Riot's Vanguard anti-cheat software installs at the deepest level of your computer's operating system and may collect data about your hardware and other software running on your PC, including when you are not playing.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Kernel-level software has privileged access to your entire system. The fact that it may run and collect data even when the game is not active means your device is being monitored outside of gameplay sessions, which is a meaningful expansion of the typical software data collection scope.
Interpretive note: The notice does not specify which exact data fields Vanguard transmits, the retention period for that data, or the precise conditions under which background operation occurs, leaving meaningful gaps in what users can assess about the actual scope of collection.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or control,' replacing it with 'we don't control'—a distinction that may affect which entities the company is claiming it has no privacy responsibility for. For California residents, the notice now consolidates information about categories of personal information and their purposes into a single section rather than splitting them across the document. The practical implication depends on how Riot Games operationally interprets 'control' in relation to its business relationships and how California regulators view this language under CCPA notice requirements.
View change record →If you play Valorant or other Riot games using Vanguard, a kernel-level program may be running on your computer and collecting system information even when you are not gaming. Users should be aware that uninstalling the game may be required to stop this background process.
How other platforms handle this
We collect information about you when you shop in our stores, including through store cameras, loyalty programs, payment processing systems, and other in-store technologies. This information is used to improve store operations, loss prevention, and marketing.
We target (and measure the performance of) ads to Members, Visitors and others both on and off our Services directly or through a variety of partners, using the following data, whether separately or combined: Data from advertising technologies on and off our Services, like web beacons, pixels, ad ta...
We may de-identify or aggregate your personal information so that it can no longer reasonably identify you, and use such de-identified or aggregated data for any purpose, including sharing with third parties for research, analytics, and marketing purposes, without restriction.
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"To maintain the integrity of our games, we use anti-cheat software, including software that may run at a kernel level on your device. This software collects information about your computer hardware and software, including information about other software running on your computer, and reports this information to us. This software may run in the background even when you are not actively playing our games.— Excerpt from Riot Games's Riot Games Privacy Notice
REGULATORY LANDSCAPE: Persistent kernel-level software that collects hardware and software inventory data implicates GDPR Article 5 data minimization and purpose limitation principles, as well as the requirement for a clear lawful basis under Article 6. In the US, the FTC's unfair practices authority under Section 5 of the FTC Act may apply if the scope of collection and background operation are not adequately disclosed. The Computer Fraud and Abuse Act (CFAA) may be relevant depending on the scope of system access. CCPA's definition of personal information includes device identifiers and inferences drawn from them. GOVERNANCE EXPOSURE: High. Background operation of kernel-level software that collects system information outside of active gameplay is operationally distinct from typical game telemetry. The notice discloses this practice but does not detail what specific data is collected, how long it is retained, or how users can verify the scope of collection. This creates transparency gaps that may not satisfy GDPR's transparency requirements under Articles 13 and 14. JURISDICTION FLAGS: EU/EEA users have the right under GDPR to receive specific information about automated data collection; the current disclosure may not meet the specificity required. California residents have rights to know and delete personal information collected by software, including device identifiers. Illinois BIPA may apply if biometric data were incidentally collected, though the notice does not suggest this currently. CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement or esports organization IT teams deploying Riot games on managed devices should assess whether kernel-level software installation is consistent with their endpoint security policies and corporate device management frameworks. The software's access to system information could conflict with data loss prevention or security monitoring tools. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the disclosure of Vanguard's scope and background operation is presented with sufficient specificity to satisfy GDPR transparency obligations. A data protection impact assessment (DPIA) may be warranted given the systemic and persistent nature of the data collection. Users' right to erasure under GDPR may be difficult to operationalize for hardware-level identifiers that have already been collected and transmitted.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Kernel-level software has privileged access to your entire system. The fact that it may run and collect data even when the game is not active means your device is being monitored outside of gameplay sessions, which is a meaningful expansion of the typical software data collection scope.
If you play Valorant or other Riot games using Vanguard, a kernel-level program may be running on your computer and collecting system information even when you are not gaming. Users should be aware that uninstalling the game may be required to stop this background process.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.