Home Docs Facebook Sellers
Platform Guide

Facebook Sellers & DPDP Compliance

Facebook Marketplace orders, Messenger chats, and Facebook Ads lead forms all collect personal data — here's what DPDP requires of you.

₹50–250 Cr

Penalty range for violations

Lead Forms

Facebook Ads leads = personal data

May 2027

Compliance deadline

Facebook Selling & DPDP

Whether you're selling on Facebook Marketplace, running a Facebook Page shop, or collecting leads via Facebook Ads, you are processing personal data of Indian customers and the DPDP Act 2023 applies to you.

Data You're Collecting

Facebook Marketplace

Buyer name, phone, location, delivery address via Messenger

Lead Ad Forms

Name, email, phone, job title — all personal data from lead forms

Page messages

Customer queries with personal details in Messenger

Pixel & Retargeting

If you run Facebook Ads with Pixel, you are tracking user behaviour

Event responses

RSVPs and ticket purchases contain personal data

Comments & tags

Customer complaints/tags on your page posts

Key Obligations

Facebook Lead Ads require a DPDP privacy notice

Your lead ad must link to a DPDP-compliant privacy notice that explains how you use the collected information. Facebook's own terms do not satisfy this.

Messenger order data needs consent logging

Orders taken via Messenger include personal data. You need to log that the customer provided consent before processing their order.

Pixel requires disclosure

If you use Facebook Pixel for retargeting, you must disclose this in your privacy notice and give customers an opt-out mechanism.

Lead data must be deleted on request

If a customer who submitted a lead form asks you to delete their data, you must comply — including removing them from your CRM and ad audiences.

How EasyDP Helps Facebook Sellers

  • DPDP-compliant privacy notice for your Facebook Lead Ads forms
  • Consent capture and logging for Marketplace and Messenger orders
  • Auto-generated DSR portal — customers submit access and deletion requests, you get notified
  • Pixel and Conversions API disclosure guidance for your privacy notice
  • Multilingual consent notices in 6 Indian languages
  • Breach notification workflow with 72-hour countdown and audit-log export

Is Your Facebook Business DPDP Compliant?

Check your specific obligations with our free 2-minute checker.