Did you find this helpful?

Data Collection

At PlayFab, our vision is to enable the segment of one. That is, we aim to provide enough end-user context in real time to allow you to tailor a unique experience for every individual customer. In order to both provide this individualized functionality and operate healthy services at scale, PlayFab collects end user data on the developer’s behalf. The scope of the data collected is described in our Terms of Service.

At a high level, there are two ways in which data is collected:

  1. Your game & game services make PlayFab API calls. These calls generate API logs and Playstream events that are descriptive of the user context at the time the call occurred. These often include personally identifiable information such as IP address, specific geo-location, player name, etc. This data is explicit, meaning it is only ever collected in response to an incoming API call made by you. Thus, if you wish to stop collecting this information for any reason, you may simply stop calling the API.
  2. The SDK uploads analytics information automatically at various times during the app lifecycle. Examples include – but are not limited to – session start & end, enter & exit focus, player device information, etc. This information is used broadly to support enriched analytics that allow you to see what devices your players use, how many people are currently in a session, and what markets people are playing it. This data collection is implicit, meaning that it is collected by our SDK for you without a pre-requisite API call.  Any information collected in this way can be enabled or disabled dynamically from Game Manager under the Data Collection tab. See the Sessions and Device Info tutorials for more details.

Under the European Union’s General Data Protection Regulation (GDPR), you as the game developer are the data controller and Microsoft is the data processor for any end user data collected. By using PlayFab’s services and/or SDK, you are instructing Microsoft to collect end user information on your behalf.

We recommend you carefully review your obligations as a data controller under GDPR and seek legal counsel to ensure compliance with GDPR. We recommend you review our Delete and Export tutorials to understand the APIs we provide to help you remain complaint. Finally, we also recommend you review your own terms of use and privacy policies to ensure the scope of these end-user agreements is consistent with the collection practices described here.

Did you find this helpful?