accounts section of a user’s preferences page.

I configured the headings for these sections as anchor links and then included the anchor for the first section in the URL that I added to the Data Deletion Instructions URL on Facebook (

It’s not clear to me if Facebook is wanting details about how to remove their app to be displayed, but I don’t think it could hurt to give that information.

At this point, this is my best guess about how to meet Facebook’s criteria. I’ll try to confirm that and update the topic at Configuring Facebook login for Discourse soon with details.


I added the same two sections with anchors links as you suggested and an important step on User Data Deletion i added my site’s Privacy page as Data Deletion Callback URL, afterwards Facebook asked me a Category for my site and selected as requested. Doing these three steps i could finally switch it to live mode and after on Products i configured a Facebook Login.


I don’t think Discourse has a URL that can be used for this. I guess on Facebook the user will be presented with a “click here delete your data on mognet’s forum” link which won’t do anything.

1 Like

Neither was I, but I am now. They are sharing personal data with the forum, and want to ensure that there is a way for that data to be deleted by the forum when the user removes the login app from Facebook. As far I am aware, the information is real name (or, at least, the Facebook profile name), email address and avatar. (I guess this might have been implemented after scandals about Facebook allowing mining of personal information via third-party apps, e.g. Facebook–Cambridge Analytica data scandal - Wikipedia, but the reason isn’t relevant.)

If you look at the first screenshot on Data Deletion Callback - App Development - Documentation - Facebook for Developers it seems fairly clear: “Request … delete info it has about you from Facebook” (i.e. information obtained from Facebook). The callback function documentation (which is not directly relevant here but is instructive) says: “The Data Deletion Request callback that you implement must do the following: Initiate the deletion of any data your app has from Facebook about the user. …”

So the wording above – “Accounts on this site can be anonymized or deleted at the users request. Contact our @support group for details.” – covers what is required. Mentioning only anonymisation would probably be sufficient for Facebook’s purposes, as that would delete the information which was obtained from Facebook. Sites in the EU would have to consider their own GDPR obligations in relation to deletion.


Where are we with this? Is an update going to come out for the privacy policy page?

1 Like

I liked your comment but it might not be simple to implement. Not everyone will want a separate “Deletion policy” page. And once a Discourse forum has been installed, I don’t imagine anyone anyone wants the terms/privacy/etc pages changed by an update. If it’s changed just for new installs then there would need to be a comment to say “don’t delete this section as it’s needed for Facebook login”. The Facebook login instructions post would still need to refer to the required wording somehow.


How do you add these things to the privacy policy page? And instead of @support could you give the admin handle instead?

1 Like

It could go on any page.

The following will make the #deletion part of the URL work, and add a heading.

<a name="deletion"></a>
## Deletion

You can have any contact details you choose.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.