Privacy overview

Product overview

Unity Analytics / UGS Analytics, part of the Unity Gaming Services platform, provides an end-to-end data and analysis solution designed to support your entire studio. Analytics lets studios easily understand game performance and player behaviors.

This documentation is intended to assist products display their privacy compliance to Developers. It is not intended to be used as legal guidance or as a replacement to reading our Privacy Policy. If you have questions about a term used, please see the Glossary below.

If you have further questions about the privacy of a product, please email DPO@unity3d.com with your question. For expediency, please list the product about which you are inquiring.

Personal Data Collected about App Users/ Game Players

Default Data

  1. IP address
  2. Unique installation-specific ID
  3. User ID (Defaults to the Installation ID but can be set by developers)
  4. Authentication Player ID (Obtained if the Authentication SDK is present)
  5. IDFV

Developer Defined

While this product allows for the collection of developer-defined data, we ask that you do not collect personal data through this mechanism. Our systems will not understand that it is personal data and so such would not be treated as such in retention processes or data subject requests.

Relationship under Privacy Laws

Under European Privacy Law, Unity is the Processor. You, the developer, are the Controller. In limited circumstances, we can become independent Controllers e.g., if Analytics is used alongside our Grow Services.

Under Californian Privacy Law, Unity is the Service Provider. You, the developer, are the Business. In limited circumstances, we can become independent Businesses e.g., if used alongside our Grow Services.

Legal Basis for Processing

As we are a Processor, we do not determine the legal basis for processing. Instead, it is your responsibility as the Controller to determine such a legal basis.

In the limited circumstances in which we are an Independent Controller, you can find our legal basis for processing data collected through our Ads Service in our Privacy Policy. Please note: As an independent controller, you too should determine your own legal basis.

Consent (Opt-in) vs Opt-out

Important notice: UGS Analytics requires you to implement a privacy solution which is separate from Unity Ads. Therefore, if you are using both Unity Ads and Unity Analytics, the Unity Ads opt-out mechanism will NOT apply to both services.

SDK-5-flow

Analytics collects data to help you improve the player experience in your game. Some of that data includes personal data regulated under data privacy laws.

Some regions might require consent to collect personal data by law, and others might require end-user notice and the opportunity to opt-out. However, consent and opt-out requirements extend beyond these use cases and must be applied in any region that requires it. By using these functions, you take responsibility for providing this consent correctly and for all regions.

When a user does not consent to, or opts out of personal data collection and processing under a data privacy regulation (for example GDPR, CCPA, or PIPL), this prevents personal data from being collected about your users and may impact your analytics and key metrics.

Important notice: The Analytics SDK does not manage data privacy compliance in any way. You, the developer, are responsible for determining what data privacy legislation applies to the player and what consent is required before activating the SDK.

Managing Data Privacy

As of version 5.0.0, the Analytics SDK does not collect any personal data by default. You are responsible for determining what data privacy legislation affects the player and when it is appropriate for you to enable data collection by the SDK (i.e. have the player’s consent for an opt-in legislation, or that the player has not denied consent for an opt-out legislation). If you are not using SDK version 5.0.0 or greater, it is strongly recommended that you upgrade as soon as possible.

To enable data collection, use the following: AnalyticsService.Instance.StartDataCollection();

If the player has denied or revoked their consent, the SDK initializes in a dormant state in which it will ignore all events. In this case, you can avoid calling StartDataCollection and so leave the SDK inactive.

Opt Out

If the user wants to opt out later, they can use the same method for all applicable regulations using the AnalyticsService.Instance.StopDataCollection(); method.

public void OptOut()
{
	AnalyticsService.Instance.StopDataCollection();
}

In regions that require you to provide an opt-out, you must provide your own logic to determine whether the player has opted out. You may call AnalyticsService.Instance.StartDataCollection() to start the SDK if the player hasn't opted out, otherwise you shouldn't call it and the SDK remains dormant.

async void Start()
{
  await UnityServices.InitializeAsync();
 
  if (playerHasOptedOut)
  {
		// Do nothing, leave the SDK off
  }
  else
  {
		AnalyticsService.Instance.StartDataCollection();
  }
}

Opt Back In

Call the StartDataCollection() method at any time to activate or reactivate the SDK for data collection.

PIPL consent

PIPL is an opt-in based legislation. You're obligated to ask the user for their consent before any other actions are allowed in the SDK. Call the StartDataCollection() method as seen below to signal that consent has been provided.

async void Start()
{
  await UnityServices.InitializeAsync();
 
  ShowPIPLConsentFlow();
}
public void PIPLConsentGiven()
{
	AnalyticsService.Instance.StartDataCollection();
}

Please visit Unity's legal site for more information on Unity's approach to PIPL.

Data Subject Requests

Two of the most common data subject requests based in law are the request for access to personal data and the request for deletion of personal data.

Access

This service has no native functionality to support data access requests. You, the developer, are responsible for actioning them. You can action them by submitting the request here.

Deletion

This service has native functionality to support data deletion requests. This is achieved using the RequestDataDeletion method of the SDK.

Data Deletion

Call AnalyticsService.Instance.RequestDataDeletion() to request personal data deletion, which triggers a purge of user data from the server.

public void RequestDataDeletion()
{
	AnalyticsService.Instance.RequestDataDeletion();
}

If there is no internet connection when this request is made, the SDK will reattempt to send the request at regular intervals until it is successful. It will remember this across app restarts using Unity’s PlayerPrefs system

Please note: This functionality only applies to this service and the Push Notification Service. If you are using other services which collect app user personal data you will need to review that service's documentation for how it handles data deletion requests. To delete the Player ID created by the Unity Authentication SDK (if enabled), please use the Authentication API.

Dependencies

Depending on how you enable it, this product may be on the Authentication product. By enabling this product, you will also be enabling the Authentication product and you should refer to Unity Authentication SDK for more information.

Data Retention

By default, personal data is retained for 13 months. If you wish to implement a shorter retention period, you can do so by contacting support.

Child Privacy

If required to do so under applicable laws, you (the developer) must obtain Verified Parental Consent prior to submitting child-user data, as outlined in the Unity Terms of Service.

Privacy Policy Requirements

It is never appropriate to use Unity’s privacy policy for your application. You will need to ensure that the personal data practices are reflected in your Privacy Policy, as required in the Unity Terms of Service.

Privacy URL

If you need to present the user with Unity’s privacy policy, use the privacy URL:

To get the privacy URL use: Application.OpenURL(AnalyticsService.Instance.PrivacyUrl);

Data Processing Agreement (DPA)

Unity DPA applies to the transfer of data for this product.

Glossary

  • GDPR - In May of 2018, the General Data Protection Regulation (GDPR) took effect in the European Economic Area (EEA). References to GDPR also encompass UK GDPR which is the UK’s version of GDPR which applies post-Brexit.
  • CCPA - In January of 2019, the California Consumer Privacy Act (CCPA) took effect in California
  • PIPL - In November of 2021, Personal Information Protection Law (PIPL) took effect in China.
  • VCDPA - In January of 2023, the Virginia Consumer Data Privacy Act (VCDPA) takes effect in Virginia.
  • COPPA - The Children’s Online Privacy Protection Act (COPPA) imposes restrictions on how data can be collected and used from children under the age of 13.
  • Controller
  • Processor
  • Service Provider
  • Third Party
  • Business
  • DPA
Unity logo Documentation
Copyright © 2024 Unity Technologies
"Unity", Unity logos, and other Unity trademarks are trademarks or registered trademarks of Unity Technologies or its affiliates in the U.S. and elsewhere (more info here). Other names or brands are trademarks of their respective owners.