question

Francois Boucher-Genesse avatar image
Francois Boucher-Genesse asked

Storing information before creating a playfab account

Hello,

We're trying to centralize all information about our customer funnel in Playfab, such that we can analyze it using tools like the Data Explorer, or some other tools that is compatible with the Amazon S3 events backup.

Our app is dedicated for kids, and we are therefore being really careful about regulations like GDPR. We need to make sure parents consent to analytics before we gather any personal data, like email or IP address. This consent happens when they register for an account. Currently, we create a playfab account only once players register (in unity, PlayFabClientAPI.LoginWithCustomID immediately followed by PlayFabClientAPI.AddUsernamePassword).

We would still like to get some information about user behavior, even if it's anonymous, before they get to that registration screen. For example, just knowing how many people opened the app VS how many registered is pretty relevant.

So the question is: can we gather anonymous data with playfab before users create their account and have their playfab ID? We don't need that data to be associated with any users - it could be as simple as a counter that is being increased whenever a user opens the app for the first time.

If we can't, an alternative way to get this data could be to silently create an anonymous account with PlayFabClientAPI.LoginWithCustomID as soon as the app opens, and send events we want to track with that account. We would then call PlayFabClientAPI.AddUsernamePassword when players actually register. The two potential downsides of that approach:

- If they already have an account, and they login instead of registering, this means we would then need to delete the playfab account that was initially created with LoginWithCustomID. Otherwise we would create several anonymous playfab accounts that would be abandoned as players login with their original account. Does that make sense, or is there an alternative approach I'm missing here?

- We need to be sure that PlayFabClientAPI.LoginWithCustomID doesn't collect any personal information as defined by GDPR (like IP address). Can you confirm that's the case?

Account Management
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
brendan avatar image
brendan answered

The best answer we can provide is:

Collecting any data for a player requires that the player be logged in. That login can be done using any of our login API calls, including Custom ID (using a randomly generated GUID), device ID, etc., as long as it is reliably unique (no two players using the same player account). We can also highlight that you can turn off device information collection and full IP Address storage via the title Settings tab. So it is certainly possible to create GDPR-compliant applications that use PlayFab.

Beyond that, I'm afraid your question touches on what is allowable under regulations like GDPR, which we cannot advise on, as that is a legal matter rather than a technical one. Our lawyers would (rightly so) give us serious grief if we tried to advise anyone on what specifically would or would not be compliant.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Francois Boucher-Genesse avatar image
Francois Boucher-Genesse answered

Thanks for the quick answer Brendan. I certainly understand not being able to go in legal details. Staying on the technical side:

Let's say that a user creates an account on device A (PlayFabClientAPI.LoginWithCustomID to create PlayfabID 1, eventually followed by PlayFabClientAPI.AddUsernamePassword). He then opens the newly installed app on device B. PlayFabClientAPI.LoginWithCustomID is called on app open, which creates another PlayfabID 2. He then logs in to his initial account using PlayFabClientAPI.LoginWithEmailAddress (which reverts to PlayfabID 1).

At that point PlayfabID 2 will never be used by anyone anymore. My guess is we should probably delete it. Could you let me know if I'm missing something or if there's a simpler way to go about this?

Thanks.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.