Epic Games updated its privacy policy on April 23, 2026 with clarifications focused on how it collects and uses data from children's accounts (called Cabined Accounts). The policy now specifies that persistent identifiers like IP addresses and device IDs are used for authentication, security, and service improvement, and adds language stating these identifiers are not repurposed for other uses. Language also shifted from 'child user' to 'child' throughout, and removed a previous statement about deleting personal information after inquiry resolution.
The updated policy clarifies how Epic Games collects and uses persistent identifiers (IP addresses, device IDs, account IDs) for children's accounts. The revised language specifies that these identifiers are used for authentication, security, analytics, and service personalization, and adds an explicit statement that technical and organizational means are in place to ensure these identifiers are not repurposed for other uses. Parent email addresses are collected for notice and consent but are no longer stated to be automatically deleted after 14 days if the parent does not respond.
The updated policy clarifies technical and organizational safeguards for children's persistent identifiers while removing an explicit retention commitment for parent contact information. Under youth privacy frameworks like COPPA, clarity on how long parent data is retained and under what conditions it is deleted is operationally significant for compliance. The removal of the 14-day deletion promise may require Epic Games to document and disclose its actual retention practice.
→ Parent email addresses collected during the account creation process will be retained according to Epic's practices, which are no longer explicitly stated to include a 14-day deletion period.
→ Children's persistent identifiers (IP addresses, device IDs) will continue to be collected for authentication, security, and analytics as described in the updated policy.
Updated language specifies that persistent identifiers (IP address, device IDs, account IDs) are used for authentication, security, analytics, and personalization; adds explicit statement that technical and organizational means ensure these identifiers are not repurposed.
Removed previous commitment that parent email would be deleted after 14 days of non-response; updated language no longer specifies retention or deletion timeline.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
The policy no longer explicitly commits to deleting parent contact information after a set non-response period; the new language does not specify what happens to parent email addresses if they do not respond to the initial notice.
Epic Games revised language governing data collection and use for children's accounts (Cabined Accounts) under applicable youth privacy laws. The changes clarify the purposes for which persistent identifiers are collected and add an explicit safeguard stating these identifiers are not used for other purposes. A previous provision stating parent contact information would be deleted after 14 days of non-response was removed and replaced with clarified notice and consent language. This update may reflect compliance with youth privacy regulations (such as COPPA in the US and equivalent frameworks in other jurisdictions) and clarifies Epic's technical and organizational safeguards. No new obligations appear to have been created; rather, existing practices are clarified.
COPPA (Children's Online Privacy Protection Act, 16 CFR Part 312), GDPR (EU General Data Protection Regulation, Articles 8 and 40 regarding child data protection), UK GDPR (UK General Data Protection Regulation), equivalent youth privacy laws in other jurisdictions
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001397.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherUnreal Engine updated its privacy policy contact information on May 1, 2026, replacing old email addresses with new ones across …
Epic Games updated contact email addresses across its privacy policy, consolidating multiple department-specific addresses into centralized support emails. Previously, users …
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.