WeChat Mini Programs policies and regulations

WeChat Mini Programs, as a lightweight application platform launched by Tencent, have rapidly gained popularity due to their convenience and low development barriers. With the growth in user numbers and developer participation, relevant policies and regulatory measures have been progressively refined, covering areas such as data security, content moderation, and privacy protection, imposing clear requirements on developers and operators.

Policy Framework for WeChat Mini Programs

The policy system for WeChat Mini Programs primarily consists of the WeChat Mini Program Platform Operation Guidelines, WeChat Mini Program Service Terms, and WeChat Open Platform Developer Agreement. These documents clarify the rights and obligations of developers, such as prohibiting the dissemination of illegal or non-compliant content and restricting the invocation of sensitive functionalities. Policy updates are frequent, with 2023 introducing specialized clauses for AI-generated content, requiring clear labeling of content generated using deepfake technology.

// Example: Mini Programs must declare the API permissions they use
wx.getSetting({
  success(res) {
    if (!res.authSetting['scope.userInfo']) {
      wx.authorize({
        scope: 'scope.userInfo',
        fail() { console.error('User denied authorization') }
      })
    }
  }
})

Data Security and Privacy Regulations

Under the requirements of the Personal Information Protection Law, Mini Programs must explicitly display privacy policies through pop-ups and cannot deny service if users refuse to provide non-essential information. Key regulatory points include:

1. Sensitive permissions such as geolocation and contact lists require secondary confirmation.
2. User data must be stored on servers within China.
3. Account deletion functionality must be prominently provided.

Violation case: An e-commerce Mini Program was taken down for rectification after default-checking the "share user behavior data" option. Post-rectification, it must clearly separate data collection options:

<!-- Example of a compliant privacy authorization component -->
<view class="privacy-box">
  <checkbox-group bindchange="handlePrivacy">
    <label><checkbox value="1"/> Agree to the *User Agreement*</label>
    <label><checkbox value="2"/> Allow analysis of browsing behavior (optional)</label>
  </checkbox-group>
</view>

Content Moderation Mechanism

WeChat employs a dual moderation system combining machine and human review, focusing on:

• Politically sensitive terms (e.g., inappropriate references to national leaders)
• Financial categories (requiring submission of a Value-Added Telecommunications Business License)
• User-generated content (UGC) (community Mini Programs must implement real-time filtering systems)

Typical moderation rules include:

1. New submissions must pass keyword filtering checks.
2. Image content is screened using Tencent Cloud's Content Security API to identify违规 elements.
3. Live-streaming Mini Programs must integrate Tencent Cloud's Instant Messaging IM for content archiving.

// Example of calling the content security detection API
wx.cloud.callFunction({
  name: 'contentSecCheck',
  data: { content: userInputText },
  success: (res) => {
    if(res.result.errcode === 87014) {
      wx.showToast({ title: 'Contains违规 content' })
    }
  }
})

Special Industry Regulatory Requirements

Mini Programs in different industries face differentiated regulations:

1. Healthcare: Must display an Internet Medical Information Service License, with online consultation功能 limited to follow-up patients.
2. Education: Foreign teachers must provide work permits, and course prices must be clearly marked.
3. Finance: Prohibits诱导性收益宣传, and annualized收益率 must display historical performance.

A wealth management Mini Program was penalized for failing to prominently display "historical returns do not indicate future performance." The compliant solution should include a risk warning pop-up:

wx.showModal({
  title: 'Risk Warning',
  content: 'The market carries risks; invest with caution...',
  confirmText: 'Acknowledge risks',
  confirmColor: '#FF2442'
})

Cross-Border Data Flow Management

Mini Programs involving overseas services must特别注意:

1. Data exports require security assessments.
2. Multilingual versions of content must undergo separate reviews.
3. Payment settlements must use licensed domestic channels.

For example, an international hotel booking Mini Program was suspended for directly syncing user data to overseas servers. Post-rectification, it must改为:

// Process data locally before exporting
function processOverseasData(data) {
  return {
    ...data,
    phone: data.phone.replace(/(\d{3})\d{4}(\d{4})/, '$1****$2'),
    idCard: '' // Remove ID numbers
  }
}

Minor Protection Measures

Under new anti-addiction regulations:

1. Gaming Mini Programs must integrate real-name authentication systems.
2. Services are prohibited for minors between 22:00 and 08:00 daily.
3. Paid functionalities must set single and monthly spending limits.

Implementation example:

// Payment restrictions for minors
function checkMinorPayment(userInfo) {
  if(userInfo.age < 18) {
    return Math.min(amount, 200) // Single transaction capped at 200元
  }
  return amount
}

Violation Penalties and Appeal Process

Common penalty levels include:

• Warning (e.g., minor UI violations)
• Traffic restrictions (search ranking demotion for 30 days)
• Service suspension (requires submission of rectification reports)
• Permanent ban (for repeated or major violations)

Appeal materials must include:

1. Rectification statements with official seals.
2. Screenshots of modified code.
3. Test accounts and passwords.

A tool Mini Program successfully appealed a误判 of "excessive data collection" by providing complete documentation of permission usage and technical architecture diagrams.