Every time you use any Epic Service, Epic automatically collects detailed information about your device, how you play or browse, and your approximate location, all without you needing to do anything.
This analysis describes what Unreal Engine's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This broad automatic collection covers a wide range of behavioral and technical data linked to your identity or device, and underpins Epic's ability to run analytics, personalize experiences, and serve advertising across all its services.
Your gameplay behavior, device specifications, browsing patterns within Epic services, and inferred location are collected automatically every time you use any Epic product, and this data may be used for analytics, personalization, and advertising purposes.
How other platforms handle this
We collect information about your location, such as data from your device's GPS or IP address, when you use our products.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Unreal Engine has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"usage information and statistics about how you interact with the Epic Services, including the application or game used, duration and timing of use, gameplay attempts, progression and results, saved preferences (e.g., language), crash reports, URLs of our websites you visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, and platform type; technical information about the computer, device, hardware, or software you use to access the Epic Services, including IP address, device ID, internet service provider, browser plugins, and other transactional or identifier information (e.g., device make and model, operating system, browser type, and other system-related specifications); and general location information about your device, typically inferred from its IP address.— Excerpt from Unreal Engine's Epic Games Privacy Policy
REGULATORY LANDSCAPE: Automatic collection of IP address, device identifiers, and behavioral telemetry implicates GDPR's definition of personal data and requires a documented lawful basis for each processing purpose. The ePrivacy Directive and national cookie laws in EU member states govern the use of cookies, log files, and web beacons for automatic collection. CCPA/CPRA classifies IP addresses, device identifiers, and browsing history as personal information subject to consumer rights and, depending on how data flows to advertising partners, may trigger sale or sharing restrictions. The FTC Act applies to the adequacy of disclosure for automatic collection practices. GOVERNANCE EXPOSURE: Medium. The scope of automatic collection is broad but consistent with common industry practice for large gaming and software platforms. The primary exposure is ensuring that each stated processing purpose (operating, monitoring, improving, personalizing, and promoting the services) has a documented and adequate lawful basis under applicable law, and that the advertising and analytics data flows to third parties are appropriately disclosed and contracted. JURISDICTION FLAGS: EU/EEA (GDPR, ePrivacy Directive, national cookie law compliance for web tracking), United Kingdom (UK GDPR, PECR), California (CCPA/CPRA, especially regarding sharing of browsing and device data with advertising partners), Brazil (LGPD), South Korea (PIPA). The collection of location data inferred from IP address, even if imprecise, may trigger specific localization or disclosure requirements in some jurisdictions. CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics and advertising technologies embedded in Epic Services collect data about users through their own cookies and tracking technologies. The policy acknowledges this and refers users to those third parties' privacy notices. Compliance teams should confirm that data processing agreements or equivalent instruments are in place with all such third parties, and that the advertising data flows do not constitute a 'sale' or 'sharing' of personal information under CCPA without required opt-out mechanisms. COMPLIANCE CONSIDERATIONS: Compliance teams should (1) maintain a current data mapping inventory of all automatic collection data flows to first-party and third-party systems; (2) verify that cookie consent mechanisms satisfy ePrivacy and GDPR requirements for EU/EEA users; (3) assess whether behavioral data shared with advertising partners constitutes 'sharing' of personal information under CCPA/CPRA requiring a Do Not Sell or Share opt-out; and (4) confirm that location data handling satisfies disclosure requirements in jurisdictions with specific geolocation regulations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This broad automatic collection covers a wide range of behavioral and technical data linked to your identity or device, and underpins Epic's ability to run analytics, personalize experiences, and serve advertising across all its services.
Your gameplay behavior, device specifications, browsing patterns within Epic services, and inferred location are collected automatically every time you use any Epic product, and this data may be used for analytics, personalization, and advertising purposes.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unreal Engine.