Better Sharing Find Your Friends Privacy Playbook
Subtitle: How to Connect Users Through Their Contacts Without Breaking Privacy Laws
“Find Your Friends” features help users build their networks by connecting them with people they already know—through contacts, phone books, or social graphs.
But whenever you process third-party contact data, you take on real-world legal obligations under GDPR, CCPA, CASL, PECR, and other global privacy laws.
Contact discovery is a privacy-sensitive operation—even when no message is sent. The act of processing contact information triggers legal requirements that must be addressed through careful design and implementation.
This playbook teaches founders, product managers, developers, and privacy teams how to build contact-powered discovery tools the right way:
- Safely
- Transparently
- Legally
- Respectfully
What This Series Covers
Find Your Friends Risk Foundations
Why matching contacts—even without messaging—creates legal risk.
Transparent Matching UX
How to design contact import and matching flows with clear consent and user control.
Matching vs Messaging
Why surfacing matches and sending invitations are two legally distinct actions.
Sending Invitations After Matching
How to transition from contact discovery to compliant invitation messaging.
Safe Contact Import
Engineering patterns for privacy-first contact handling and matching.
Consent, Retention, and Opt-Out at Scale
How to handle opt-outs, suppression, and deletion requests across contact matching systems.
Global Rules for Contact Matching
How GDPR, CPRA, CASL, and PECR apply to Find Your Friends features.
Trust-First Social Graph Growth
How respectful Find Your Friends features outperform aggressive growth tactics.
Who This Playbook Is For
This series is essential for organizations building features that involve contact discovery, matching, or invitation systems:
- Social Networks: Platforms that connect users based on existing relationships
- Messaging Apps: Applications that help users find contacts already using the service
- Job Platforms: Recruitment sites that suggest connections based on contact data
- Event Platforms: Services that help users find contacts attending the same events
- Gaming Networks: Games that connect players with friends from their contact lists
- Collaboration Tools: Productivity apps that suggest connections for teamwork
- Loyalty Programs: Services that encourage users to invite contacts to join
- Any Service: Offering “Find Friends” or “People You May Know” functionality
Each of these platforms faces unique challenges in implementing contact discovery features that respect privacy while delivering value to users.
Key Message: Contact Matching Is Processing
Even if you don’t message someone, comparing a contact list to your database counts as data processing under privacy laws. This fundamental concept is critical to understanding your legal obligations.
If you process contact data, you must:
- Have a lawful basis: Usually consent or legitimate interest, depending on the jurisdiction
- Be transparent: Clearly explain what you’re doing with contact data
- Respect opt-out rights: Honor requests to stop processing someone’s data
- Minimize retention: Keep data only as long as necessary
- Support access and deletion rights: Allow individuals to access or delete their data
These requirements apply even if:
- You never send messages to the contacts
- You only use the data for matching purposes
- The processing is temporary or one-time only
- The user initiated the contact import
For more foundational information on handling contact data, see: How to Handle Contacts Without Breaking Privacy Laws
Ready to Begin?
Start with Find Your Friends Risk Foundations to understand the core privacy principles that should guide your implementation of contact discovery features.
As you work through this playbook, you’ll develop a comprehensive understanding of how to build contact-powered features that respect privacy, comply with global regulations, and create positive user experiences.