Product Overview
Name: Unity Player Accounts
Description: Unity Player Accounts is Unity’s comprehensive sign-in solution that supports persistence across platforms and devices. The cross-platform and cross-device identity system allows players to continue their game progress on any developer-supported platform. Unity Player Accounts uses the OAuth2 specification and is compatible with OAuth2 client libraries.
Personal data collected about app users and game players
Default Personal Data Collected (always collected in order for product to work):
- Email address (for account creation)
- A unique Unity Player Account ID is generated per user
Relationship under Privacy Laws
Under European Privacy Law, Unity is the Controller. You, the developer, are an Independent Controller.
Under Californian Privacy Law, Unity is the Business. You, the developer, are an independent Business.
Legal Basis for Processing
You can find our legal basis for processing in our Privacy Policy.
Consent (Opt in) vs Opt out
By default, a user has to opt-in to use the service as they need to create an account using their email. Please note: this does not mean that we rely on consent as the legal basis for processing. As noted above, our legal basis is outlined in our Privacy Policy.
Data Subject Requests
Two of the most common data subject requests based in law are the request for access to personal data and the request for deletion of personal data.
Please note: we will not accept requests from developers acting on behalf of their app-users. We have a direct relationship with the app-user, and as the account can be used to sign into multiple applications, requests must come from the data subject.
Access
To request a Data Subject Access Request, the player needs to email: unity-player-login-privacy@unity3d.com
.
Deletion This service has native functionality to support data deletion requests. Signed-in players can delete their Unity Player Account by either selecting Support in the footer, or going to this URL: https://player-account.unity.com/ Note that deleting this account does not delete their data associated with other integrated apps and services. To delete that data, they need to contact those apps and services.
Note: Data Subject Request functions only apply to this service. If you use other services which collect app user personal data you need to review that service's documentation for how it handles data deletion requests.
This service has no additional functionality to support Data Subject Requests for data collected by integrated applications. You, the developer, are responsible for actioning them.
Dependencies
This product does not have any dependencies on other products.
Data Retention
By default, personal data is retained until deletion while an account is active. In the event of inactivity of two years, users are prompted to delete their account.
Child Privacy
This service is not intended to be used in applications with child users, unless you, the developer, have obtained Verified Parental Consent where required as outlined in the Unity Terms of Service.
Privacy Policy Requirements
It is never appropriate to use Unity’s privacy policy for your application. You need to ensure that the personal data practices are reflected in your Privacy Policy.
Additionally, you need to link out to our Privacy Policy from within your own, as required in the Unity Terms of Service.
Data Processing Agreement (DPA)
Unity DPA applies to the transfer of data for this product.
Glossary & Notable Laws
- GDPR - The General Data Protection Regulation (GDPR) took effect in the European Economic Area (EEA). References to GDPR also encompass UK GDPR which is the UK’s version of GDPR which applies post-Brexit.
- CCPA - The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (“CPRA”).
- PIPL - In November of 2021, Personal Information Protection Law (PIPL) took effect in China.
- LGPD - The Brazilian General Data Protection Law.
- VCDPA - The Virginia Consumer Data Protection Act.
- CPA - The Colorado Privacy Act.
- CTDPA - The Connecticut Data Protection Act.
- UCPA - The Utah Consumer Privacy Act.
- PIPEDA - The Canadian Personal Information Protection and Electronic Documents Act.
- COPPA - The Children’s Online Privacy Protection Act (COPPA) imposes restrictions on how data can be collected and used from children under the age of 13.
- CARU - A self-regulatory organization for the promotion of responsible privacy practices to children under the age of 13.
- DPA - A Data Processing Addendum (or Data Processing Agreement) forms part of a contract and governs the rights and obligations of each party concerning the processing of personal data.
- ATT - iOS 14 and later requires publishers to obtain permission to track the user's device across applications. This device setting is called App Tracking Transparency, or ATT.