Every time you use any Epic Service, Epic automatically collects detailed information about your device, how you play or browse, and your approximate location, all without you needing to do anything.
This analysis describes what Unreal Engine's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This broad automatic collection covers a wide range of behavioral and technical data linked to your identity or device, and underpins Epic's ability to run analytics, personalize experiences, and serve advertising across all its services.
Your gameplay behavior, device specifications, browsing patterns within Epic services, and inferred location are collected automatically every time you use any Epic product, and this data may be used for analytics, personalization, and advertising purposes.
How other platforms handle this
We, or vendors we engage, may automatically collect information about your use of our website or services through cookies and similar technologies. This may include navigational and network-related activity such as your device's IP address, browser type and operating system; the length of time you v...
Uber collects precise or approximate location data from riders' and order recipients' mobile devices when the Uber app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their device. Uber collects this data from the time a ride or order is requested ...
Geolocation data, such as device location. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer's interaction with an internet website, application, or advertisement. Device identifiers, such as IP address, unique d...
Monitoring
Unreal Engine has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"usage information and statistics about how you interact with the Epic Services, including the application or game used, duration and timing of use, gameplay attempts, progression and results, saved preferences (e.g., language), crash reports, URLs of our websites you visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, and platform type; technical information about the computer, device, hardware, or software you use to access the Epic Services, including IP address, device ID, internet service provider, browser plugins, and other transactional or identifier information (e.g., device make and model, operating system, browser type, and other system-related specifications); and general location information about your device, typically inferred from its IP address.— Excerpt from Unreal Engine's Epic Games Privacy Policy
REGULATORY LANDSCAPE: Automatic collection of IP address, device identifiers, and behavioral telemetry implicates GDPR's definition of personal data and requires a documented lawful basis for each processing purpose. The ePrivacy Directive and national cookie laws in EU member states govern the use of cookies, log files, and web beacons for automatic collection. CCPA/CPRA classifies IP addresses, device identifiers, and browsing history as personal information subject to consumer rights and, depending on how data flows to advertising partners, may trigger sale or sharing restrictions. The FTC Act applies to the adequacy of disclosure for automatic collection practices. GOVERNANCE EXPOSURE: Medium. The scope of automatic collection is broad but consistent with common industry practice for large gaming and software platforms. The primary exposure is ensuring that each stated processing purpose (operating, monitoring, improving, personalizing, and promoting the services) has a documented and adequate lawful basis under applicable law, and that the advertising and analytics data flows to third parties are appropriately disclosed and contracted. JURISDICTION FLAGS: EU/EEA (GDPR, ePrivacy Directive, national cookie law compliance for web tracking), United Kingdom (UK GDPR, PECR), California (CCPA/CPRA, especially regarding sharing of browsing and device data with advertising partners), Brazil (LGPD), South Korea (PIPA). The collection of location data inferred from IP address, even if imprecise, may trigger specific localization or disclosure requirements in some jurisdictions. CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics and advertising technologies embedded in Epic Services collect data about users through their own cookies and tracking technologies. The policy acknowledges this and refers users to those third parties' privacy notices. Compliance teams should confirm that data processing agreements or equivalent instruments are in place with all such third parties, and that the advertising data flows do not constitute a 'sale' or 'sharing' of personal information under CCPA without required opt-out mechanisms. COMPLIANCE CONSIDERATIONS: Compliance teams should (1) maintain a current data mapping inventory of all automatic collection data flows to first-party and third-party systems; (2) verify that cookie consent mechanisms satisfy ePrivacy and GDPR requirements for EU/EEA users; (3) assess whether behavioral data shared with advertising partners constitutes 'sharing' of personal information under CCPA/CPRA requiring a Do Not Sell or Share opt-out; and (4) confirm that location data handling satisfies disclosure requirements in jurisdictions with specific geolocation regulations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This broad automatic collection covers a wide range of behavioral and technical data linked to your identity or device, and underpins Epic's ability to run analytics, personalize experiences, and serve advertising across all its services.
Your gameplay behavior, device specifications, browsing patterns within Epic services, and inferred location are collected automatically every time you use any Epic product, and this data may be used for analytics, personalization, and advertising purposes.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unreal Engine.