Unreal Engine · Epic Games Privacy Policy · View original document ↗

Automatic Collection of Device and Location Data

Medium severity High confidence Explicitdocumentlanguage Rare · 1 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Unreal Engine Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Every time you use any Epic Service, Epic automatically collects detailed information about your device, how you play or browse, and your approximate location, all without you needing to do anything.

This analysis describes what Unreal Engine's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This broad automatic collection covers a wide range of behavioral and technical data linked to your identity or device, and underpins Epic's ability to run analytics, personalize experiences, and serve advertising across all its services.

Clause Stability Stable

0
Changes
3
Months Monitored
May 9, 2026
First Seen
May 20, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

Your gameplay behavior, device specifications, browsing patterns within Epic services, and inferred location are collected automatically every time you use any Epic product, and this data may be used for analytics, personalization, and advertising purposes.

How other platforms handle this

Threads Medium

We collect information about your location, such as data from your device's GPS or IP address, when you use our products.

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Strava Medium

If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.

See all platforms with this clause type →

Monitoring

Unreal Engine has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
usage information and statistics about how you interact with the Epic Services, including the application or game used, duration and timing of use, gameplay attempts, progression and results, saved preferences (e.g., language), crash reports, URLs of our websites you visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, and platform type; technical information about the computer, device, hardware, or software you use to access the Epic Services, including IP address, device ID, internet service provider, browser plugins, and other transactional or identifier information (e.g., device make and model, operating system, browser type, and other system-related specifications); and general location information about your device, typically inferred from its IP address.

— Excerpt from Unreal Engine's Epic Games Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Automatic collection of IP address, device identifiers, and behavioral telemetry implicates GDPR's definition of personal data and requires a documented lawful basis for each processing purpose. The ePrivacy Directive and national cookie laws in EU member states govern the use of cookies, log files, and web beacons for automatic collection. CCPA/CPRA classifies IP addresses, device identifiers, and browsing history as personal information subject to consumer rights and, depending on how data flows to advertising partners, may trigger sale or sharing restrictions. The FTC Act applies to the adequacy of disclosure for automatic collection practices. GOVERNANCE EXPOSURE: Medium. The scope of automatic collection is broad but consistent with common industry practice for large gaming and software platforms. The primary exposure is ensuring that each stated processing purpose (operating, monitoring, improving, personalizing, and promoting the services) has a documented and adequate lawful basis under applicable law, and that the advertising and analytics data flows to third parties are appropriately disclosed and contracted. JURISDICTION FLAGS: EU/EEA (GDPR, ePrivacy Directive, national cookie law compliance for web tracking), United Kingdom (UK GDPR, PECR), California (CCPA/CPRA, especially regarding sharing of browsing and device data with advertising partners), Brazil (LGPD), South Korea (PIPA). The collection of location data inferred from IP address, even if imprecise, may trigger specific localization or disclosure requirements in some jurisdictions. CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics and advertising technologies embedded in Epic Services collect data about users through their own cookies and tracking technologies. The policy acknowledges this and refers users to those third parties' privacy notices. Compliance teams should confirm that data processing agreements or equivalent instruments are in place with all such third parties, and that the advertising data flows do not constitute a 'sale' or 'sharing' of personal information under CCPA without required opt-out mechanisms. COMPLIANCE CONSIDERATIONS: Compliance teams should (1) maintain a current data mapping inventory of all automatic collection data flows to first-party and third-party systems; (2) verify that cookie consent mechanisms satisfy ePrivacy and GDPR requirements for EU/EEA users; (3) assess whether behavioral data shared with advertising partners constitutes 'sharing' of personal information under CCPA/CPRA requiring a Do Not Sell or Share opt-out; and (4) confirm that location data handling satisfies disclosure requirements in jurisdictions with specific geolocation regulations.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over consumer data collection and disclosure practices, including the use of tracking technologies for analytics and advertising in consumer-facing digital services.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
COPPA
United States Federal
Connecticut Data Privacy Act Amendments
US-CT
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US
VPPA
United States Federal

Provision details

Document information
Document
Epic Games Privacy Policy
Entity
Unreal Engine
Document last updated
May 5, 2026
Tracking information
First tracked
May 9, 2026
Last verified
May 9, 2026
Record ID
CA-P-007190
Document ID
CA-D-00086
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
6c9a1562e0e89a4ac5fd75fde762ccb9cff446945926d63aea566c2fd9cfb2e1
Analysis generated
May 9, 2026 15:56 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Unreal Engine
Document: Epic Games Privacy Policy
Record ID: CA-P-007190
Captured: 2026-05-09 15:56:42 UTC
SHA-256: 6c9a1562e0e89a4a…
URL: https://conductatlas.com/platform/unreal-engine/epic-games-privacy-policy/automatic-collection-of-device-and-location-data/
Accessed: June 30, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Unreal Engine's Automatic Collection of Device and Location Data clause do?

This broad automatic collection covers a wide range of behavioral and technical data linked to your identity or device, and underpins Epic's ability to run analytics, personalize experiences, and serve advertising across all its services.

How does this clause affect you?

Your gameplay behavior, device specifications, browsing patterns within Epic services, and inferred location are collected automatically every time you use any Epic product, and this data may be used for analytics, personalization, and advertising purposes.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.

Is ConductAtlas affiliated with Unreal Engine?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unreal Engine.