When publicly distributing your mobile game, it's important to make sure you have all the necessary legal agreements and policies in place. Not only do you need to comply with various regulations on user data and privacy, but you also need to make sure you follow app store requirements where you wish to distribute your game.
This article will highlight the most commonly needed legal agreements and policies for mobile games, why they're important, what information they should contain, and how to best display them to your mobile game users.
An End User License Agreement (EULA) is a legal agreement that does the following:
Your EULA will define which types of licenses you grant to users and what the limitations and restrictions of use are. Possible license limitations could include prohibitions against:
An EULA is also a good place to define other usage restrictions. Those can include finding bugs in the software to level up or win, developing scripts to take advantage of these exploits, or otherwise cheating and causing disadvantages to other users.
Let's take a look at Fortnite's EULA, where it defines may of these restrictions in its "License Conditions" section:
A Service Level Agreement outlines the commitments you make to your customers. It's important if you are developing a game for a client who will sell the game under their own branding.
While not an absolute requirement for games that you publish under your own copyright, it's still a good idea to include it for games with a premium tier. Remember, an SLA has the service provider's interests in mind, not the client's.
Your SLA is where you outline things like:
Of course, only promise what you can deliver. That way, if downtime occurs, and it was within the acceptable limits as per your SLA, your client can't claim that you didn't fulfill your contract.
If you collect any sort of data from users, you need to include a privacy policy to stay in compliance with legal regulations. A privacy policy is necessary to stay in compliance with laws such as the GDPR (EU), CCPA (California), DPA (UK), and PIPEDA (Canada).
Your privacy policy should inform users which information you collect, how you store and process the data, what you use the data for, and which third parties you share it with (if any).
Let's take a look at the Niantic Privacy Policy. Niantic Labs is the developer of Pokémon GO, a popular mobile game.
The privacy policy explains which data is collected from users and why. For example, Pokémon GO relies heavily on the player's location - the goal of the game is to capture virtual Pokémons that appear in the user's environment, based on their real-time location. Therefore, it collects location-based data.
If you share any data that you collect with other companies, such as advertising companies, you must disclose that in your privacy policy. Niantic Labs makes it clear that not only is data shared with advertising partners, but some data is also shared with service providers, other players, parents, and law enforcement (as necessary).
If you share data with third parties, tell users what kind of data you share. Is it anonymized data? Under which circumstances might you share personal (non-anonymous data) with third parties?
To comply with privacy regulations, you should also inform users about their rights regarding their privacy. For example, tell them how they can opt out of data processing for marketing purposes or how they can contact you to access or delete their personal data permanently. Once again, Niantic Labs is a perfect example.
Finally, it's also important to provide a notice regarding child privacy. If you don't allow children to use your services, and you don't collect any personal data from children, you can provide a brief section stating that.
If you do allow children to use your game, it's important to inform parents about it to comply with COPPA (Children's Online Privacy Protection Rule). Parents should know that they must provide consent before you collect data from children. Additionally, inform parents about their rights, such as their ability to opt their child out of further processing and to have their child's data deleted permanently.
When publishing an app on one of the app stores, you must also make sure that your privacy policy complies with its rules.
For example, Apple requires the following:
Meanwhile, Google requires that you include a link to your privacy policy both within the designated field in the Play Console and within the app itself (you can alternatively include the full text of the privacy policy within the app instead of a link to an externally hosted policy). The privacy policy must be clearly labeled as "Privacy Policy."
Google requires that your privacy policy disclose how your app accesses, collects, uses, and shares user data. It should also discuss what type of data you process, with whom you share the data, your data retention and deletion policy, and whom users should contact regarding concerns about their personal data.
Xbox requires that you provide a policy notice to users when they create an account with you.
Another important section is your cookie policy. Having a cookie policy will help you stay in compliance with laws such as the GDPR and ePrivacy Directive.
Your cookie policy should inform users what kind of cookies you collect, including essential cookies, advertising cookies, third-party cookies, and tracking cookies. You should explain why each type of cookie is collected and for which purpose. If you collect non-essential cookies, users should be able to opt out of them.
It's good practice to separate your cookie policy into a separate document, like Niantic Labs has done. You can link to it from your privacy policy.
It's important to define community standards if your game supports social interactivity between players. If players can chat with each other in the game, for example, you'll want to enforce standards that ensure people remain respectful to each other.
Overall, this section is pretty self-explanatory. You'll want to ban behavior that is aggressive, abusive, endangering children, promoting harm, promoting discrimination, and so on.
Roblox is an excellent example. It breaks its Community Standards guidelines into several sections, including Safety, Civility, and Integrity, as well as various subsections. The Safety section contains subsections such as:
Your Community Standards can contain different sections. In general, though, your goal should be forbidding harmful behavior while using your game.
Your Terms and Conditions or Terms of Use document tells users how they are allowed to use your game. It's a general document that often incorporates several other legal documents, such as the EULA and Community Standards.
Let's take a look at the Terms of Use of Inner Sloth, the creator of the popular mobile game Among Us. It features a Prohibited Uses section, which restricts users from cheating, trying to hack a game, or using a game to send spam.
Your Terms and Conditions is also a good place to address termination, limitation of liability, governing jurisdiction, and indemnification. All of those concerns are addressed in Inner Sloth's Terms of Use.
Furthermore, the Terms of Conditions is a good place to talk about in-app purchases, fees, and what happens when users delete their accounts. Are you required to provide a refund? Let's see how Say Games, a popular developer of mobile games, does this.
The Terms of Use is also the right place to talk about other payment fees.
If your game requires a subscription, what happens if a payment method fails? Will users lose access to the platform? Will they lose access to special perks, such as virtual items, and how soon do they have to pay their subscription to restore access before such data is deleted permanently?
If you offer a free trial, you should also make it clear that if users don't cancel, they will be charged automatically. You should also inform users how they can cancel their subscription to avoid auto-renewal. For example, Say Games gives users 24 hours before the renewal date to cancel their automatic subscriptions.
When publishing an app to the app stores, you must also comply with their requirements.
If you allow account creation, Google requires that you include a delete account URL. Users must be able to delete their account within the app and from outside the app (so they can request account deletion even if they deleted the app from their devices). This URL must also be entered into a special field in your console.
When a user requests that their account be deleted, you must also delete all personal data associated with the user and not just freeze their account.
If you collect any data that is not within reasonable expectation of what would be required for the game to function properly, you must include an in-app disclosure. This disclosure must be prominently displayed within the app and be separate from your privacy policy.
Furthermore, you must display this disclosure via a pop-up if you ever request that the user consent to data collection or runtime permissions during in-app usage of the game. You must obtain clear and unambiguous consent to this disclosure via ticking a checkbox before you can proceed to collect such data. Simply navigating away from the page or closing the pop-up does not count as giving consent for this purpose.
Google also requires that you fill out a Data Safety form that talks about how you collect, use, and share user data. This form can be found in the App Content section of your Play Console. You'll need to explain which data you collect, what you do with the data, and whom you share it with and why.
Apple has the following requirements for developers:
Xbox has the following requirements for developers:
The best way to get consent for your Terms and Conditions and Privacy Policy is to require users to check a box or click a button confirming their consent when they first use the app after downloading it. Here's an example:
When publishing a mobile game, don't overlook the legal requirements. You should have a:
Make sure you are also complying with all of the app store regulations, such as including a delete account URL for the Google Play Store.