Privacy Overview

Safe Voice, part of the Unity Gaming Services platform, provides a solution to record and analyze in-game voice chats. Safe Voice lets studios easily understand problems within a game community’s voice conversations and act on problematic participants to reduce the overall level of toxicity within the game.

This documentation is intended to provide data privacy information about Unity’s products to Developers. It is not intended to be used as legal guidance or as a replacement for reading Unity’s Privacy Policy. If you have questions about a term used, please see the Glossary below.

If you have further questions about the privacy implications of your product, please email DPO@unity3d.com with your question. For expediency, please list the product about which you are inquiring.

Personal Data Collected about App Users/Game Players

Personal data which is always collected

If the end user has consented to data collection, the default personal data collected is as follows (i.e. always collected in order for the product to work):

  1. Voice recordings

    1. User IDs
      • This may be either a players username or a randomly generated ID
    2. IP Addresses
    3. Device ID
  2. Product also analyzes to predict the demographics of each voice:

    • Gender

Personal data which may be collected

Optional personal data Collected (personal data which may be collected at choice/action of the end user/Developer):

  1. Player display names

Developer Defined

While this product allows for the collection of developer defined data, we require that you not collect personal data through this mechanism. Our systems will not understand that it is personal data and so such would not be treated as such in retention processes or data subject requests.

Relationship under Privacy Laws

Under GDPR, Unity is the Processor in respect of the personal data collected and processed by Safe Voice. You, the developer, are a Controller of the same personal data.

Under CCPA (as modified by CPRA), Unity is the Service Provider. You, the developer, are also an independent Business.

As we are a Processor, we do not determine your legal basis for processing. Instead, it is your responsibility as the Controller to determine such a legal basis.

Data privacy regulations in some regions might require consent from the end user to collect and process personal data, and others might require end user notice and the opportunity to opt-out. By using Safe Voice, you are legally responsible for providing this consent and/or opt-out where required in applicable regions.

Opting in means that Safe Voice does not collect personal data prior to the end user consenting. If an end user opts-in, they also need to be able to opt-out of personal data collection

To provide the user a method to opt-in, you can follow the instructions in our documentation to implement a consent form in the game and send the consent data to Safe Voice.

Note: This functionality only applies to the Safe Voice service. If you are using other services which collect app user personal data you will need to review that service's documentation for how it handles opt-in/opt-out requests.

Data Subject Requests

Two of the most common data subject requests based in privacy law are: (i)the request for access to personal data and (ii) the request for deletion of personal data.

Access

This service offers web API endpoints to support data access requests. You, the developer, are responsible for actioning them. You can action them by sending a web request including the Player ID of the end user that requested access. Refer to the Data Retrieval API documentation for more details on the API specification.

Deletion

This service offers web API endpoints data deletion requests. You, the developer, are responsible for actioning them. You can action them by sending a web request including the Player ID of the end user that requested data deletion. Refer to the Data Deletion API documentation for more details on the API specification.

Dependencies

Safe Voice is dependent on the Vivox service. To be able to enable Safe Voice you need to first ensure that Vivox has been enabled. Refer to the Vivox documentation for more information.

Personal Data Retention

By default, identified voice recordings and user ID are retained for up to 12 months.

IP addresses on packets are kept for up to 24 hours for routing purposes.

Child Privacy

This service is not intended to be used in applications with child users, unless you, the Developer, have obtained verified parental consent where required as outlined in the Unity Terms of Service.

If you have child users in your application, please talk to your Unity technical account manager to get child detection enabled for your project. Additionally, if you obtain end user consent for the collection and use of personal data in the Safe Voice product, you will have to forward the consent to Unity using the Consent Management API.

Privacy Policy Requirements

It is never appropriate to use Unity’s Privacy Policy for your application. You will need to ensure that the personal data practices in relation to Safe Voice are reflected in your own privacy policy.

Data Processing Agreement (DPA)

The Unity DPA applies to the transfer of personal data for this product.

Glossary & Notable Laws

  • GDPR - The General Data Protection Regulation (GDPR) took effect in the European Economic Area (EEA). References to GDPR also encompass UK GDPR which is the UK’s version of GDPR which applies post-Brexit.
  • CCPA - The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (“CPRA”).
  • PIPL - In November of 2021, Personal Information Protection Law (PIPL) took effect in China.
  • LGPD - The Brazilian General Data Protection Law
  • VCDPA - The Virginia Consumer Data Protection Act
  • CPA - The Colorado Privacy Act
  • CTDPA - The Connecticut Data Protection Act
  • UCPA - The Utah Consumer Privacy Act
  • PIPEDA - The Canadian Personal Information Protection and Electronic Documents Act
  • COPPA - The Children’s Online Privacy Protection Act (COPPA) imposes restrictions on how data can be collected and used from children under the age of 13.
  • CARU - A self-regulatory organization for the promotion of responsible privacy practices to children under the age of 13
  • DPA - A Data Processing Addendum (or Data Processing Agreement) forms part of a contract and governs the rights and obligations of each party concerning the processing of personal data.
  • ATT - iOS 14 and later requires publishers to obtain permission to track the user's device across applications. This device setting is called App Tracking Transparency, or ATT.