Player Data Management
This page offers a guide to addressing some areas of player data management for your game when using the GameSparks service:
- Data Capture
- Data Encryption
- Data Storage Locations
- Data Transfer
- Removing Data
- Amending Data
- Extracting Player Data
- Data Retention
FAQs? Review Frequently Asked Questions about managing your player's data.
When you use the GameSparks service, you can avoid storing and sharing any personal data linked to the players of your game. The options here will depend on decisions you have made regarding the set up of your game for:
- Gathering players' personal data directly.
- Integrating with social networks that contain players' personal data.
- How you set up authentication against the service.
Gathering Personal Data - Directly or Indirectly
We've designed our services to avoid the need for you to share or store personally identifiable information of your players on our services. If you make certain choices - such as integrating with social networks or asking your players for personal data - then the service will store and process the data you choose. This is your decision, and you are responsible for obtaining the necessary consent from your end users, employing appropriate safeguards (such as the use of anonymous identifiers, data encryption, and so on), and for complying with privacy law applicable to you.
If you receive a request from an individual player to delete their data, you can accomplish this using the tools and methods listed below in Removing Data.
When a player registers with a game in GameSparks, the player data captured is dependent on the authentication method you select for your players. For all authentication methods:
- The player's location - country, city, latitude and longitude - determined from the IP address that they have connected from is recorded.
- Note that you can configure a specific Credential that blocks this player location data capture and blocks the ability to perform Social Network Authentication when players who are assigned this Credential register. For more details, see the Credentials page.
The DeviceAuthenticationRequest is used to create an anonymous registration. In this case, the following is recorded:
- A platform-specific string that uniquely identifies the device making the connection.
- Optionally, a displayName - free-form text that the game client can display back to the player.
The RegistrationRequest creates a user that is identified by a username and password. In this case, the following is recorded:
- A free-form text username that uniquely identifies the player.
- A displayName - free-form text that the game client can display back to the player.
Social Network Authentication
The ConnectRequest API calls, such as FacebookConnectRequest, authenticate the player against the chosen social network. In this case:
- The player's display name from the social network is stored against the player record. This only happens at registration time unless you set syncDisplayName to true:
- syncDisplayName is set to true - if the player's display name is updated on the social network, then the display name stored against the player record is updated.
- syncDisplayName is set to false - if the player's display name is updated on the social network, then the display name stored against the player record is not updated.
- If the access token provided by the player grants access to the player's friend list, this list is retrieved from the social network and each friend has a record created in the externalAuthentication database collection. These records are used to support the following GameSparks social features:
- Note that you can avoid any indirect player data capture for social network authentication by configuring a specific Credential that blocks this player location data capture and blocks the ability to perform Social Network Authentication when players who are assigned this Credential register. For more details, see the Credentials page.
The GameSparks service implements encryption to safeguard your data. We also recommend that you encrypt data before sending it to, or persisting it in, the GameSparks service.
The storage used by the databases supporting the GameSparks service is encrypted using AWS EBS encryption (for details, see the Amazon EBS Encryption guide).
All communication between clients and the GameSparks service is encrypted using the Transport Layer Security (TLS) protocol.
Data Storage Locations
When you first create a game in GameSparks, to minimize developer latency the Preview instance of the game is deployed in the closest region to you based on your IP address. This region will be either Europe, Americas, or Asia.
When you publish the game for the first time, you can select which region it is deployed to. The data that you store in your game is only persisted in the country where games are deployed for the region you have selected for the published version of your game. The specific countries we deploy to for each region listed in GameSparks are:
- Africa - Ireland
- Oceania - Singapore
- Americas - USA
- Asia - Singapore
- Europe - Ireland
We do not transfer any data stored by a game outside of these countries, with the exception of backups which we replicate to other countries in the same region. The replication location for each of our regions is as follows:
- Ireland for the Europe and Africa regions is backed up to Germany.
- USA for the Americas region is backed up to the USA.
- Singapore for the Asia region is backed up to Australia.
Once you have selected the region for your game, we do not transfer the game's data outside of the region the game is deployed to. However, by accessing your game in GameSparks through our published APIs, you may choose to transfer this data to other regions.
You can delete any of the data stored by GameSparks at any time.
Individual Player Data Deletion
The data associated with an individual player can be deleted with a Cloud Code API deletePlayer request:
This request removes the player record and all system collection references to the player in question.
External Authentication Data Deletion
Individual External Authentication records can be deleted from the externalAuthentication database collection using either the NoSQL Explorer:
- https://docs.gamesparks.com/api-documentation/nosql-rest-api.html by searching on a combination of externalSystemId, externalUserId, externalUserName, and externalDisplayName.
Custom Data Deletion
If you have stored data in custom collections or in Game Data, then you must remove this data yourself using either Cloud Code:
Or using one of the Management APIs:
Entire Game Deletion
You can delete an entire game from GameSparks by clicking the Delete button in the game:
If you do this:
- Your game will move to your Recycle Bin for 10 days.
- After 10 days in the Recycle bin, your game will be completely deleted, including any player data associated with the game.
- Any backups of the game will be automatically removed 7 days later, that is, 17 days after clicking to delete the game.
If you wish to delete your GameSparks account, please raise a support ticket at:
Or send an email requesting that your account be deleted to:
If you do this:
- Any games you own will be deleted in the same manner as described under Entire Game Deletion above.
- Your account will be removed and we'll delete the data you provided when you registered with the service.
You can change a player’s username or display name using this API call:
You are responsible for amending any custom data you store about a player using one of the NoSQL/Data APIs:
Extracting Player Data
If you wish to extract player data in response to a request from a player, you can extract their data using the following APIs:
Even though you might delete player data manually at any time, the GameSparks service doesn't automatically delete any data stored in your game. You are responsible for managing the retention of any data stored within a GameSparks game and we recommend that you set up automatic deletion via Cloud Code or by setting up Time to Live (TTL) on your data.
The API request/response data presented within the API Stream is available online for up to 7 days in Preview and 5 days in Live. The raw data is retained for 7 days from creation and then automatically deleted.
The databases associated with your game are backed up multiple times per day, with these backups retained for 7 days.