{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ら.Afraid 的问题《Storing Facebook API data》','https://www.manongdao.com/q-507720.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm building a web application that relies upon the Facebook API. I want to use information retrieved about the users' friends, in order to display custom messages and updates to that user. Standard Fare.
I'm uncertain as to how long and in what manners I can store that information, specifically related to using a database.
Facebook Platform Policies says under section II number 4 that
A user's friends' data can only be used in the context of the user's experience on your application.
Fine. As for storing, section II number 2 states that
You may cache data you receive through use of the Facebook API in order to improve your application’s user experience, but you should try to keep the data up to date. This permission does not give you any rights to such data.
Does cache include database storage? If so, does not having a 'right' to the data prohibit only the ways in which I can use that data, versus the length of time which I can store it?
You can cache the data, but you have to keep it updated.
Source: Developer Policy Protect Data
You can definitely store such data in your database. As stated in your second quote "you have no rights to this data", so you cannot sell or redistribute that data. You can however remix this data to improve "your application's user experience".
When the user authorises your app (i.e. connects with your app via Facebook) he allows your app to access his account. The most basic access provides you (the developer) with the user's list of friends as specified in Permissions. So essentially the user grants you permission to use that data. Additionally if you request some other friends-based permissions (e.g.
friends_activities,friends_checkinsexplained in the same document) the user explicitly grants you permission to use that data. But obviously you can't share that information with 3rd parties.I've been involved in many projects where we had to store information regarding a user's friends and it was always legally sound.
Also, there is no time limit on such storage.
Not sure when the 24 hour data storage policy was deprecated, but Facebook data can now be stored indefinitely...