Riot's Vanguard anti-cheat software installs at the deepest level of your computer's operating system and may collect data about your hardware and other software running on your PC, including when you are not playing.
This analysis describes what Riot Games's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Kernel-level software has privileged access to your entire system. The fact that it may run and collect data even when the game is not active means your device is being monitored outside of gameplay sessions, which is a meaningful expansion of the typical software data collection scope.
Interpretive note: The notice does not specify which exact data fields Vanguard transmits, the retention period for that data, or the precise conditions under which background operation occurs, leaving meaningful gaps in what users can assess about the actual scope of collection.
Riot Games has restructured how it presents information about data collection and use in its privacy notice. The company narrowed its third-party disclaimer by removing the phrase 'we don't own or co…
If you play Valorant or other Riot games using Vanguard, a kernel-level program may be running on your computer and collecting system information even when you are not gaming. Users should be aware that uninstalling the game may be required to stop this background process.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Riot Games has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"To maintain the integrity of our games, we use anti-cheat software, including software that may run at a kernel level on your device. This software collects information about your computer hardware and software, including information about other software running on your computer, and reports this information to us. This software may run in the background even when you are not actively playing our games.— Excerpt from Riot Games's Riot Games Privacy Notice
REGULATORY LANDSCAPE: Persistent kernel-level software that collects hardware and software inventory data implicates GDPR Article 5 data minimization and purpose limitation principles, as well as the requirement for a clear lawful basis under Article 6. In the US, the FTC's unfair practices authority under Section 5 of the FTC Act may apply if the scope of collection and background operation are not adequately disclosed. The Computer Fraud and Abuse Act (CFAA) may be relevant depending on the scope of system access. CCPA's definition of personal information includes device identifiers and inferences drawn from them. GOVERNANCE EXPOSURE: High. Background operation of kernel-level software that collects system information outside of active gameplay is operationally distinct from typical game telemetry. The notice discloses this practice but does not detail what specific data is collected, how long it is retained, or how users can verify the scope of collection. This creates transparency gaps that may not satisfy GDPR's transparency requirements under Articles 13 and 14. JURISDICTION FLAGS: EU/EEA users have the right under GDPR to receive specific information about automated data collection; the current disclosure may not meet the specificity required. California residents have rights to know and delete personal information collected by software, including device identifiers. Illinois BIPA may apply if biometric data were incidentally collected, though the notice does not suggest this currently. CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement or esports organization IT teams deploying Riot games on managed devices should assess whether kernel-level software installation is consistent with their endpoint security policies and corporate device management frameworks. The software's access to system information could conflict with data loss prevention or security monitoring tools. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the disclosure of Vanguard's scope and background operation is presented with sufficient specificity to satisfy GDPR transparency obligations. A data protection impact assessment (DPIA) may be warranted given the systemic and persistent nature of the data collection. Users' right to erasure under GDPR may be difficult to operationalize for hardware-level identifiers that have already been collected and transmitted.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Kernel-level software has privileged access to your entire system. The fact that it may run and collect data even when the game is not active means your device is being monitored outside of gameplay sessions, which is a meaningful expansion of the typical software data collection scope.
If you play Valorant or other Riot games using Vanguard, a kernel-level program may be running on your computer and collecting system information even when you are not gaming. Users should be aware that uninstalling the game may be required to stop this background process.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Riot Games.