Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Unity's Privacy Policy, covering how Unity collects and uses data from developers who build with Unity's tools and from the millions of players who encounter Unity's advertising and analytics SDKs inside mobile games. The most important thing for the average person is that if you play any mobile game built on Unity, Unity may be collecting your device identifier, gameplay behavior, and advertising profile even if you never signed up for a Unity account. You can opt out of Unity's personalized advertising by visiting Unity's privacy preference portal at privacy.unity.com or by resetting your device's advertising identifier in your phone's settings.
This document is Unity Technologies' Privacy Policy governing the collection, use, and sharing of personal data across Unity's developer tools, advertising and monetization services (including Unity Ads and ironSource), gaming SDKs, and corporate websites, with legal bases including consent, legitimate interests, and contractual necessity under GDPR and equivalent frameworks. The policy states that Unity collects a broad range of data types including device identifiers, IP addresses, gameplay and behavioral data, advertising identifiers (IDFA/GAID), purchase history, and inferred demographic data, and the terms authorize sharing this data with third-party advertising partners, analytics providers, and business customers who use Unity's SDK. A particularly notable provision is Unity's collection of data from end users of games built with Unity's SDK who may never directly interact with Unity — these individuals are characterized as 'end users' rather than direct customers, creating an indirect consent model that may engage GDPR's legitimate interests basis in ways that warrant scrutiny, particularly given the scale of Unity's SDK deployment across mobile gaming. The policy engages GDPR and UK GDPR (with Unity Technologies Finland Oy named as EEA data controller), CCPA/CPRA for California residents, COPPA with respect to children's data, and the IAB Transparency and Consent Framework for ad-tech consent; EU users may exercise rights including erasure, portability, and objection, while California residents have additional rights including opt-out of sale or sharing and correction rights. Compliance teams should note that the policy covers both business-to-business data processor contexts (where Unity acts as a processor for its developer customers) and direct business-to-consumer contexts (where Unity is controller), and these distinct roles carry different GDPR obligations that require careful mapping.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Unity has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Advertising Identifier and Behavioral Profiling and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.