PlayStation Privacy Policy

This is PlayStation's US Privacy Policy, which explains what personal data Sony Interactive Entertainment collects when you use PlayStation consoles, PlayStation Network, the PlayStation Store, PlayStation games, and PlayStation websites. Most importantly, PlayStation automatically collects detailed data about everything you do — including what games you play, what levels you reach, your location, your voice communications, and your purchase history — and may share this with advertisers, analytics companies, and other Sony group companies. You can opt out of targeted advertising and certain data sales by visiting your PlayStation Account privacy settings or by submitting a request at playstation.com/en-us/legal/privacy-policy.

This Privacy Policy, issued by Sony Interactive Entertainment LLC and its Americas subsidiaries (collectively 'SIE'), governs the collection, use, sharing, and retention of personal information from users of PlayStation Services, including consoles, websites, apps, and games, relying on consent as its stated legal basis for US users. The policy creates broad obligations for SIE to collect extensive behavioral, device, location, biometric (voice data), gameplay, and financial data, while granting users rights to access, correct, delete, and opt out of certain data sales and targeted advertising under state law. Notably, the policy permits sharing personal information with a wide range of third parties including advertisers, analytics partners, joint venture partners, and law enforcement without requiring individual notice for each disclosure, and it collects granular in-game behavioral data and real-time location data that extends beyond what many consumers would anticipate from a gaming platform. The policy engages CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.), COPPA (15 U.S.C. §6501), state biometric privacy laws, and FTC Act Section 5, with enforcement by the California Attorney General, California Privacy Protection Agency, and the FTC. Material compliance considerations include the adequacy of parental consent mechanisms for child accounts, the sufficiency of opt-out mechanisms for data sales and targeted advertising, and the breadth of 'business purpose' data sharing that may constitute a sale under CPRA.