New product announcement 🎉 Satori - LiveOps to know your players, deliver features, run experiments and schedule events

User Data Privacy

Warning!

The contents of this page are informational only and do not constitute legal advice.

Seek independent legal advice to understand your respective data protection obligations under the GDPR or other applicable legislation.

Depending on where your application servers and user base are located, it is likely there is an applicable data protection law in place, such as the European Union’s General Data Protection Regulation (GDPR).

Either you as the developer, or your application itself, should be prepared to handle user requests under the applicable legislation. Some typical requests under such laws include:

  • Right to data: Giving the user access to / copies of their data
  • Right to be forgotten: Deleting the user’s data upon their request

Nakama provides two options for addressing such requests: via the Nakama Console or functions in the server runtime.

Nakama Console

From the Console Accounts page you can find the corresponding ID for the user making the data request.

For right to data requests, you can perform an Export of all data for that user and share the resulting export via any desired medium.

For right to be forgotten requests, you can delete all data corresponding to any particular user. A recorded delete is recommended, recording the ID of the user so that it can be deleted once again in the event a data recovery from earlier backups is performed.

Runtime functions

Where the Console method of handling user data requests is only available to internal administrators of your application, the functions exposed in the server runtime can be integrated directly into your application’s UI. This enables users to obtain or delete their own data directly.

For right to data requests the corresponding function is accountExportId.

For right to be forgotten requests the corresponding function is accountDeleteId. Setting the recorded parameter to true is recommended, recording the ID of the user so that it can be deleted once again in the event a data recovery from earlier backups is performed.