Starting April 2026, if a child's Epic account is not used for 18 months, Epic will delete the personal information associated with that account.
This analysis describes what Unreal Engine's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This new commitment directly responds to the FTC's 2024 amended COPPA rule, which introduced data retention limits for children's data, and creates a concrete operational obligation for Epic to implement automated deletion processes for inactive children's accounts.
Parents of children with inactive Epic accounts should be aware that after 18 months of inactivity, the child's personal data will be deleted under this new policy, which means account recovery may not be possible after that period.
How other platforms handle this
These Additional Terms apply only to the Mistral AI Products available on the Mistral AI Infrastructure and provided to customers located in the European Union that are subject to the EU Data Act (as defined below). These Additional Terms shall take effect on 12 September 2025 (the "Effective Date")...
Managing And Deleting Your Information. You have the right to access, correct, or delete your information in certain circumstances. We store information until it is no longer necessary to provide our Services or until your account is deleted, whichever comes first. You can delete your WhatsApp accou...
Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, or delete your personal information, the right to data portability, and the right to opt out of certain data processing activities. To exercise these rights, please co...
Monitoring
Unreal Engine has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Starting in April 2026, if a child's account remains inactive for 18 months, personal information associated with the account will be deleted (as defined by Children's Online Privacy Protection Rule, 16 CFR 312.2).— Excerpt from Unreal Engine's Epic Games Privacy Policy
REGULATORY LANDSCAPE: This provision directly references and responds to COPPA (16 CFR 312.2), specifically the FTC's 2024 amended rule that introduced data retention requirements for children's personal information. The FTC is the enforcement authority. The provision's explicit reference to COPPA's definition of personal information signals an intent to align with federal requirements, though compliance also depends on operational implementation in Epic's data systems. GOVERNANCE EXPOSURE: Medium. The commitment is clear and time-bound, which is positive from a transparency perspective. Governance exposure arises from the operational challenge of implementing automated identification and deletion of inactive children's accounts across Epic's global data infrastructure, and from the risk that 'inactivity' is not precisely defined in the policy beyond the COPPA regulatory reference. JURISDICTION FLAGS: United States (COPPA, FTC enforcement, primary jurisdiction for this provision). Equivalent children's data retention obligations may apply in the EU under GDPR data minimization principles, in the UK under the Children's Code, and under other national children's data protection frameworks, which may require shorter retention periods or different inactivity triggers. CONTRACT AND VENDOR IMPLICATIONS: Third-party processors holding Cabined Account data, including gaming console operators and cloud storage providers, must be notified of and contractually required to comply with the deletion obligation when Epic initiates account deletion. Data processing agreements should specify deletion timelines and confirmation requirements. COMPLIANCE CONSIDERATIONS: Compliance teams should (1) verify that automated systems for identifying and deleting inactive children's accounts are operationally implemented as of April 2026; (2) confirm that 'inactivity' is defined consistently with COPPA's definition and internal data systems; (3) issue deletion notifications to all sub-processors holding Cabined Account data upon triggering deletion; and (4) assess whether the 18-month period satisfies data minimization requirements under GDPR and the UK Children's Code, which may require shorter retention.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This new commitment directly responds to the FTC's 2024 amended COPPA rule, which introduced data retention limits for children's data, and creates a concrete operational obligation for Epic to implement automated deletion processes for inactive children's accounts.
Parents of children with inactive Epic accounts should be aware that after 18 months of inactivity, the child's personal data will be deleted under this new policy, which means account recovery may not be possible after that period.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unreal Engine.