My motivation for this is that we don't want any personal information stored for our users. We are using a generated guid, that is stored in the save data, for the CustomID passed to LoginWithCustomID.
This works, but it always sets the Platform field to Custom. I would love to be able to override the Platform field.
I don't think you should worry about this. In fact, data in platform entry is not sensitive information because it is simply generated via the login related API call type.
In the normal circumstances, players will not be able to access PlayStream events directly because PlayFab doesn’t provide any Client APIs to retrieve PlayStream events data.
In terms of features in Analytics, PlayFab offers options to disable device info reporting, and you can navigate to [Game Manager] -> [Settings] -> [Data Collection] to disable it.
Did I misunderstand the call LoginWithPSN then? I thought it links the user's PSN account with their PlayFab account. If that is indeed the case, then that is storing personal information.
This seems to be conflating two separate things. I think the confusion is due to the statement that the platform field isn't sensitive information - which it isn't, as it's just "Custom", "Facebook", etc.
The Custom ID auth system is designed to let you use an arbitrary ID - often a generated GUID, but it's also used by companies that have their own auth service to create user accounts using their IDs. The platform in all cases is "custom" because that's specifically the auth system used in our service.
In terms of PII, there are certainly cases where personal information has to be stored. Login with email/password is one such example. And it's important to note that some things that aren't PII on their own are if they're stored with other things. The main question is whether the information can be used to trace to a specific real-world person's identity. Depending on the platform, more or less personal information may be stored. What's important to understand there is that we're compliant with all laws regarding collection, storage, usage, and removal or that information.
Right now I'm just concerned with Sony's rules. I also really like the simplicity of generating a Guid and using that to login. Rather than trying to get the more complex authentication route working.
My only wish is that I can easily distinguish analytic events by platform. Such that I can make sure when we are reviewing data for balancing that we only looking at a single platform's data. Is there another way to accomplish this?
4 People are following this question.
