Privacy overview
Product overview
Unity Push Notifications adds support for Push Notifications to your game. It allows sending rich push notifications with images, and provides analytics on the number of received push notifications.
This documentation is intended to assist products to display their privacy compliance to Developers. It is not intended to be used as legal guidance or as a replacement to reading Unity’s Privacy Policy. If you have questions about a term used, please see the Glossary below.
If you have further questions about the privacy implications of your product, please email DPO@unity3d.com with your question. For expediency, please list the product about which you are inquiring.
Personal Data Collected about App Users/ Game Players
Default Personal Data Collected (always collected in order for the product to work)
- IP address
- Unique installation-specific ID
- User ID (Defaults to the Installation ID but can be set by developers)
- Authentication Player ID (Obtained if the Authentication SDK is present)
- IDFV
Developer Defined
While this product allows for the collection of developer defined data, we require that you not collect personal data through this mechanism. Our systems will not understand that it is personal data and so such would not be treated as such in retention processes or data subject requests.
Relationship under Privacy Laws
Under GDPR, Unity is the Processor. You, the developer, are an Independent Controller.
Under CCPA (as modified by CPRA), Unity is the Service Provider. You, the developer, are Business.
Legal Basis for Processing
As we are a Processor, we do not determine the legal basis for processing. Instead, it is your responsibility as the Controller to determine such a legal basis.
Consent (Opt-in) vs Opt-out
Personal data collection for the Push Notifications product happens through the Unity Analytics product. To implement consent opt-in and opt-out mechanism refer to the Unity Analytics documentation.
Data Subject Requests
Two of the most common data subject requests based in law are the request for access to personal data and the request for deletion of personal data.
Access
This service has no native functionality to support data access requests. You, the developer, are responsible for actioning them. You can action them by submitting the request here.
Deletion
This service has native functionality to support data deletion requests. This is achieved using the RequestDataDeletion method of the SDK.
Data Deletion
Call AnalyticsService.Instance.RequestDataDeletion()
to request personal data deletion, which triggers a purge of user data from the server.
public void RequestDataDeletion()
{
AnalyticsService.Instance.RequestDataDeletion();
}
If there is no internet connection when this request is made, the SDK will reattempt to send the request at regular intervals until it is successful. It will remember this across app restarts using Unity’s PlayerPrefs
system
Please note: this functionality only applies to Unity Analytics & Push Notifications If you are using other services which collect app user personal data you will need to review that service's documentation for how it handles data deletion requests.
Dependencies
This product is dependent on the Unity Analytics product and Mobile Notifications package. By enabling this product, you will also be enabling Unity Analytics and Mobile Notifications. You should refer to Unity Analytics Documentation and the Mobile Notifications documentation for more information.
Data Retention
By default, personal data is retained for 13 months. If you wish to implement a shorter retention period, you can do so by contacting support.
Child Privacy
If required to do so under applicable laws, you (the developer) must obtain Verified Parental Consent prior to submitting child-user data, as outlined in the Unity Terms of Service.
Privacy Policy Requirements
It is never appropriate to use Unity’s privacy policy for your application. You will need to ensure that the personal data practices are reflected in your Privacy Policy, as required in the Unity Terms of Service.
Data Processing Agreement (DPA)
Unity DPA applies to the transfer of data for this product.
Glossary
- GDPR - The General Data Protection Regulation (GDPR) took effect in the European Economic Area (EEA). References to GDPR also encompass UK GDPR which is the UK’s version of GDPR which applies post-Brexit.
- CCPA - The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (“CPRA”).
- PIPL - In November of 2021, Personal Information Protection Law (PIPL) took effect in China.
- LGPD - The Brazilian General Data Protection Law
- VCDPA - The Virginia Consumer Data Protection Act
- CPA - The Colorado Privacy Act
- CTDPA - The Connecticut Data Protection Act
- UCPA - The Utah Consumer Privacy Act
- PIPEDA - The Canadian Personal Information Protection and Electronic Documents Act
- COPPA - The Children’s Online Privacy Protection Act (COPPA) imposes restrictions on how data can be collected and used from children under the age of 13.
- CARU - A self-regulatory organization for the promotion of responsible privacy practices to children under the age of 13
- DPA - A Data Processing Addendum (or Data Processing Agreement) forms part of a contract and governs the rights and obligations of each party concerning the processing of personal data.
- ATT - iOS 14 and later requires publishers to obtain permission to track the user's device across applications. This device setting is called App Tracking Transparency, or ATT.