Unity keeps your personal data for as long as it says it needs it, based on its own assessment of the purposes, legal requirements, and risk factors, without specifying fixed retention periods for most data types.
This analysis describes what Unity's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The absence of specific, published retention periods for key data types such as advertising identifiers and behavioral data makes it difficult for users to know when their information will be deleted, and regulators in some jurisdictions require more granular retention schedules.
Interpretive note: The criteria-based retention approach creates ambiguity about actual retention durations for specific data types including advertising identifiers and behavioral data; practical retention periods are not disclosed in the consumer-facing policy.
Because the policy does not specify fixed retention periods for advertising identifiers or gameplay data, your behavioral profile may be retained for extended periods determined by Unity's internal criteria, reducing your ability to predict when your data will be deleted without submitting a deletion request.
How other platforms handle this
We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of information and the purposes for which it is processed.
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
Monitoring
Unity has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, or to resolve disputes. The criteria used to determine our retention periods include the nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your data, whether we can achieve those purposes through other means, and applicable legal requirements.— Excerpt from Unity's Unity Privacy Policy
REGULATORY LANDSCAPE: GDPR's storage limitation principle (Article 5(1)(e)) requires that personal data be kept for no longer than necessary for specified purposes, and GDPR recital 39 indicates that specific retention periods or criteria should be documented. The policy's criteria-based approach rather than fixed-period approach is technically permissible but may require fuller documentation in privacy records of processing activities (Article 30) to satisfy supervisory authority scrutiny. CCPA and CPRA do not impose specific retention limits but require disclosure of retention practices. GOVERNANCE EXPOSURE: Medium. Criteria-based retention without published periods is a common industry practice but creates audit risk if internal retention schedules do not exist or are not consistently applied. Supervisory authorities in the EU have issued guidance expecting controllers to document specific retention periods in their Article 30 records even if these are not published in consumer-facing policies. JURISDICTION FLAGS: EU and EEA users have the strongest protection under GDPR's storage limitation principle. California users may request disclosure of retention practices under CPRA. UK ICO guidance similarly expects documented retention periods. CONTRACT AND VENDOR IMPLICATIONS: Organizations with data processing agreements with Unity should consider contractually requiring disclosure of Unity's internal retention schedules for data types relevant to their products. This is particularly important for organizations subject to sector-specific retention limits. COMPLIANCE CONSIDERATIONS: Compliance teams should request Unity's internal data retention schedule as part of vendor due diligence and verify that it is consistent with the company's GDPR Article 30 records. The absence of published retention periods for advertising identifiers should be flagged for review in the context of the storage limitation principle.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The absence of specific, published retention periods for key data types such as advertising identifiers and behavioral data makes it difficult for users to know when their information will be deleted, and regulators in some jurisdictions require more granular retention schedules.
Because the policy does not specify fixed retention periods for advertising identifiers or gameplay data, your behavioral profile may be retained for extended periods determined by Unity's internal criteria, reducing your ability to predict when your data will be deleted without submitting a deletion request.
ConductAtlas has identified this type of provision across 66 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unity.