Riot retains your personal data for as long as your account is active or as needed to provide services, and may keep certain data for longer periods for legal, business, or security reasons.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational framework governing how long Riot Games maintains user personal data across multiple institutional functions including legal compliance, fraud prevention, and dispute resolution, creating a retention standard tied to service provision and legitimate business purposes rather than fixed time intervals.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.
View change record →Your data may be retained well beyond your active use of Riot's services, potentially for years, unless you proactively request deletion. You can request account deletion and data erasure through the Riot privacy portal at https://www.riotgames.com/en/privacy-notice.
How other platforms handle this
We retain personal data for as long as needed to provide our services, comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will vary depending on the type of data and the purposes for which we use it.
Microsoft retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other legitimate purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for differen...
We keep information as long as we need it to provide our products and services and fulfil the purposes described in this policy. This is a case-by-case determination that depends on things like the nature of the information, why it is collected and processed, relevant legal or operational retention ...
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We generally retain the related personal info as long as your account is active or as is otherwise necessary to provide the Riot Services, operate our business (including for legitimate purposes like complying with our legal obligations, managing internal books and records, preventing fraud, resolving disputes, and enforcing our contracts and terms, such as this Notice and the Terms of Service), or to achieve the purposes set out in this Notice, unless a longer retention period is permitted or required by law.— Excerpt from Riot Games's Riot Games Privacy Notice
Vague retention periods may conflict with GDPR Article 5(1)(e)'s storage limitation principle, which requires data to be kept no longer than necessary for its stated purpose. Compliance teams should assess whether Riot's retention schedule is sufficiently specific and documented for GDPR accountability purposes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational framework governing how long Riot Games maintains user personal data across multiple institutional functions including legal compliance, fraud prevention, and dispute resolution, creating a retention standard tied to service provision and legitimate business purposes rather than fixed time intervals.
Your data may be retained well beyond your active use of Riot's services, potentially for years, unless you proactively request deletion. You can request account deletion and data erasure through the Riot privacy portal at https://www.riotgames.com/en/privacy-notice.
ConductAtlas has identified this type of provision across 65 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.