The policy establishes a Cabined Account structure for users identified as children, collecting date of birth, hashed email address, parent/guardian email, and persistent identifiers including IP address, device IDs, platform account IDs, and tracking technology data. These identifiers are used for service provision, analytics, authentication, security, legal compliance, personalization, and user preference maintenance.
This analysis describes what Unreal Engine's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes collection of persistent identifiers from users identified as children for purposes including analytics and personalization, which requires evaluation against COPPA's restrictions on data use for child-directed services and equivalent national youth privacy frameworks. The policy states that technical and organizational measures are in place to prevent use of Cabined Account identifiers for other purposes, but the breadth of stated collection purposes may warrant review by compliance teams assessing COPPA and GDPR Article 8 alignment.
Under this provision, children identified through age-gating are placed in Cabined Accounts where Epic collects persistent identifiers including IP address, device IDs, and platform account IDs for analytics, personalization, and service operation. Parents and guardians can review these practices and exercise deletion or access rights via the Parent Support Request Form at https://www.epicgames.com/help/contact-us-parent.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Unreal Engine has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"When a user indicates they are a child, they are placed in a "Cabined Account" until they are no longer a child as defined above or until their parent/guardian provides additional privacy permissions and enables parental controls. Cabined Accounts can play Epic's games (e.g., Fortnite, Rocket League, or Fall Guys), but features like voice chat and real money purchases are disabled. Epic collects limited personal information from Cabined Accounts to operate them, in each case according to applicable youth privacy and protection laws: child's date of birth and country to determine age and apply appropriate settings; child's email address for sign-in (which is only stored in an unreadable hashed and salted form); parent/guardian's email address to provide notice and seek their consent for additional features; and persistent identifiers of the child like IP address, Epic account ID, gaming platform account IDs, device IDs, and similar data collected with website tracking technologies to provide and maintain the Epic Services (including analytics to improve them), authenticate users, protect the security and integrity of users and the Epic Services, comply with legal and regulatory requirements, facilitate personalization, and maintain user driven preferences.— Excerpt from Unreal Engine's Epic Games Privacy Policy
1) REGULATORY LANDSCAPE: This provision directly implicates COPPA (15 U.S.C. 6501 et seq.) and the Children's Online Privacy Protection Rule (16 CFR Part 312), enforced by the FTC, which restrict collection, use, and disclosure of personal information from children under 13 without verifiable parental consent. Equivalent frameworks apply in the EU under GDPR Article 8 and national implementing legislation. The collection of persistent identifiers for analytics and personalization from Cabined Accounts warrants evaluation against COPPA's restrictions on behavioral advertising and internal cross-contextual data use. 2) GOVERNANCE EXPOSURE: High. The policy asserts collection of persistent identifiers from children for analytics and personalization, which are purposes that COPPA enforcement guidance has scrutinized. The policy states that technical measures prevent use of these identifiers for other purposes, but this assertion alone may not satisfy regulators without documented technical controls and audit trails. 3) JURISDICTION FLAGS: Heightened exposure in the United States (COPPA, FTC enforcement), California (CCPA/CPRA and the California Age-Appropriate Design Code), and EU/EEA member states (GDPR Article 8, national youth protection laws). The UK Age Appropriate Design Code (Children's Code) also applies to UK users under 18. 4) CONTRACT AND VENDOR IMPLICATIONS: The policy discloses that Cabined Account data is shared with gaming consoles, cloud storage providers, and Kids Web Services Ltd (a subsidiary). Procurement teams at partner organizations integrating Epic's SDK or platform tools should assess whether their own COPPA compliance programs account for data flows originating from Epic's child user base. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the stated technical and organizational measures preventing secondary use of children's persistent identifiers are documented, tested, and auditable. Data mapping should reflect all recipients of Cabined Account persistent identifiers. The adequacy of the Kids Web Services parental verification mechanism under COPPA's verifiable parental consent standard should be reviewed, particularly following the FTC's 2024 COPPA rule amendments.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes collection of persistent identifiers from users identified as children for purposes including analytics and personalization, which requires evaluation against COPPA's restrictions on data use for child-directed services and equivalent national youth privacy frameworks. The policy states that technical and organizational measures are in place to prevent use of Cabined Account identifiers for other purposes, but the breadth …
Under this provision, children identified through age-gating are placed in Cabined Accounts where Epic collects persistent identifiers including IP address, device IDs, and platform account IDs for analytics, personalization, and service operation. Parents and guardians can review these practices and exercise deletion or access rights via the Parent Support Request Form at https://www.epicgames.com/help/contact-us-parent.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Unreal Engine.