If you flout FacebookDo you know what it’s like to have a major Facebook campaign for a major client go completely dark a mere three hours after a giant PR push? I do. Nothing like getting a call from a frantic client and then seeing the Facebook email of doom in your inbox: Your app has been disabled. It is experiences like this that make me uniquely qualified to write this article. I spent years in the trenches building custom interactive campaigns for clients on Facebook, and I learned everything the hard way … so you don’t have to.

The five Facebook principles

Facebook’s rules of engagement and platform policies weren’t always as clear and concise as they are today. If you have a Facebook brand page, publish canvas pages, run contests, or create custom apps for Facebook you need to have a thorough understanding of the five Facebook principles below:

  1. Build a quality product
  2. Give people control
  3. Protect data
  4. Encourage proper use
  5. Follow the law

I know you’re probably thinking, But I’m not a Facebook developer – this doesn’t apply to me. But it does. These rules apply to not only the custom apps people build for Facebook, but the third-party social apps we all use as well: the photo upload contests, the share-to-win contests, trivia, quizzes, polls, and Facebook app tab publishers. All of the mechanics of these apps and YOUR usage of them must adhere to the Facebook Terms of Service (TOS) if you don’t want to risk having your content disabled, or your page shut down altogether.

1. Build a quality product

We’ve all seen that Facebook post shared by someone you barely knew in high school. The post that screams, “Click here to get a free iPhone!” or some other offer that seems too good to be true. If you click through on that link you’ll probably find that you have to give a lot of personal information to be entered to win that iPhone, if indeed the offer is even legitimate.

Misleading your audience on Facebook is a big no-no. If you run a contest or even have just a white paper download on a Facebook app tab, Facebook suggests you follow these guidelines:

  1. If your product is an app, make it stable and easy to navigate
  2. Ensure your content meets Facebook Community Standards. These standards touch upon subjects like violence, bullying, phishing, scamming, and harassment.
  3. Provide a spam-free experience. Don’t mislead people (a la the free iPhone example)
  4. Keep your content below the negative feedback thresholds.

Let’s talk about that last one for a minute, because that is the one that will get your content disabled before you even realize you have a problem. Facebook has an algorithm it uses to decide whether your content is spam or not. Go over that threshold and you will find yourself in an awkward situation: a pretty page with no interactive content.

Here’s a partial list of behaviors that can push you over that threshold:

  1. Multiple people report your post as spam.
  2. Too many people delete your posts from their feed.
  3. Too many people hide your posts in their feed.

How many is “too many?” I don’t know, and Facebook won’t tell you. And unfortunately, if you’re using a third-party app you won’t be able to see the App Insights that will show you that information. Only the admins of the third-party app have access to that information, so only they can see the graph like the one below.

The main problem that the app providers face is trying to figure out which customer is generating the spam ratings, because in most cases hundreds of customers of their customers are sharing the same app pool. It usually goes something like this: end user posts something on your Facebook wall that says, “Hey! I tried to enter your contest, but there’s no way to enter.” Your social media manager sees the post and checks the contest tab, and sure enough the interactive content is missing. This means the app has been disabled. The social media manager calls the third-party app provider, who then starts to investigate why the app got disabled.

I can tell you from personal experience that getting your app cleared from the Facebook spam list is an arduous process. It took me SIX hours and countless emails and phone calls to Facebook to get my client’s apps restored … and I had connections at Facebook. It is best to avoid this situation at all costs.

2. Give people control

Debbie GibsonThis section is all about privacy and control. I seem to remember a video app that would automatically post to your wall – without your consent – when you started watching one of their videos. As you can imagine this resulted in many an embarrassing moment for Facebook users. Who knew you were such a Debbie Gibson fan? Well, now everyone does.

Always give people control of the content they are sharing, and always obtain consent before posting as them. It’s as simple as that. Here’s a shortlist of guidelines:

  1. Obtain written permission before publishing content on someone’s behalf.
  2. If you are tracking a person’s activity, provide an opt-out from that tracking.
  3. Do not send people messages from your app.
  4. Ensure that all content in your share messages can be edited by the user.
  5. Always include a publicly accessible privacy policy.

3. Protect data

It should go without saying (but we still do need to remind people) that your first responsibility is to protect the personal data of anyone who interacts with your content. I have lost count of the number of clients who have asked me, “If my customer James opts into my Facebook app, do I get all of the personal data of everyone on his friends list as well?” The answer is no. And besides, that’s just bad form and a shady demand gen practice. I guarantee your spam rating will spike if you try to do this.

There are quite a few technical guidelines in this category, but these are the basic guidelines you need to focus on:

  1. Protect the information you receive from unauthorized use or access.
  2. Don’t sell, or purchase, any data obtained from a Facebook app.
  3. Don’t transfer any data you receive from Facebook to an outside ad network, or data broker-type service. Basically, don’t try to monetize the data you collect.
  4. If your app requires Facebook friend data to connect people (apps that invite friends to participate), obtain permission from friends before opting them in and obtaining their personal data.

If what you’re doing feels creepy, don’t do it.

4. Encourage proper use

I call this the Karma section of guidelines. It’s all about being polite, respectful, honest, and doing the right thing. I must admit, I have broken these rules a few times on my own personal Facebook page by tagging fictitious people in my photos or tagging real friends in ridiculous photos. All in good fun, but totally against Facebook TOS. And for the record, Elvis is alive and I did tag him in that photo.

Follow these simple guidelines to sleep better at night and stay out of trouble with Facebook:

  1. Use the sanctioned Facebook logos and icons in your content both on and off Facebook.
  2. Encourage people to accurately tag and share content.
  3. Respect the way Facebook looks and functions. Don’t offer experiences that change it (Ad blockers violate this).
  4. Don’t build an app whose primary purpose is to redirect people off Facebook.

I see companies violate that last one all the time. They publish a landing page to a Facebook app tab on their company page, and the only interactive element on the page is a button that takes you to the company website when you click it. It’s a clear violation of the Facebook TOS, but I have never seen it enforced (never say never).

5. Follow the law

Violate anything in this list and you will not only get in trouble with the Facebook police, but you may incur a very large fine and be contacted by the real police.

  1. You are responsible for restricting access to your content in accordance with whatever laws and regulations are in effect in geographic locations where people view and interact with your content. This includes geo-filtering or age-gating content.
  2. Don’t knowingly share or collect information from children under the age of 13 (Children’s Online Privacy Protection Act – COPPA).
  3. Ensure that you have the rights to display, distribute and deliver the content in your app (copyrighted images, etc.).
  4. If you’re running a UGC (User Generated Content) contest, implement a takedown process in case of copyright infringement or inappropriate content upload.

Complying with all of these rules gets really complicated, really fast, if you are a global company, because the laws differ from country to country. It is up to you to keep up with the laws in the countries where you are providing interactive Facebook content. All online content is subject to the Children’s Online Privacy Protection Act (COPPA), and some industries in the financial and medical sectors have additional social media restrictions (see FINRA and HIPAA restrictions).

Content with Integrity

I know this all seems like an insurmountable list of rules and guidelines to comply with, but trust me, the alternative would be worse. Facebook had to come up with a list of clear and concise guidelines for two reasons:

  1. There are plenty of individuals and companies out there who have no integrity and use Facebook for unscrupulous purposes. Facebook needs to have policies in place so they can take people out when they violate them.
  2. There are people like you and me working for companies that are genuinely interested in engaging people on Facebook in the most positive way possible, and appreciate a framework of guidelines to help us do that.

So the next time you create some sort of interactive content on Facebook, ask yourself, “Would I share this? Would I be okay with my students, teenagers, or my grandmother engaging with this content?” If it looks like spam or feels like spam – it is spam.

A quality product is one that you would want your name attached to. Period.

See the Facebook Policy (https://developers.facebook.com/policy/) page for a full list of guidelines.


I know you’re all wondering who that big client was who got their apps disabled on launch day, and what they did to get disabled. Well, I’m not going to name names, but I will tell you we (the development team) did it to ourselves. We had so many people testing, posting, sharing, and deleting posts before the actual live launch that we caused our own spam rating nightmare. By the time the launch went public and hundreds of thousands of real end users hit the apps it was too late. We had already spiked our own spam rating with our poor testing practices. Face palm.

Want the full story on how to maximize Facebook?

Check out Act-On’s new eBook:

Read more: Facebook Is Changing The Rules — Again