You can store such data in your database. As stated in your second quote, โYou do not have rights to this data,โ you cannot sell or disseminate this data. However, you can recreate this data to improve your applicationโs user interface.
When a user permits your application (i.e. connects to your application via Facebook), he allows your application to access his account. The easiest access provides you (the developer) with the list of friends users specified in Permissions . Thus, the user grants you permission to use this data. In addition, if you request some other friends-based permissions (e.g. friends_activities
, friends_checkins
described in the same document), the user explicitly grants you permission to use this data. But obviously you cannot share this information with third parties.
I participated in many projects where we had to store information about friends of users, and this was always legal.
In addition, there is no time limit for such storage.
source share