Privacy overview

Unity Analytics, part of the Unity Gaming Services platform, provides an end-to-end data and analysis solution designed to support your entire studio. Analytics lets studios easily understand game performance and player behaviors.

Important: this documentation is intended to inform developers of their data privacy obligations when using Analytics. It is not intended to be used as legal guidance or as a replacement to reading our Privacy Policy. If you have questions about a term used, please see the Glossary below.

If you have further questions about the privacy of a product, please email DPO@unity3d.com with your question. For expediency, please list the product about which you are inquiring.

For practical information about how to fulfil your data privacy obligations when integrating Analytics into your game, please see the manage data privacy with the SDK page.

Personal data collected about app users/game players

Default Data

  1. IP address
  2. Unique installation-specific ID
  3. User ID (defaults to the installation-specific ID but can be set by developers)
  4. Authentication Player ID (obtained if the Authentication SDK is present and the player is signed in through it)
  5. IDFV

Developer-defined

While this product allows for the collection of developer-defined data, we ask that you do not collect personal data through this mechanism. Our systems will not understand that it is personal data and so would not treat it as such in retention processes or data subject requests.

Relationship under privacy laws

Under European Privacy Law, Unity is the Processor. You, the developer, are the Controller. In limited circumstances, we can become independent Controllers e.g., if Analytics is used alongside our Grow Services.

Under Californian Privacy Law, Unity is the Service Provider. You, the developer, are the Business. In limited circumstances, we can become independent Businesses e.g., if used alongside our Grow Services.

As we are a Processor, we do not determine the legal basis for processing. Instead, it is your responsibility as the Controller to determine such a legal basis.

In the limited circumstances in which we are an Independent Controller, you can find our legal basis for processing data collected through our Ads Service in our Privacy Policy. Please note: As an independent controller, you too should determine your own legal basis.

Data subject requests

Two of the most common data subject requests based in law are the request for access to personal data and the request for deletion of personal data.

Access

This service has no native functionality to support data access requests. You, the developer, are responsible for actioning them. You can action them by submitting the request here.

Deletion

This service has native functionality to support data deletion requests. This is achieved using the RequestDataDeletion method of the SDK. Please see the manage data privacy page for more information.

Dependencies

Depending on how you enable it, this product may be on the Authentication product. By enabling this product, you will also be enabling the Authentication product and you should refer to Unity Authentication SDK for more information.

Data retention

By default, personal data is retained for 13 months. If you wish to implement a shorter retention period, you can do so by contacting support.

Child privacy

If required to do so under applicable laws, you (the developer) must obtain Verified Parental Consent prior to submitting child-user data, as outlined in the Unity Terms of Service.

Privacy policy requirements

It is never appropriate to use Unity's privacy policy for your application. You will need to ensure that the personal data practices are reflected in your Privacy Policy, as required in the Unity Terms of Service.

Privacy URL

If you need to present the user with Unity's privacy policy, use the privacy URL: https://unity.com/legal/game-player-and-app-user-privacy-policy.

This is available in the Analytics SDK in the property AnalyticsService.Instance.PrivacyUrl.

Data Processing Agreement (DPA)

Unity DPA applies to the transfer of data for this product.

Glossary

  • GDPR - In May of 2018, the General Data Protection Regulation (GDPR) took effect in the European Economic Area (EEA). References to GDPR also encompass UK GDPR which is the UK’s version of GDPR which applies post-Brexit.
  • CCPA - In January of 2019, the California Consumer Privacy Act (CCPA) took effect in California
  • PIPL - In November of 2021, Personal Information Protection Law (PIPL) took effect in China.
  • VCDPA - In January of 2023, the Virginia Consumer Data Privacy Act (VCDPA) takes effect in Virginia.
  • COPPA - The Children’s Online Privacy Protection Act (COPPA) imposes restrictions on how data can be collected and used from children under the age of 13.
  • Controller
  • Processor
  • Service Provider
  • Third Party
  • Business
  • DPA