Question from a developer:
I am currently in the process of developing a game and considering COPPA compliance. What Personally Identifiable Information and behavioral data does your service collect from the users of my game without telling me and how is it used?
We have a number of COPPA-compliant games running in the service, so you can rest assured that it is certainly possible. The key is to make sure to review everything about your title with your own legal counsel, to confirm your compliance. From our side, there's nothing we collect that we don't tell you about. It's all in the PlayStream events, so you can see all the details here: https://api.playfab.com/playstream/events. For example, one thing to be cautious of in your usage is the player location, which is derived from the device IP Address. Depending on what other information is with it, that can be considered PII.
As to our usage, you can find that in our Terms of Service (https://playfab.com/terms/). While we reserve the right to use data to improve the service and in aggregated form for reporting and potentiall publication, nothing that identifies any particular game and certainly nothing that would be considered PII for a user is ever exposed. Also, when a player account is deleted, all their PII is scrubbed to ensure that events are anonymized.
First of all, sorry about the improper method of contact. Also, thanks for the quick response.
I guess this shows how little I know about and understand your service so far. Do "Customers" and "Visitors" refer to me, the developer? Or do they refer to the people playing my game? The only way the people playing my game should be interacting with your service is within the context of my game. The API I use is the client API which logs in via the device id.
Unfortunately, I need to talk to a lawyer before I even know what else to ask you, but I have a strong feeling that this is not over. I never thought making such a simple game was going to be this legally complicated.
Can you tell us where you're seeing those terms used, specifically? We tend to use "Players", meaning end-users playing your games, and "Developers", meaning anyone making a game using PlayFab. But yes, the only interactions your players have with our service is via the API calls you make.
it was in the privacy policy page linked in the page at the terms link you provided.
"Also, when a player account is deleted" does this apply to "Title Player Account" via server.DeletePlayer API or "Master Player Account" via server.DeleteMasterPlayerAccount API ? (assuming I don't add any additional data at both level of the accounts)
4 People are following this question.
