Nintendo collects a wide range of your personal information including contact details, payment card data, date of birth, and detailed records of your gameplay activity, purchases, and how you interact with Nintendo products and services.
This analysis describes what Nintendo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of data collected across multiple touchpoints (console, mobile, web, retail) means Nintendo builds a detailed profile of each user's gaming behavior, spending patterns, and device usage, which informs advertising targeting and product decisions.
Nintendo now explicitly discloses that it collects persistent identifiers (IP addresses, device IDs) from child users for operational, security, fraud prevention, and service improvement purposes, and states that contractual restrictions limit how service providers can use this data. Parents gain enhanced transparency by being able to view a named list of third-party games and applications authorized to access their child's account, rather than just managing access through settings. The policy also clarifies that location information may be used for check-ins at Nintendo locations and events in addition to location-based games. You can review and manage which third-party apps have access to your child's account through your Nintendo Account profile settings.
View change record →Nintendo now discloses that it uses location data not only for location-based games and friend connections, but also to enable check-ins at specific events and Nintendo locations, which is a new explicit use case. The policy now details how child user data including persistent identifiers like IP addresses and device IDs are collected and retained, with commitments to delete or de-identify data based on sensitivity and account activity. Parents can now see which third-party apps have been authorized to access their child's account before deciding whether to allow continued access, giving more visibility into connected applications.
View change record →The revised policy simplifies how Nintendo describes data retention, now stating information is retained only as long as reasonably necessary in accordance with applicable law, without prior detail about sensitivity-based retention practices. For child users, the policy no longer explicitly lists persistent identifiers (IP addresses, device identifiers) that Nintendo and service providers collect, removing specific disclosure language that previously detailed collection purposes for child accounts. The policy now indicates it collects error information from both users and devices, broadening the prior language focused on device errors only. The privacy certification body changed from CARU to ESRB, meaning independent audits and enforcement are now administered by the Entertainment Software Rating Board rather than the Children's Advertising Review Unit.
View change record →Every interaction with Nintendo products and services, including what games you play, how long you play, what you buy, and what devices you use, may be collected and stored as part of your personal profile, which Nintendo uses for its own purposes and shares with partners.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Nintendo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information you provide to us, such as your name, address, email address, phone number, payment card information, date of birth, and Nintendo Account information. We also collect information about your use of our products and services, including gameplay information, purchase history, device identifiers, IP address, and information about how you interact with our services.— Excerpt from Nintendo's Nintendo Privacy Policy
REGULATORY LANDSCAPE: The collection of payment card information engages PCI DSS (Payment Card Industry Data Security Standard), a contractual security framework whose applicability and enforcement are managed by card networks and acquiring banks rather than a government agency. Collection of date of birth and device identifiers, combined with gameplay and purchase history, may constitute collection of sensitive personal information under CPRA (California) and analogous state privacy laws, triggering additional obligations including the right to limit use. FTC Act Section 5 applies to the accuracy of disclosures about data collection scope. GOVERNANCE EXPOSURE: Medium. The breadth of data collection across multiple platforms is standard for major gaming companies, but the combination of behavioral telemetry, purchase history, device identifiers, and payment data creates a detailed user profile. The policy does not enumerate specific retention periods for each data category, which may limit compliance with data minimization principles under GDPR and CPRA. JURISDICTION FLAGS: GDPR requires data minimization and purpose limitation for each data category collected, and the broad collection scope described may require a detailed legitimate interests assessment for categories not based on contract or consent. California CPRA defines 'sensitive personal information' to include precise geolocation and financial account information, triggering additional rights for California residents. Illinois users should note that device biometric identifiers, if collected, could implicate the Illinois Biometric Information Privacy Act (BIPA). CONTRACT AND VENDOR IMPLICATIONS: Service providers receiving any of these data categories must be covered by CCPA-compliant data processing agreements and GDPR-compliant data processing agreements as applicable. Payment card data handling must comply with PCI DSS, and the policy's assertion that payment data is protected should be verified against actual technical and organizational security measures. COMPLIANCE CONSIDERATIONS: A comprehensive data inventory mapping each data category to its collection source, stated purpose, retention period, and sharing recipient is essential for compliance with GDPR, CCPA, and emerging state privacy laws. Retention schedules should be documented and enforced for all data categories. The policy's omission of specific retention periods is a gap that legal teams should flag for remediation.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of data collected across multiple touchpoints (console, mobile, web, retail) means Nintendo builds a detailed profile of each user's gaming behavior, spending patterns, and device usage, which informs advertising targeting and product decisions.
Every interaction with Nintendo products and services, including what games you play, how long you play, what you buy, and what devices you use, may be collected and stored as part of your personal profile, which Nintendo uses for its own purposes and shares with partners.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Nintendo.