Facebook Open Source – Data Policy

Last Updated: December 1, 2020

This Data Policy describes Facebook, Inc.'s ("Facebook", "we", "us" or "our") practices for handling your information collected in connection with our open source-related websites and any content, related documentation, information and services (e.g. apps, tutorials, access to resources, etc.) made available to you on this website (collectively, the "Services"). This Data Policy describes the information we process to support our Services.

For clarity, this Data Policy only applies to this Website and does not apply to any:

  1. use of open source code, documentation or specifications made available on GitHub, which are governed by the terms of the applicable open source license;
  2. pull requests, issues and any other interactions or features related to participation in open source projects on GitHub, which are governed by GitHub’s terms and conditions; or
  3. use of any other Facebook website, service or product, which are governed by the terms and conditions applicable to those offerings.

What kinds of information do we collect?

When you interact with us through our Services, we may collect or receive the following types of information:

  • Information you provide directly to us. For certain activities, we may collect the following types of information:
    • Contact information, such as name, email address and contact details; and
    • Other information you provide to us, such as when you send us correspondence or otherwise participate on the Services.
  • Information we collect automatically. Depending on the type of device you use and how you interact with us, we may also collect certain information automatically when you use our Services, such as:
    • Device attributes, including information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.
    • Device operations, including information about operations performed on the Services as well as pages visited.
    • Identifiers, including information such as unique identifiers, device IDs, and other identifiers, and Family Device IDs associated with the same device or account.
    • Data from device settings, information you allow us to receive through device settings you turn on, such as access to your GPS location.
    • Network and connections, information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, and connection speed.
    • Cookie data, data from cookies stored on your device, including cookie IDs and settings. Learn more about how we use cookies in by reading our Cookies Policy.
  • Information you provide to us through our app (where applicable). Some of our Services include the provision of an app. In such cases, we may receive certain video and text content that you choose to provide to us through our app, which we may analyze depending on the context and what the content in accordance with the purposes described below.
  • Integrations with other services from third parties. Some of our Services allow you to enable or log in via various online services (collectively, "Login Services"). By including these Login Services, we aim to make your online experiences richer and more personalized. When you add a Login Service account to our Services or log in to our Services using such an account, we may collect relevant information necessary to enable our Services to facilitate your login, such as your email address. We may also share your information with that Login Serviceto facilitate or enhance the delivery of that platform or our Services.

    As part of an integration with a Login Service, that Login Service may provide us with access to certain information that you have provided to their platform, and we will use, store, and disclose such information in accordance with this Data Policy. However, please remember that the manner in which platforms use, store, and disclose your information is governed by the policies that apply to those platforms. Information collected by Login Services is subject to their own terms and policies, not this one.

  • Social media features: our Services may use social media features, such as the Facebook "like" button, the "Tweet" button and other sharing widgets ("Social Media Features"). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media network(s) and you click through to these from our website, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.

Cookies and Similar Technologies

Cookies are small pieces of text used to store information on web browsers. Cookies are used to store and receive identifiers and other information on computers, phones and other devices. We use cookies and similar technologies, for such things as maintaining and monitoring the infrastructure of the Services, ensuring security protections, analyzing how our Services perform and other analytics purposes, and fulfilling other legitimate purposes as further described in this Data Policy. We also use analytics cookies to better understand how our Services are being used by tracking how you interact with the Services and where you click.

We use cookies served by Google Analytics to collect limited data directly from end-user browsers to enable us to better understand your use of the Services, including making use of the demographics and interests reports services of Google Analytics. Further information on how Google collects and uses this data can be found at www.google.com/policies/privacy/partners/. You can opt-out of all Google supported analytics within the Services by going to the following webpage: https://tools.google.com/dlpage/gaoptout.

Learn more about how we use cookies in by reading our Cookies Policy.

How do we use this information?

We will use the information described above for the purpose of operating and providing the Website and our Services. Specifically, we will use the information for the following purposes:

  • Provide, personalize and improve our Services. We use your information to provide the Website and fulfill your requests for resources, services, and information; analyze content that you provide to us and provide suggestions for what is in such content; analyze the use of the Services and user data to understand, improve and operate the Services; and customize the content you see when you use the Services;
  • Communicate with you. We use your email address to communicate with you about the Services and let you know about our Terms and Policies. If you subscribe to a newsletter, we will use your email address to send you such newsletter. We also use your information to respond to you when you contact us;
  • Promote safety, integrity and security. We use the information that we have to verify accounts and activity, combat harmful conduct, maintain the integrity of our Services, and promote safety and security on our Website. For example, we use data that we have to investigate suspicious activity or breaches of the Terms of Use;
  • For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.

How We Share Information

There are certain circumstances in which we may share your information with certain third parties without further notice to you, as set forth below:

  • Service providers and third-party vendors. We share your information with third-party vendors and service providers that support the Services, for example cloud hosting providers (to provide data storage and processing services), communications providers (to process new queries and to manage our emails) and analytics provider to perform analysis on the Services. These services providers are limited from using your information for any purpose other than to perform services for us.
  • Legal purposes. We may disclose information for legal purposes, such as to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, detect fraud, and to protect and defend the rights, interests, safety, and security of Facebook, our affiliates, owner, users, or the public.
  • Business transfers. We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
  • With your consent. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent. If you choose to engage in public activities on the website, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing personal information while participating in these areas. We are not responsible for the information you choose to submit in these public areas.

Children’s Information

Facebook does not knowingly collect or store information from children under the age of 13, unless permitted by law. We will delete any information we may have inadvertently received from a child under 13 upon notice. If you have reason to believe that a child under the age of 13 has provided personal information to Facebook through our Services please contact us and we will endeavor to delete that information from our databases.

Third Party Links

Our Website may contain links to other sites that we do not own or operate (e.g. GitHub). Except as provided in this Data Policy, we do not provide your information to these third parties without your consent. The linked websites have separate and independent privacy statements, notices and terms of use, which we recommend you carefully review. We do not have any control over such websites, and therefore have no liability or responsibility for the linked websites’ personal information practices.

Data Retention

We retain information relating to the Services until it is no longer necessary to serve the purposes for which it was collected, e.g. to provide and maintain your account. Reasons we may retain some data for longer periods include security, fraud & abuse prevention, record keeping, complying with legal or regulatory requirements and ensuring the continuity of our Services.

Additional Information for California Residents

If you are a California resident, the following information also applies to you and supplements the information contained above in the Data Policy in relation to your use of our Services.

Information we collect and sources of information.Our Data Policy already describes the information we collect and its sources. This section organizes that information around the personal information categories set forth in the California Consumer Privacy Act ("CCPA"):

  • Identifiers, including for example your name, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Services.
  • Internet or other electronic network activity information, including for example information regarding your interactions with our Website. We obtain this information automatically in the course of your interactions with our Services.

How we share personal information. We do not sell your personal information, but we share information to support our own operational purposes in providing the Services to you, as described in our Data Policy above. For example, we share information with our partners, service providers and related companies to secure and improve our Website (such as to identify bugs, repair errors or ensure that services function as intended) or to have them perform services (e.g. hosting the Website).

Your rights provided under the CCPA. Under the CCPA, California residents have the following rights:

  • Right to Know. You have the right to request that we disclose to you the personal information we collect, use, or disclose over the past 12 months, and information about our data practices;
  • Right to Request Deletion. You have the right to request that we delete your personal information that we have collected from you;
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of these rights.

Please note that to protect your information, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as a government issued ID.

Under the CCPA, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. We may request that your authorized agent have written permission from you to make requests on your behalf and may need to verify your authorized agent’s identity.

To exercise your rights under the CCPA, or if you are an agent authorized to exercise a right under the CCPA, you can email opensource@fb.com or contact us by mail at the address provided below.

We do not share personal information with third parties for their own direct marketing purposes.

Additional Information for Individuals in the European Union, Switzerland and the United Kingdom

If you are a user in the European Union, Switzerland or the United Kingdom the following information also applies to you and supplements the information contained above in the Data Policy in relation to your use of our Services.

The data controller responsible for the personal data of individuals in the European Union and the United Kingdom is Facebook Ireland Limited.

Our legal basis for processing data. We collect, use and share data in the ways described above based on the following:

  • Contractual necessity. The majority of the processing of personal data described in this Data Policy is justified on the basis that it is necessary for the performance of a contract and specifically, for the purposes of our Terms of Use. For example, we rely on this legal basis to create your account, grant you access to our Services and to communicate with you regarding the Services.
  • Legitimate interests. Our legitimate interests or the legitimate interests of a third party, where not outweighed by your interests or fundamental rights and freedoms. We rely on this legal basis to further understanding who is accessing and using the Services; prevent and address fraud, unauthorized use of the Services, breaches of our terms and policies, or other harmful or illegal activity; protect ourselves (including our rights, property or products), our users or others, including as part of investigations or regulatory enquiries; or to prevent death or imminent bodily harm.
  • Compliance with a legal obligation. We rely on this legal basis for processing data when the law requires it, including, for example, if there is a valid legal request for certain data.

When we process your data as necessary for the purposes of legitimate interests, you have the right to object to, and seek restriction of, our processing. To exercise your rights, you can email opensource@fb.com. In evaluating an objection, we will evaluate several factors, including: reasonable user expectations; the benefits and risks to you and third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

Data transfers. We transfer personal data both internally within the Facebook Companies and externally with our partners, which include Amazon Web Services ("AWS"). Information controlled by Facebook Ireland Limited may be transferred or transmitted to, or stored and processed in, the United States or other countries for the purposes described in this policy. These data transfers are necessary to provide the services set forth in the Terms of Use.

If you are resident in or a visitor from the European Economic Area (EEA), the United Kingdom (UK) or Switzerland, we will protect your data when it is transferred outside the EEA, UK or Switzerland by implementing appropriate safeguards to protect your personal data. In particular, we use the European Commission’s Standard Contractual Clauses for the transfer of personal data outside the EU.

Your rights provided under the GDPR. Under the General Data Protection Regulation, you have the right to access, rectify and erase your data under certain circumstances. You also have the right to object to and restrict certain processing of your data. Please note that to protect your information, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as a government issued ID. To exercise your rights under the GDPR, you can email opensource@fb.com or contact us by mail at the address provided below.

Contact information for individuals in the European Union only. The data controller responsible for your information is Facebook Ireland, which you can contact by writing to:

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

You also have the right to lodge a complaint with Facebook Ireland’s lead supervisory authority, the Irish Data Protection Commissioner, or your local supervisory authority.

Changes to this Policy

We may update or modify this Data Policy at any time without prior notice. When we update the Data Policy, we will revise the "Last Updated" date above and post the new Data Policy. We recommend that you review the Data Policy each time you visit the Website to stay informed of our privacy practices. Any changes will be effective when we post the revised policy.

Questions

If you have any questions about this Data Policy or our practices, please contact us at opensource@fb.com or by mail at:

Facebook, Inc.
ATTN: Privacy Operations
1601 Willow Road
Menlo Park, CA 94025