Unity shares your data with outside advertising companies, analytics firms, game developers, and other business partners, and those companies may use it under their own separate privacy rules.
This analysis describes what Unity's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Once your data is shared with third parties who operate under their own privacy policies, your ability to control how it is used depends on each recipient's practices, and Unity's policy does not fully enumerate these recipients or their data use.
Your device identifier, behavioral data, and advertising profile may be shared with a range of third-party advertising partners and business customers, each of whom may use it independently under their own terms, reducing your practical ability to limit downstream data use.
How other platforms handle this
We may share your personal information with third party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service and marketing assistance. We may also share information with advertising and analyt...
We receive some of the data mentioned above from third parties. The below table describes the categories of those third parties. If you connect your Spotify account to a third party application, service or device, we may collect and use information from them. This collection is to make the integrati...
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
Monitoring
Unity has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your personal data with third-party advertising partners, analytics providers, and other service providers who assist us in providing our services, including delivering targeted advertisements. We may also share data with our business customers (game developers and publishers) who use our services. These third parties may use your data in accordance with their own privacy policies.— Excerpt from Unity's Unity Privacy Policy
REGULATORY LANDSCAPE: GDPR Article 13 requires disclosure of the recipients or categories of recipients of personal data, and GDPR's accountability principle requires controllers to ensure third-party recipients provide sufficient guarantees about data protection. CCPA and CPRA require disclosure of categories of third parties with whom personal information is shared, and sharing for advertising purposes triggers opt-out rights. The FTC Act prohibits unfair or deceptive practices, including sharing data with third parties in ways that exceed the disclosed purposes. GOVERNANCE EXPOSURE: High. The scope of third-party data sharing described in this provision is broad, encompassing advertising partners, analytics providers, and business customers (developers and publishers). The statement that third parties may use data under their own privacy policies creates a potential gap in data governance where Unity's obligations end and the third party's separate regime begins, making it difficult for users to trace their data or exercise rights against downstream recipients. JURISDICTION FLAGS: EU and EEA users have the strongest rights, including the right to obtain information about recipients. California residents have CPRA rights to know about third-party disclosures and to opt out of sharing. The breadth of the business customer sharing (developers and publishers receiving user data) may create additional disclosure obligations in jurisdictions with comprehensive privacy laws. CONTRACT AND VENDOR IMPLICATIONS: Game developers and publishers who receive user data from Unity as part of their SDK or analytics relationship should assess whether this data sharing creates controller-to-controller obligations and whether their own privacy notices adequately disclose receipt of Unity-sourced data. Vendor contracts should specify permitted uses of shared data and impose downstream restriction obligations. COMPLIANCE CONSIDERATIONS: Compliance teams should map all third-party recipients of Unity-sourced data, obtain copies of data processing agreements or data sharing agreements with material advertising partners, and assess whether Unity's list of categories of recipients satisfies GDPR Article 13 specificity requirements. CPRA compliance requires that the categories of third parties receiving shared data be disclosed to California users in the privacy notice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Once your data is shared with third parties who operate under their own privacy policies, your ability to control how it is used depends on each recipient's practices, and Unity's policy does not fully enumerate these recipients or their data use.
Your device identifier, behavioral data, and advertising profile may be shared with a range of third-party advertising partners and business customers, each of whom may use it independently under their own terms, reducing your practical ability to limit downstream data use.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unity.