Nav Logo
Build with Meta
Social Technologies
Meta Horizon
AI
Horizon Worlds
About us
Careers
Research
Products
Virtual reality / Meta Horizon
Developer Blog
Download SDKs
Meta for Work
Programs
Start
Meta Horizon Creator Program
Discover
Why Meta Quest?
What is mixed reality?
Platforms and tools
2D apps for Meta Horizon OS
Devices
Meta Avatars
Success stories
Use cases
Support and legal
Developer policies
Legal
Privacy
Forums
Support
Build with Meta
Social Technologies
Meta Horizon
AI
Horizon Worlds
About us
Careers
Research
Products
Virtual reality / Meta Horizon
Developer Blog
Download SDKs
Meta for Work
Programs
Start
Meta Horizon Creator Program
Discover
Why Meta Quest?
What is mixed reality?
Platforms and tools
2D apps for Meta Horizon OS
Devices
Meta Avatars
Success stories
Use cases
Support and legal
Developer policies
Legal
Privacy
Forums
Support
Build with Meta
Social Technologies
Meta Horizon
AI
Horizon Worlds
About us
Careers
Research
Products
Virtual reality / Meta Horizon
Developer Blog
Download SDKs
Meta for Work
Programs
Start
Meta Horizon Creator Program
Discover
Why Meta Quest?
What is mixed reality?
Platforms and tools
2D apps for Meta Horizon OS
Devices
Meta Avatars
Success stories
Use cases
Support and legal
Developer policies
Legal
Privacy
Forums
Support
English (US)
© 2025 Meta
Distribute
Distribute
Overview
Setting up your business
Learn about our devices
Meta Quest
Review our content guidelines
Design an engaging experience
Follow our asset design guidelines
Learn Meta Quest brand guidelines
Data protection and privacy guidelines
Common flags during content review
Review our developer policies
Policy overview
Distribution options
Content guidelines
App policies
Meta Horizon Store policies
Platform abuse policy
Developer Data Use policy
Developer Essential Data Use policy
Developer verification policy
Private app policies
Age group self-certification and youth requirements
Platform to Business Notice for EU and UK business users
Distribution in South Korea
Trusted Developer Essentials
Manage your organization
Create your organization
Verify your org
Manage your financial account
Ensuring a smooth payment setup
Get financial reports
Tasks
Manage multiple orgs
Manage test users
Business models and strategy
Overview
Pricing
Overview
Adjust local pricing
Price A/B testing
Sales promotions
Bundles
App referrals
Custom promo codes
Pre-Launch listings and sales
Try Before You Buy
Offer add-ons (DLC and IAP)
Overview
Setting up add-ons
Integrating add-ons
Working with add-ons
Offer subscriptions
Set up subscriptions
Test subscriptions
Subscription referals (beta)
Subscriptions FAQ
Early Access
Preparing your app
Overview
Create app page
APKs and expansion files
Test your app
Security vulnerability testing
Review our technical guidelines
Prepare your app for submission
Best practices
Age groups
Complete Data Protection Assessment
Data Security best practices
Meet DUC policy requirements
Complete Data Use Checkup (DUC)
Guide to secure data handling
Deploying Meta Quest for Business apps
2D apps
Overview
Migrate your app
Ad attestation
How to migrate your app
Product flavors
Features
Get your app reviewed
VRC Guidelines (Meta Quest)
Overview
Packaging VRCs
VRC.Quest.Packaging.1
VRC.Quest.Packaging.2
VRC.Quest.Packaging.3
VRC.Quest.Packaging.4
VRC.Quest.Packaging.5
VRC.Quest.Packaging.6
Audio VRC
VRC.Quest.Audio.1
Performance VRCs
VRC.Quest.Performance.1
VRC.Quest.Performance.2
VRC.Quest.Performance.3
VRC.Quest.Performance.4
Functional VRCs
VRC.Quest.Functional.1
VRC.Quest.Functional.2
VRC.Quest.Functional.3
VRC.Quest.Functional.4
VRC.Quest.Functional.5
VRC.Quest.Functional.6
VRC.Quest.Functional.7
VRC.Quest.Functional.8
VRC.Quest.Functional.9
VRC.Quest.Functional.10
VRC.Quest.Functional.11
VRC.Quest.Functional.12
VRC.Quest.Functional.13
VRC.Quest.Functional.14
Security VRCs
VRC.Quest.Security.1
VRC.Quest.Security.2
Tracking VRCs
VRC.Quest.Tracking.1
Input VRCs
VRC.Quest.Input.1
VRC.Quest.Input.2
VRC.Quest.Input.3
VRC.Quest.Input.4
VRC.Quest.Input.5
VRC.Quest.Input.6
VRC.Quest.Input.7
VRC.Quest.Input.8
Asset VRCs
VRC.Quest.Asset.1
VRC.Quest.Asset.2
VRC.Quest.Asset.3
VRC.Quest.Asset.4
VRC.Quest.Asset.5
VRC.Quest.Asset.6
VRC.Quest.Asset.7
VRC.Quest.Asset.8
VRC.Quest.Asset.9
VRC.Quest.Asset.10
Ads VRCs
VRC.Quest.Ads.1
VRC.Quest.Ads.2
VRC.Quest.Ads.3
VRC.Quest.Ads.4
VRC.Quest.Ads.5
VRC.Quest.Ads.6
VRC.Quest.Ads.7
Accessibility VRCs
VRC.Quest.Accessibility.1
VRC.Quest.Accessibility.2
VRC.Quest.Accessibility.3
VRC.Quest.Accessibility.4
VRC.Quest.Accessibility.5
VRC.Quest.Accessibility.6
VRC.Quest.Accessibility.7
VRC.Quest.Accessibility.8
VRC.Quest.Accessibility.9
Streaming VRCs
VRC.Quest.Streaming.1
VRC.Quest.Streaming.2
VRC.Quest.Streaming.3
VRC.Quest.Streaming.4
Privacy VRCs
VRC.Quest.Privacy.1
VRC.Quest.Privacy.2
VRC.Quest.Privacy.3
VRC.Quest.Privacy.4
VRC.Quest.Privacy.5
Content VRCs
VRC.Content.1
VRC.Content.2
VRC.Content.3
VRC.Content.3
User Reporting Plugin
User Reporting Service
VRC.Content.4
Publishing VRCs
VRC.Publishing.1
VRC.Publishing.2
VRC.Publishing.3
VRC.Publishing.4
VRC.Publishing.5
VRC.Publishing.6
VRC.Publishing.7
VRC.Publishing.8
VRC Guidelines (Oculus Rift)
Overview
VRC.PC.SDK.1
VRC.PC.SDK.2
VRC.PC.SDK.3
VRC.PC.SDK.4
VRC.PC.SDK.5
VRC.PC.Audio.1
VRC.PC.Audio.2
VRC.PC.Performance.1
VRC.PC.Performance.2
VRC.PC.Performance.3
VRC.PC.Performance.4
VRC.PC.Performance.5
VRC.PC.Performance.6
VRC.PC.Performance.7
VRC.PC.Performance.8
VRC.PC.Performance.9
VRC.PC.Performance.10
VRC.PC.Functional.1
VRC.PC.Functional.2
VRC.PC.Functional.3
VRC.PC.Functional.4
VRC.PC.Functional.5
VRC.PC.Functional.6
VRC.PC.Functional.7
VRC.PC.Functional.8
VRC.PC.Security.1
VRC.PC.Security.2
VRC.PC.Security.3
VRC.PC.Input.1
VRC.PC.Input.2
VRC.PC.Input.3
VRC.PC.Input.4
VRC.PC.Input.5
VRC.PC.Input.6
VRC.PC.Input.7
VRC.PC.Input.8
VRC.PC.Input.9
VRC.PC.Input.10
VRC.PC.Tracking.1
VRC.PC.Tracking.2
VRC.PC.Asset.1
VRC.PC.Asset.2
VRC.PC.Asset.3
VRC.PC.Asset.4
VRC.PC.Asset.5
VRC.PC.Asset.6
VRC.PC.Asset.7
VRC.PC.Asset.8
VRC.PC.Accessibility.1
VRC.PC.Accessibility.2
VRC.PC.Accessibility.3
VRC.PC.Accessibility.4
VRC.PC.Accessibility.5
VRC.PC.Accessibility.6
VRC.PC.Accessibility.7
VRC.PC.Accessibility.8
VRC.PC.Privacy.1
VRC.PC.Privacy.2
VRC.PC.Privacy.3
VRC.PC.Privacy.4
VRC.PC.Privacy.5
VRC.Content.1
VRC.Content.2
VRC.Content.3
VRC.Content.4
VRC.Publishing.1
VRC.Publishing.2
VRC.Publishing.3
VRC.Publishing.4
VRC.Publishing.5
VRC.Publishing.6
VRC.Publishing.7
VRC.Publishing.8
Submit your app
Overview
Check your Android Manifest
Overview
Review-Requiring Android Permissions
Prohibited Android Permissions
Remove Permissions from your Manifest
Upload your build
Meta Quest
Link PC-VR
Oculus platform utility reference
Setup release channels
Overview and setup
Manage builds
Target devices
Add users
Switch release channels
Add or delete custom release channels
Copy builds between release channels
Phased releases
Add app details
Add your app metadata
Label your content
360° preview graphics for Store PDP
Sign your app for submission
After submission
Launch and beyond
Updating your app
Updating a published app
Mandatory updates
Pre-downloads
Reducing app crashes
Upload debug files for crash analytics
Market your app
Overview
Short links
App Ads
Overview
Quick start guide
Launching your first campaign
Understanding and optimizing your ad campaign
Marketing strategies
Create trailers and sizzle reels
Capture MR and VR apps for publishing
Marketing and promotion
Marketing channels
Marketing best practices and examples
Creative A/B testing
Create a creative A/B test
Creative A/B test best practices
Creative A/B test FAQ
Analytics
Introduction
Overview dashboard
Analytics alerts
Metrics benchmarks
Funnel analytics
Revenue analytics
Add-on content analytics
Subscriptions analytics
User engagement dashboard
Crash analytics
Performance analytics
Marketing attribution analytics
User demographics analytics
Promotion analytics
Customer reviews
Multiplayer analytics
Archive
Mixed Reality Capture
Design for MRC
Development and video production
Oculus Rift (PC VR)
Distribute
Preparing your app
​
Back to Distribute
Data Protection Assessment
Updated: Dec 19, 2024
The Data Protection Assessment (DPA) is designed to assess how developers use, share, and protect User Data and/or Device User Data, as defined in the Developer Data Use Policy (collectively referred to as “User Data”). Completing a Data Protection Assessment annually is a requirement for any app that accesses, transmits, or stores User Data.
The administrators for your organization will be sent a link to complete the questionnaire by a specific deadline. If they cannot complete the assessment by the deadline, your app will be removed from the Meta Horizon Store and risk losing access to the advanced platform features altogether.
Data Protection Assessment (DPA) differs from Data Use Checkup (DUC)
Data Protection Assessment evaluates whether developers comply with Meta policies covering prohibited uses of data, data deletion, data sharing with third parties, and data security. Data Use Checkup is how developers request access to the features they need to operate their app and certify their general compliance with the Developer Data Use Policy.
Meta strongly recommends consulting with legal, policy, and data security experts within your organization for guidance on addressing certain questions. Providing incomplete or vague answers may result in further investigation and loss of platform access.
Before you start
To prepare for the Data Protection Assessment, we recommend that you:
  • Watch a video on Submitting a Data Protection Assessment. Get the clarity you need fast with our new Trusted Developer Essentials video course featuring tips and resources from Meta experts and Data Protocol to gain a better understanding of the process.
  • Ensure your list of organization admins is up to date under Members in the Developer dashboard.
  • Review our Developer Data Use Policy in detail, and be sure you’re able to answer questions on how your app is complying with these terms.
  • Gather relevant documentation such as your privacy policy, information security certificates or policies, service provider lists, and your contracts with your service providers (which could include standard terms of service for those service providers).
If you are an organization admin and you are required to complete the Data Protection Assessment, you will receive email communication from us.
Deadline
Deadlines, which are unique to each app, will be communicated to your organization admins via an email containing the link to the DPA.
You can also check all current requirement deadlines by going to Requirements > Tasks and looking under the Deadline(s) column. You can also change the sort order to ascending or descending by clicking on the column header.
Request Extension
You can extend your DPA deadline by clicking on Request Extension button under Requirements > Tasks, which will give you 20 more business days to complete the assessment.
Submit an assessment
You don’t have to complete the Data Protection Assessment in one sitting. Once started, scroll down to the bottom of the assessment and click on Save Draft, to the left of the Submit button. Your progress will be saved and your DPA will be put into a Draft status where you can return to it at any time.
Step 1. Navigate to the form
  1. Go to the Meta Quest Developer Dashboard.
  2. Select your app.
  3. In the left-side navigation, click Requirements > Tasks.
  4. On the Tasks page click on the drop down menu under Status. There are four statuses a DPA could be listed under, Action Required, Draft, Resolved, Under Review. To find a DPA that requires action, select the Action Required status or check the Hide all resolved items box to the far right of the drop down menu. This will display all requirements as row items that need to be resolved, as well the new DPA.
  5. Next, click the View button on the right of the row for the DPA you wish to start. Alternatively, you can go to Requirements > Summary and see an overview of all requirement statuses. If you have a DPA listed with an Up next status, you can click on the Go to Tasks button to navigate directly to the View tab.
    If there isn’t a DPA in Action Required or Draft status, you don’t need to complete an assessment at this time.
  6. When you are ready to start the assessment, click on the Resolve button in the View tab. This will start the assessment.
Step 2. Start the assessment
Provide information about the data you access. Depending on the responses to the Data Protection Assessment, you may be asked to provide additional documentation.
Note: Please read all parts of the form to make sure you understand all required information and can provide accurate responses to all the questions.
If you use service providers, you should gather relevant contracts where a service provider collects or processes User Data and/or Device User Data on your behalf. Keep in mind, contracts include written agreements such as a Terms of Service. You will be asked to examine these contracts and confirm that they state that:
  • They can only access User Data and/or Device User Data for a legitimate business purpose
  • They can only use User Data and/or Device User Data at your direction and/or to provide the service you requested.
  • They have a service level agreement related to breach notification and responsiveness to inquiries from you.
  • They will reasonably protect User Data and/or Device User Data, including using the same level of security that you maintain.
  • They will notify you in the event there is a compromise of User Data and/or Device User Data.
  • They comply with Developer Data Use Policy for any User Data and/or Device User Data they receive from you.
  • They delete the User Data and/or Device User Data they received from you when you cease using their service.
If you share data to comply with legal regulations, you may need to provide:
  • An explanation of the circumstances in which you share User Data to comply with a legal or regulatory requirement.
If you share data with a third party because users tell you to, you may need to provide:
  • A description of how users direct you to share User Data with another person or business.
  • Include screenshots if applicable.
If you have information security practices in place to protect user data and/or device user data, you will need to provide:
  • A description of your Information Security Practices. (Learn more.)
If you have a data security certification, you will need to provide:
  • A copy of that data security certification. (Learn more.)
If you do not have a data security certification, but you do take steps to protect the security of user data, you may need to provide:
  • Policy or procedure documents, software configurations, screenshots, or screen recordings that illustrate the steps you take to protect the security of User Data. (Learn more.)
Step 3. Submit your information
  1. Once you have answered all questions, click the Submit button at the bottom of the form. The Submit button will become clickable once all questions are answered, allowing you to proceed.
  2. A pop-up window will appear, with the following warning:
    Once you submit your assessment for [Your app name here], you will not be able to edit your responses. Your answers will be reviewed by our team. By submitting this assessment, you represent and warrant that the responses you provide are true and accurate to the best of your knowledge.
  3. If all information is accurate, click the Submit button on the pop-up window to submit your DPA for review.
Check the status of an assessment
In the Developer Dashboard, go to your app, and go to either Requirements > Summary to see an overview of all requirements or Requirements > Tasks and click on the drop down menu under Status to select Under Review or check the Hide all resolved items box to the far right of the drop down menus to see any requirements that are still in progress.
Note: The Summary and Tasks pages will display requirements in all statuses for reference later.
Request for more information
If more information is required by Meta reviewers after submitting your DPA, a “Request For Information” (RFI) will be sent and found under the Tasks page for your organization. Each RFI will have its own self-contained instructions you will need to resolve for each specific case. Your organization admins should check Requirements regularly for your app but they should also receive an email notification about any new RFI or violations that need to be addressed.
Learn more
Visit the Developer Blog post to learn more about why the Data Protection Assessment is required.
Did you find this page helpful?
Thumbs up icon
Thumbs down icon
Nav Logo
Why Meta Quest?
Design
Develop
API reference
Distribute
Blog
Support
Login