Trust and security at Meta

Meta puts privacy and security at the heart of everything that we do, so you can make the move to virtual reality with confidence. Learn more about our approach, as well as the safety features built into our products.

Download whitepapers

HOW WE KEEP YOUR DATA SAFE

We're invested in your security

We make substantial investments to protect your data and provide features to support your compliance with international privacy laws, including the General Data Protection Regulation (GDPR). Learn more about how we keep your data safe and help in your compliance journey by downloading the security whitepaper.

Security controls

We provide the necessary security controls for deploying Meta Quest devices. These include core device controls such as network configuration and PIN requirements, features to monitor device status, including security logs and remote wipe, and support for device access, such as single sign-on, identity provider integrations and two-factor authentication.

Security practices

Our application security includes malware detection and vulnerability scanning. We leverage Android features such as sandboxing, encryption and authentication to ensure operating system security. Additionally, we implement robust hardware and firmware security measures, including third-party penetration testing and third-party audits in accordance with SOC 2 and ISO standards.

Meta Standards

Meta's security practices and infrastructure are designed to protect your data. Our approach includes building security-conscious teams, implementing resilient protocols such as logging physical access to our facilities, and managing the entire security lifecycle through regular vulnerability testing of key controls and detailed incident response plans.

Compliance

ISO/IEC 27001

Meta Horizon managed services meets the ISO 27001 security standard. Our ISO 27001 certification demonstrates a commitment to security best practice and provides an independent validation of the design and operational effectiveness of our security management programme and information security management system.

Download ISO 27001

ISO/IEC 27018

Meta Horizon managed services is certified to ISO 27018 security standard, a privacy-focused international standard that builds on information security management systems. It indicates conformance with commonly accepted control objectives, controls and guidelines for public cloud service providers to protect personally identifiable information (PII) housed on their services.

Download ISO 27018

SOC 2

SOC 2 is an extensive independent audit of how we host and operate Meta Horizons managed services. It is performed annually by third-party auditors and covers everything from how we secure and protect the application and our data centres, to how we verify the identity and background of our employees. The report can be downloaded by Meta Horizon managed services customers from within the Admin Panel. Navigate to Security, then More, then Certifications. The report is also available upon request, subject to an NDA.

SOC 3

Our SOC 3 report provides a summary of the SOC 2 report.

Download SOC 3

General Data Protection Regulation (GDPR)

Read the whitepaper

Transparency report

We publish regular reports to give our community visibility into how we enforce our policies, respond to data requests and protect intellectual property, while also monitoring dynamics that limit access to Meta technologies.

Strong management controls

Get your Meta Quest devices ready to deploy and be centrally managed with our subscription service, designed to provide the features you need.

It includes device, app and user management, as well as customer support. The management controls and security features are designed to meet common requirements and help you adopt Meta Quest devices. You can:

Configure and monitor your Meta Quest devices to meet your security standards and requirements
Review the status of all your managed devices
Mitigate risk and deploy fixes immediately when security vulnerabilities are discovered with policies
Set role-based access control requirements

Learn more

Preview of admin portal on Meta Quest for business

DEVICE PROTECTION

Built-in protection for VR

Several privacy and security features are common to all three headsets. Like the Privacy Indicator, which gives users more visibility into the sensitive permissions installed apps are currently using. People get to decide who sees their information or what data they share with Meta. They can also easily report abuse or other bad behaviour.

Meta Quest 3, Meta Quest 3S and Meta Quest Pro also have additional protections in place to support device-specific features.

Privacy information and settings on Help Centre

Meta Quest 3S

Meta Quest 3S includes a sensor lock, which automatically turns off your headset's cameras (and microphones) when your headset goes to sleep and turns them back on when the power button is pressed.

Learn more about sensor lock

A mixed reality Meta Quest 3 headset and controllers

Meta Quest 3/3S

You control whether apps on your Meta Quest 3/3S can access spatial data. To find more details about how we have applied our responsible innovation principles to help minimise any impact on people's privacy when creating virtual reality experiences for Meta Quest 3/3S, download our whitepaper.

Learn more about spatial data

Meta Quest 3S

Meta Quest 3S includes a sensor lock, which automatically turns off your headset's cameras (and microphones) when your headset goes to sleep and turns them back on when the power button is pressed.

Learn more about sensor lock

DATA PROTECTION

We protect customer data

We care about Customer Data as much as you do, which is why we're explicit and transparent about how we use it. Meta logically separates Customer Data from consumer data, except for permitted data sharing, and Customer Data is stored subject to strict access controls, as detailed in our whitepapers. You can also have peace of mind knowing that Meta will not sell or share any Customer Data, as defined in the Terms of Service. Customer Data will not be used for any purposes other than those described in our whitepapers, including personalisation of consumer Meta Products or advertising, and personal data collected from the use of Meta Horizon products with a managed Meta account, will not be used to personalise ads.

Read the whitepaper

VR view of the applications library in the Meta Quest Store

THIRD-PARTY PROTECTION

Securing the Meta Horizon Store

Third-party apps available on the Meta Horizon Store are subject to their own terms and privacy policies. However, we require developers to comply with the Meta Platform Terms and Developer Policies, and we reserve the right to remove non-compliant developers or apps that do not fully comply.

SECURED BY META

Trust and security at Meta

We're invested in your security

Security controls

Security practices

Meta Standards

Compliance

ISO/IEC 27001

ISO/IEC 27018

SOC 2

SOC 3

General Data Protection Regulation (GDPR)

Transparency report

Strong management controls

Meta Quest 3S

DATA PROTECTION

We protect customer data

Securing the Meta Horizon Store

Meta partners with and serves some of the most respected businesses and educational institutions in the world.