What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy expressly engages GDPR and UK GDPR (including lawful basis identification for EEA, UK, and Swiss users), COPPA (16 CFR 312) for users under 13 in the US, Brazil's LGPD, South Korea's PIPA, and CCPA/CPRA for California residents. Enforcement authorities include the FTC (COPPA and general consumer protection), state Attorneys General (CCPA/CPRA), the UK ICO, EU supervisory authorities, and equivalent national regulators. The policy's assertion that persistent ide…

How does Unreal Engine's Epic Games Privacy Policy affect users?

Epic Games collects a broad range of personal data across all its services, including gameplay telemetry, device identifiers, inferred location, voice chat snippets, facial images (for MetaHuman), and payment information, and may share this data with gaming console operators, advertising partners, analytics providers, and other third parties. For parents, children are placed in Cabined Accounts with restricted data collection, but persistent identifiers including IP address and device IDs are s…

How often is Unreal Engine's Epic Games Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Unreal Engine updates this document?

Yes. Watcher subscribers ($9.99/month) can add Unreal Engine to their watchlist and receive same-day email alerts whenever this document or any other Unreal Engine document changes.

CA-D-000086

Epic Games Privacy Policy

Unreal Engine

Last change detected May 1, 2026 Privacy policy

SHA-256: 7b6379aa109ecff327d… 4 versions captured 3 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Unreal Engine ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

9 Total

2 High severity

6 Medium severity

1 Low severity

Summary

This is Epic Games' global privacy policy covering all products including Fortnite, Unreal Engine, and the Epic Games Store, explaining what personal data Epic collects and how it is used. The most important thing for everyday users is that Epic collects a wide range of data automatically, including your IP address, device identifiers, gameplay behavior, and general location, and may share this data with third-party partners such as gaming console operators, analytics providers, and advertising companies. If you have children using Epic Services, you should review the Cabined Account and parental consent sections, and you can use the Parent Support Request Form at epicgames.com/help/contact-us-parent to review or delete your child's data.

Technical / Legal Breakdown

This is the Epic Games Privacy Policy, which governs the collection, use, retention, disclosure, and processing of personal information across all Epic Services, including Fortnite, Rocket League, Unreal Engine, the Epic Games Store, and affiliated products, with Epic Games, Inc. acting as data controller. The policy states that Epic collects information users provide directly (such as name, email, payment details, voice chat snippets, and biometric-adjacent facial images for MetaHuman), information collected automatically (IP address, device identifiers, gameplay telemetry, and location inferred from IP), and information received from third parties such as gaming consoles and linked social platforms. Notably, the policy authorizes collection of facial images for MetaHuman character generation, voice chat snippet retention and transmission to Epic upon policy violation reports, and persistent identifier collection from children in Cabined Accounts, including IP address, device IDs, and gaming platform account IDs, which engages age-gating frameworks globally; the policy asserts these identifiers are not used for other purposes via technical and organizational controls, though independent verification of that assertion is not possible from the document alone. The policy expressly engages GDPR, UK GDPR, CCPA/CPRA, COPPA, and associated frameworks, identifying lawful bases for EEA, UK, and Swiss users in each processing section, and provides region-specific rights disclosures for California residents, Brazilian users under LGPD, and Korean users under PIPA. Material compliance considerations include the adequacy of Cabined Account controls under COPPA and equivalent national laws, the scope of third-party data sharing with gaming console operators and advertising platforms, and the operational sufficiency of the 18-month inactivity deletion commitment introduced in April 2026.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

3 important changes detected

4 versions captured · Last updated: May 2026

May 1, 2026

low

What changed Unreal Engine updated its privacy policy contact information on May 1, 2026, replacing old email addresses with new ones across its contact details section. The main privacy contact email changed from privacy@support.epicgames.com to a new address, and data protection officer emails changed from dpo@support.epicgames.com to a new format. This is an administrative update that affects where users and regulators send privacy inquiries and exercise data rights.

Why this matters Unreal Engine replaced its privacy and data protection officer email addresses with new contact information across its privacy policy. This change affects how users exercise their data subject rights, including requests to access, correct, or delete personal data. You should note the new email addresses if you plan to contact Epic Games about your data or privacy concerns.

View full change record →

April 23, 2026

low

What changed Epic Games updated its privacy policy on April 23, 2026 with clarifications focused on how it collects and uses data from children's accounts (called Cabined Accounts). The policy now specifies that persistent identifiers like IP addresses and device IDs are used for authentication, security, and service improvement, and adds language stating these identifiers are not repurposed for other uses. Language also shifted from 'child user' to 'child' throughout, and removed a previous statement about deleting personal information after inquiry resolution.

Why this matters The updated policy clarifies how Epic Games collects and uses persistent identifiers (IP addresses, device IDs, account IDs) for children's accounts. The revised language specifies that these identifiers are used for authentication, security, analytics, and service personalization, and adds an explicit statement that technical and organizational means are in place to ensure these identifiers are not repurposed for other uses. Parent email addresses are collected for notice and consent but are no longer stated to be automatically deleted after 14 days if the parent does not respond.

View full change record →

April 19, 2026 low

Epic Games updated contact email addresses across its privacy policy, consolidating multiple department-specific addresses into centralized support emails. Previously, users had to email different addresses for privacy inquiries (privacy@epicgames.com), data …

View change record →

High — 2 provisions

Cabined Account Persistent Identifier Collection from Children Compare →

Even children in restricted Cabined Accounts have their IP address, device IDs, and gaming platform account IDs collected by Epic for operational and analytics purposes, though Epic states these identifiers are technically restricted from being used for other purposes.

Added May 9, 2026 Standard Seen across 262 platforms
Facial Image Collection for MetaHuman

If you use the MetaHuman feature to create a game character based on your appearance, Epic collects photos of your face, but states the images are used only to generate a 3D mesh and not to identify you.

Added May 9, 2026 Rare

Medium — 6 provisions

Voice Chat Snippet Retention and Transmission Compare →

If voice reporting is enabled, short recordings of your voice chat are saved on participants' devices, and if someone reports a violation, those recordings may be sent to Epic for review.

Added May 9, 2026 Standard Seen across 223 platforms
Automatic Collection of Device and Location Data Compare →

Every time you use any Epic Service, Epic automatically collects detailed information about your device, how you play or browse, and your approximate location, all without you needing to do anything.

Added May 9, 2026 Standard Seen across 251 platforms
Third-Party Data Sharing with Gaming Consoles and Advertising Partners Compare →

Epic shares and receives user data with gaming console operators like PlayStation and Xbox, and with advertising companies, as part of running its services and marketing campaigns.

Added May 9, 2026 Standard Seen across 246 platforms
AI-Powered Feature Input and Output Processing Compare →

When you use Epic's AI tools, the information you type in and the AI's responses back to you may both contain identifying information that Epic processes.

Added May 9, 2026 Common Seen across 104 platforms
Parental Consent and Cabined Account Unlock Process Compare →

When a child creates an Epic account, Epic emails the parent or guardian to let them review privacy practices and optionally consent to unlocking more features, but full access requires completing a verification process.

Added May 9, 2026 Standard Seen across 262 platforms
Third-Party Technologies and Data Collection by External Providers Compare →

When you use Epic products that include software from other companies, those companies may collect their own data about you using their own tracking tools, and their privacy policies govern that collection, not Epic's.

Added May 9, 2026 Standard Seen across 251 platforms

Low — 1 provision

18-Month Inactivity Deletion for Children's Accounts Compare →

Starting April 2026, if a child's Epic account is not used for 18 months, Epic will delete the personal information associated with that account.

Added May 9, 2026 Standard Seen across 223 platforms

Monitoring

Unreal Engine has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Cabined Account Child Data Collection and similar clauses.

Compare across platforms →