Starting April 2026, if a child's Epic account is not used for 18 months, Epic will delete the personal information associated with that account.
This analysis describes what Unreal Engine's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This new commitment directly responds to the FTC's 2024 amended COPPA rule, which introduced data retention limits for children's data, and creates a concrete operational obligation for Epic to implement automated deletion processes for inactive children's accounts.
Parents of children with inactive Epic accounts should be aware that after 18 months of inactivity, the child's personal data will be deleted under this new policy, which means account recovery may not be possible after that period.
How other platforms handle this
We keep information for as long as we need it to provide our products, comply with legal obligations, or for other legitimate purposes, such as to maintain safety, security, and integrity.
The Service is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your cons...
After your account is deleted, we keep data about interactions you've had on our service to prevent abuse, ban evaders and others in an effort to protect and ensure the safety and security of our service and our members.
Monitoring
Unreal Engine has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Starting in April 2026, if a child's account remains inactive for 18 months, personal information associated with the account will be deleted (as defined by Children's Online Privacy Protection Rule, 16 CFR 312.2).— Excerpt from Unreal Engine's Epic Games Privacy Policy
REGULATORY LANDSCAPE: This provision directly references and responds to COPPA (16 CFR 312.2), specifically the FTC's 2024 amended rule that introduced data retention requirements for children's personal information. The FTC is the enforcement authority. The provision's explicit reference to COPPA's definition of personal information signals an intent to align with federal requirements, though compliance also depends on operational implementation in Epic's data systems. GOVERNANCE EXPOSURE: Medium. The commitment is clear and time-bound, which is positive from a transparency perspective. Governance exposure arises from the operational challenge of implementing automated identification and deletion of inactive children's accounts across Epic's global data infrastructure, and from the risk that 'inactivity' is not precisely defined in the policy beyond the COPPA regulatory reference. JURISDICTION FLAGS: United States (COPPA, FTC enforcement, primary jurisdiction for this provision). Equivalent children's data retention obligations may apply in the EU under GDPR data minimization principles, in the UK under the Children's Code, and under other national children's data protection frameworks, which may require shorter retention periods or different inactivity triggers. CONTRACT AND VENDOR IMPLICATIONS: Third-party processors holding Cabined Account data, including gaming console operators and cloud storage providers, must be notified of and contractually required to comply with the deletion obligation when Epic initiates account deletion. Data processing agreements should specify deletion timelines and confirmation requirements. COMPLIANCE CONSIDERATIONS: Compliance teams should (1) verify that automated systems for identifying and deleting inactive children's accounts are operationally implemented as of April 2026; (2) confirm that 'inactivity' is defined consistently with COPPA's definition and internal data systems; (3) issue deletion notifications to all sub-processors holding Cabined Account data upon triggering deletion; and (4) assess whether the 18-month period satisfies data minimization requirements under GDPR and the UK Children's Code, which may require shorter retention.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This new commitment directly responds to the FTC's 2024 amended COPPA rule, which introduced data retention limits for children's data, and creates a concrete operational obligation for Epic to implement automated deletion processes for inactive children's accounts.
Parents of children with inactive Epic accounts should be aware that after 18 months of inactivity, the child's personal data will be deleted under this new policy, which means account recovery may not be possible after that period.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unreal Engine.