Solar2D privacy policy?

I’m writing a privacy policy for my company and need to include links to privacy policies of third parties that may be collecting user data from my games.

How should I handle Solar2D? Is Solar2D collecting any user data that I need to inform my users about? Does Solar2D have its own privacy policy yet?

I know about the privacy policy of Corona Labs (https://coronalabs.com/privacy-policy/) but linking to that doesn’t feel legally correct given that Corona Labs is no more…

1 Like

I don’t believe that Corona independently gathers any “private” information about the users of our apps. It is up to us, as developers, to make sure that we (or our publishers) have a privacy policy that is clear that “private” information about the user is not collected, unless your app collects information in accordance with CA and GDPR. I haven’t read the old Corona Labs privacy-policy, but it wouldn’t surprise me if device and OS information are kept, but that would have no relation to a specific person, and therefore, I do not believe CA or GDPR would be violated. Of course, I’m not an attorney. This is just my opinion as an old, dinosaur of a developer.

@troylyndon I’m not completely sure about that. Been trying to find information in other forum threads, but can’t figure out what the bottom line is.

The Corona Labs privacy policy states things such as: “Information from Apps. Each time you use an App, we may collect certain information from you, including the bundle identifier or package name of the App, your IP address, device operating system, cookie identifiers, unique device identifiers, and the time when you launch the App.”

If that is true, then according to GDPR we must inform out users about this and also give them a way to opt out, which I understand has never been offered by Corona Labs.

But in the GDPR Compliance forum topic I read this response from Rob at https://forums.solar2d.com/t/gdpr-compliance/347017/189:

“Ben, starting with daily build 3286, we stopped collecting anything that fell into the personal ID category (IP address, IDFV, the Android equiv). (Note, you should use 3301 or later since we fixed some build bugs on older iOS and Android versions). If you use a community made plugin, we don’t control the source to that plugin and it’s up to the vendor to make sure their plugin is GDPR compliant. And for plugins we have control over the plugin source, once we call the third-party SDK, we no longer have control over what that SDK does.”

If that is true, then we don’t have to include Corona/Solar2D in our own privacy policy, and instead just focus on the plugins that we use that may collect user data.

So… Does anyone know for sure if any sensitive user data is collected? :thinking:

EDIT: If I don’t hear otherwise I’ll just assume what Rob said (see above) is true and that no personal ID data is collected anymore. Meaning there’s no need to link to any Solar2D privacy policy when it comes to GDPR consent in our Solar2D apps.

Aha, so Corona/Solar2D is fine, as well as the plugins created with the engine (I.e. Facebook4a plug-in and others). We just need to check with the plugin creators of Other third-party plugins.

While Solar2D shouldn’t be collecting any personal information from the users of your apps, the same does not apply to plugins. For instance, Facebook4a plugin almost certainly collects information. It is, after all, Facebook and the plugin manages login information. Same with first party ad plugins.

2 Likes