Nintendo collects a wide range of your personal information including contact details, payment card data, date of birth, and detailed records of your gameplay activity, purchases, and how you interact with Nintendo products and services.
This analysis describes what Nintendo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of data collected across multiple touchpoints (console, mobile, web, retail) means Nintendo builds a detailed profile of each user's gaming behavior, spending patterns, and device usage, which informs advertising targeting and product decisions.
Nintendo now explicitly discloses that it collects persistent identifiers (IP addresses, device IDs) from child users for operational, security, fraud prevention, and service improvement purposes, an…
Nintendo now discloses that it uses location data not only for location-based games and friend connections, but also to enable check-ins at specific events and Nintendo locations, which is a new expl…
Every interaction with Nintendo products and services, including what games you play, how long you play, what you buy, and what devices you use, may be collected and stored as part of your personal profile, which Nintendo uses for its own purposes and shares with partners.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We collect the following information when you register for and use our services: Account information. You can create a Discord account by providing an email address and creating a username and password. When you create an account, we will assign you a unique identifier. If you choose to, you may pro...
We collect information you provide directly to us, such as when you create an account, contact us for support, sign up for marketing emails, or otherwise communicate with us. The types of information we may collect include your name, email address, postal address, phone number, company name, job tit...
Monitoring
Nintendo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information you provide to us, such as your name, address, email address, phone number, payment card information, date of birth, and Nintendo Account information. We also collect information about your use of our products and services, including gameplay information, purchase history, device identifiers, IP address, and information about how you interact with our services.— Excerpt from Nintendo's Nintendo Privacy Policy
REGULATORY LANDSCAPE: The collection of payment card information engages PCI DSS (Payment Card Industry Data Security Standard), a contractual security framework whose applicability and enforcement are managed by card networks and acquiring banks rather than a government agency. Collection of date of birth and device identifiers, combined with gameplay and purchase history, may constitute collection of sensitive personal information under CPRA (California) and analogous state privacy laws, triggering additional obligations including the right to limit use. FTC Act Section 5 applies to the accuracy of disclosures about data collection scope. GOVERNANCE EXPOSURE: Medium. The breadth of data collection across multiple platforms is standard for major gaming companies, but the combination of behavioral telemetry, purchase history, device identifiers, and payment data creates a detailed user profile. The policy does not enumerate specific retention periods for each data category, which may limit compliance with data minimization principles under GDPR and CPRA. JURISDICTION FLAGS: GDPR requires data minimization and purpose limitation for each data category collected, and the broad collection scope described may require a detailed legitimate interests assessment for categories not based on contract or consent. California CPRA defines 'sensitive personal information' to include precise geolocation and financial account information, triggering additional rights for California residents. Illinois users should note that device biometric identifiers, if collected, could implicate the Illinois Biometric Information Privacy Act (BIPA). CONTRACT AND VENDOR IMPLICATIONS: Service providers receiving any of these data categories must be covered by CCPA-compliant data processing agreements and GDPR-compliant data processing agreements as applicable. Payment card data handling must comply with PCI DSS, and the policy's assertion that payment data is protected should be verified against actual technical and organizational security measures. COMPLIANCE CONSIDERATIONS: A comprehensive data inventory mapping each data category to its collection source, stated purpose, retention period, and sharing recipient is essential for compliance with GDPR, CCPA, and emerging state privacy laws. Retention schedules should be documented and enforced for all data categories. The policy's omission of specific retention periods is a gap that legal teams should flag for remediation.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of data collected across multiple touchpoints (console, mobile, web, retail) means Nintendo builds a detailed profile of each user's gaming behavior, spending patterns, and device usage, which informs advertising targeting and product decisions.
Every interaction with Nintendo products and services, including what games you play, how long you play, what you buy, and what devices you use, may be collected and stored as part of your personal profile, which Nintendo uses for its own purposes and shares with partners.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Nintendo.