Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Unity's data collection, use, and sharing practices for end users of applications and games that incorporate Unity's software development kit (SDK). The policy authorizes collection of device identifiers, gameplay behavior data, and advertising profile information from end users regardless of whether those users maintain a direct account relationship with Unity. The policy permits sharing of collected personal information with advertising partners and establishes opt-out mechanisms through Unity's privacy preference portal and device-level advertising identifier controls.
This document is Unity Technologies' Privacy Policy governing the collection, use, and sharing of personal data across Unity's developer tools, advertising and monetization services (including Unity Ads and ironSource), gaming SDKs, and corporate websites, with legal bases including consent, legitimate interests, and contractual necessity under GDPR and equivalent frameworks. The policy states that Unity collects a broad range of data types including device identifiers, IP addresses, gameplay and behavioral data, advertising identifiers (IDFA/GAID), purchase history, and inferred demographic data, and the terms authorize sharing this data with third-party advertising partners, analytics providers, and business customers who use Unity's SDK. A particularly notable provision is Unity's collection of data from end users of games built with Unity's SDK who may never directly interact with Unity — these individuals are characterized as 'end users' rather than direct customers, creating an indirect consent model that may engage GDPR's legitimate interests basis in ways that warrant scrutiny, particularly given the scale of Unity's SDK deployment across mobile gaming. The policy engages GDPR and UK GDPR (with Unity Technologies Finland Oy named as EEA data controller), CCPA/CPRA for California residents, COPPA with respect to children's data, and the IAB Transparency and Consent Framework for ad-tech consent; EU users may exercise rights including erasure, portability, and objection, while California residents have additional rights including opt-out of sale or sharing and correction rights. Compliance teams should note that the policy covers both business-to-business data processor contexts (where Unity acts as a processor for its developer customers) and direct business-to-consumer contexts (where Unity is controller), and these distinct roles carry different GDPR obligations that require careful mapping.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trialMonitoring
Unity has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Advertising Identifier and Behavioral Profiling and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.