Unity says its services are not meant for children under 13, and it claims it will delete any data it accidentally collects from young children, but the practical challenge is that Unity's SDK is widely embedded in games children do play.
This analysis describes what Unity's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Because Unity's SDK is embedded in many mobile games that children frequently play, the operational gap between this policy statement and actual data collection practices is a significant compliance risk that regulators and parents should evaluate critically.
Interpretive note: The practical enforceability of the 'not directed to children' disclaimer is uncertain where Unity's SDK is embedded in games that have a substantial child audience; regulatory determination of knowledge and mixed-audience app standards varies by jurisdiction and context.
Parents of children who play Unity-powered mobile games should be aware that while Unity asserts it does not knowingly collect children's data, the indirect SDK collection model makes it difficult to guarantee children's data is not being collected in practice; parents can contact privacy@unity3d.com to request deletion of a child's data.
How other platforms handle this
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13 without parental consent. If we become aware that we have collected personal information from a child under the age of 13 without parental consent, we wil...
Our online services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible.
Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information.
Monitoring
Unity has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Our services are not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13. If we learn that we have inadvertently collected personal data from a child under 13, we will take steps to delete such data as soon as possible. If you believe we may have any data from or about a child under 13, please contact us at privacy@unity3d.com.— Excerpt from Unity's Unity Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages COPPA, enforced by the FTC in the United States, which requires verifiable parental consent before collecting personal information from children under 13. The policy's reliance on a 'not directed to children' disclaimer does not by itself satisfy COPPA obligations where the operator has actual knowledge that children are users. The UK Age Appropriate Design Code (Children's Code) and GDPR Article 8 establish similar heightened protections in EU and UK contexts. The FTC has brought enforcement actions against companies whose SDKs collected children's data through third-party apps, establishing that SDK operators can bear direct COPPA liability. GOVERNANCE EXPOSURE: High. The structural tension between Unity's widespread SDK deployment in mobile games (many of which are played by children) and this blanket age disclaimer creates material COPPA exposure. FTC precedent in SDK-specific enforcement makes this a priority review area for organizations embedding Unity's SDK in child-directed or mixed-audience applications. JURISDICTION FLAGS: US federal COPPA exposure is primary. California's CCPA and CPRA provide additional protections for consumers under 16, including opt-in requirements for the sale of personal information of users aged 13-16. The UK Children's Code imposes age-appropriate design requirements for services likely to be accessed by children. EU GDPR Article 8 sets the age of digital consent at 16 (with member state flexibility down to 13), requiring parental consent for younger users. CONTRACT AND VENDOR IMPLICATIONS: Game developers and publishers using Unity's SDK in child-directed or mixed-audience apps bear primary COPPA compliance responsibility for their end users, but Unity's SDK-operator status may expose Unity to co-liability in FTC enforcement. Developer agreements with Unity should clearly allocate COPPA responsibilities and require Unity to honor child-directed app flags through Unity's SDK configuration options. COMPLIANCE CONSIDERATIONS: Organizations using Unity's SDK in any application that may be accessed by children should review Unity's child-directed app configuration settings and verify that these settings suppress behavioral advertising data collection as represented. Legal teams should assess whether the 'not directed to children' disclaimer is operationally credible given the app's actual audience and content.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Because Unity's SDK is embedded in many mobile games that children frequently play, the operational gap between this policy statement and actual data collection practices is a significant compliance risk that regulators and parents should evaluate critically.
Parents of children who play Unity-powered mobile games should be aware that while Unity asserts it does not knowingly collect children's data, the indirect SDK collection model makes it difficult to guarantee children's data is not being collected in practice; parents can contact privacy@unity3d.com to request deletion of a child's data.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unity.