Iubenda logo
Start generating


Table of Contents

Privacy Policy for Facebook Lead Ads

What are Facebook Lead Ads? In Facebook’s words:

Lead Ads are a type of ad that allows you to run lead generation campaigns on Facebook and Instagram. Unlike other ad types, Lead Ads include a contact form, called an “instant form”, that lets people show their interest in a product or service by filling out the form with their details and allowing a business to follow up with them.

On your Lead Ads instant form, you can request email addresses or contact information from people who click on your ad. You can even ask people custom questions. Lead Ads can be used to collect sign-ups for newsletters, price estimates, follow-up calls and business information.

In the following example, you can see a Sleeknote Lead Ad from the users’ perspective. As you can see, it looks like any other sponsored Facebook ad:

Facebook Lead Ad

However, when you click “Download”, instead of directing you to a completely different website, this pop-up form appears:

Facebook Lead Ad

After adding the information requested and pressing submit, a confirmation window appears and you’re given the option to go back to your newsfeed.

Legal obligations and Facebook’s requirements

Below, we’ll detail some of the legal complications of this type of data collection and tell you how you can best meet both your legal obligations and facebook’s terms.

By clicking a Facebook lead ad, customers will see a form that’s already filled with info that they’ve shared with Facebook – such as their name, number or email address. The form is mobile-device friendly and designed for the least amount of typing possible. So it’s quicker for customers to reach you – and gives you accurate, actionable info so that you can contact them.

This is, of course, very useful, however this also means that these potential customers share their personal data with you and that has resulted in Facebook requiring privacy policy links from all of their Facebook Lead Ads users:

Facebook Lead Ad - Privacy Policy

Here’s what Facebook tells you in their Lead Ads Terms of Service:

B. You will ensure that each Lead Ad includes the following disclosures to Facebook users: (i) all disclosures and choice mechanisms necessary and sufficient to comply with applicable laws, rules and regulations, including any necessary offer terms promoted in the Lead Ad (e.g., criteria to qualify, expiration date, or limitations on redemption) (“Offer Terms”); (ii) a clear and prominent disclosure that if a user submits data to you through a Lead Ad, such data will be governed by your privacy policy; and (iii) a link to your privacy policy. You will further ensure that no Lead Ads will be targeted to any minors.

To be clear, having a valid privacy policy is legally required under most countries’ legislations anyway, however Facebook has also made it mandatory that you provide one in order to access the Lead Ads service.

iubenda helps a great deal with this. By signing up and simply telling us exactly which data your site collects, you can have a customized and precise privacy policy in minutes. The privacy policy can then be embedded into your site and/ or you can simply use the direct link provided.

How to add a privacy policy for Facebook Lead Ads

  1. Generate and customize your privacy policy (very important as in order to be valid, privacy policies should be precise and specific to your situation). Save and close.
  2. Next, head to your embed area and click on the Use a direct link tab. Copy the link.
  3. On your Facebook Ads account go to Lead Generation and click New Form. Add a link to your privacy policy under the section labeled Privacy Policy > Link URL.
  4. You can optionally customize the link’s text (via the Link Text field), however, since you need to be as clear as possible, we suggest sticking to the standard “Privacy Policy” as your link text. If you leave this field blank, Facebook will likely automatically set the text to “Privacy Policy”.
Facebook Lead Ad

Additional guidelines marketers with EU-based users

Based on various requirements — notably the GDPR and ePrivacy Directive — marketers based in the EU or marketers who target EU-based individuals need to ensure that valid user consent is obtained before collecting or otherwise processing users’ data . Additionally, you’re only allowed to use the data for the purposes outlined to and consented by the user, at the time at which the consent was attained.


In order to be considered valid, consent must be informed and actively indicated. Common practice, therefore, is to include an checkbox that isn’t pre-checked with visible links to your privacy policy and a precise description of the purpose of the data collection. The user must clearly understand who they’re giving their consent to, and how they can withdraw that consent if they so desire.

Furthermore, the consent must be specific to the purpose, meaning that multiple purposes require multiple consents. Click here for an example of how to do this using a single form.

Double Opt-in

Best practice when using email forms to collect consent, is to add an additional verification step known as double opt-in. This final step helps you to confirm that the person giving consent is indeed the owner of the email address provided.

This is particularly useful for marketers as

  • it greatly reduces the probability of your email address being flagged as spam due to unwanted contact; and
  • having fully verified consent is useful and adds an additional layer of legitimacy to your legally mandated Records of Consent.

For more information on how to handle email lists and newsletters in a legally compliant way, read our detailed Email & Newsletter Compliance Guide.

While we HIGHLY suggest reading the guide linked above, we’ve created the following practical list to help you get up and running as quickly as possible with Facebook Lead Ads.

Lead Ad process and checklist

  1. Under Lead Generation click New Form.
  2. Enter your text, image and questions, being careful to apply the principles of data minimalism — i.e. only ask for the data that you actually need in order to fulfil your purpose.
  3. Remember to tell people the exact purpose of why you want their data (for example email address, for your newsletter, or you are giving away an infographic, or potentially both). This way they know what they to expect. You will use the lead ad’s text field to outline what the purpose is of your lead ad.

  4. Make sure that your users are clearly informed of how they can withdraw their consent if they so choose.
  5. While iubenda automatically includes some necessary details related to user rights in your policy (see What Should Be in a Privacy Policy), when creating your privacy policy, remember to add services specific to your particular purposes of data collection. In this case, at minimum you’ll need to select the Mailing list or newsletter service and whichever facebook services apply.
    Add Facebook services to your privacy policy
  6. Add a link to your privacy policy and any additional disclaimers you may have.
  7. Don’t use the data for any purpose other than the ones you’ve outlined on the lead ad form and further detailed in your privacy policy.
  8. Important! Since Facebook doesn’t have the option of adding an un-checked box, utilising double-opt-in could make your consent more meaningful. We strongly suggest using this approach here.

Create a privacy policy for your Facebook Lead Ads

Start generating

See also