question

Ozan Yilmaz avatar image
Ozan Yilmaz asked

How should I fill the new Data Safety form in Google Play Console?

Hello everyone,

Google Play Console wants me to fill the Data Safety form, which is related to the data I collect through my game. I don't know which ones to select since I don't know how PlayFab really works.

My game collects only Device ID to create an account. While creating accounts, I ask them to choose a display name. Afterwards, the players can make their accounts recoverable by adding their e-mail addresses. There's also IAP in my game, but I think I should ask the questions about IAP to Unity since I use the Unity IAP package.

Here's the questions related to the Device IDs, display names and e-mail address in Data Safety form.

The first and the third questions is "yes" for me, and I think the second one is also "yes" as well? While sending data to PlayFab I send them like normal text (string). I'm not sure if the PlayFab SDK encrypt the data before sending to the Internet.

Since I collect e-mail addresses (even though on behalf), I select the e-mail address option. Should I also select personal identifiers since I collect display names? Sometimes, I see nicknames in games are considered as personal data. I'm not sure about this.

https://i.ibb.co/Wns8TFp/03.jpg (I can't attach more image files)

Since I create accounts with Device IDs first, I think I should select this option?

https://i.ibb.co/D4BJDL9/04.jpg

This is where I need to explain more. I need to fill this form for every data type I check. This one is for e-mail addresses. I should definitely check the Collected option, but what about the Shared option?

https://i.ibb.co/YXTZWGQ/05.jpg

These are the questions that is asked whether I check Collected or Shared.

https://i.ibb.co/Jy7xVDJ/05-collected.jpg

This is for Collected option.

https://i.ibb.co/zHWjCfJ/05-shared.jpg

This is for Shared option.

I think, PlayFab should tell us which data is used for what like Unity did for Unity Analytics. (http://documentation.cloud.unity3d.com/en/articles/4694233-apple-nutritional-info-unity-analytics). It will be helpful.

01.jpg (44.1 KiB)
02.jpg (22.3 KiB)
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

I'm afraid we cannot advise you on issues that are specific to Google policy, as we don't have any control over their policy. What we can do is provide the technical details of what our service does and does not do. If you have turned off full IP Address storage and Device Info events (both in the title Data Collection settings), the only personal information that we would be storing automatically would be based on what login model you're using. For example, if you use Device ID for login, we have to store that. Similarly, if you use email/password for sign-in, we have to store the email address (though the password is obviously salted and one-way hashed).

All API calls to PlayFab use TLS (https), so yes, they are all encrypted. We also encrypt all data at rest in PlayFab.

The GDPR requires that there must be a way for a user to request to receive all data stored about them, as well as delete all data about them. So we provide API calls you can use to do both of those things: PlayFab GDPR - Deleting and Exporting Player Data - PlayFab | Microsoft Docs

We do not share any data outside the PlayFab service by default, though you can choose to export data in multiple ways (the event export service, Webhooks, the Segment integration, etc.).

No data stored in PlayFab is ephemeral, and in terms of the data stored specifically due to your settings and API usage, PlayFab does nothing at the user interface level - any selections provided for storage would be your decision as the developer of the client application.

Since no data is exported by us to others (apart from where you instruct us to, as described above), the how it's used question would not apply. If you're choosing to export data using any of the methods above, you would need to fill that in based on how the services you send the data to use it. Internally, the service is designed to use the data for all the reasons given, except for "advertising/marketing".

What is or is not personal data isn't something we can advise you on either, as that's a legal matter. You should discuss that with your own legal counsel, to determine what you need to do to make sure you're only storing what you need, and that you're managing it appropriately.

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Ozan Yilmaz avatar image Ozan Yilmaz commented ·

This is very helpful. Thank you

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.