Pokémon GO has become an undeniable phenomenon in just under a week; the number of users already surpasses dating app Tinder and is expected to soon surpass Twitter.
The game uses augmented reality to place creatures and items in real locations for players to catch.
As with any app, players accept the terms of service.
With Pokémon GO a player grants permission that the software company can find contact accounts on your device, access the contents of your USB storage, prevent phone from sleeping, access your Google Play billing service, access Bluetooth settings, location and your camera.
Niantic, the software development company behind the game, was created within Google but spun off on its own last year. They previously made the multiplayer game Ingress, which received criticism as a "privacy minefield."
Google is a third-party backer of Pokémon GO and invested millions in the game.
Below are some of the main things collected about a user, according to the privacy policy.
- Niantic collects certain information that can be used to identify or recognize you (or your authorized child) during gameplay and when you sign up, using a Google, Pokémon Trainer Club (PTC), or Facebook registered email address.
- Any child under the age of 13 must register with PTC before creating an account and the child’s birthdate is shared with Niantic.
- This is a location-based game. Information about a player’s location when they are using the game will be collected and stored.
- During game play they collect user names and messages sent to other users.
- To get the full experience of the game, users must allow Cookies. Some third party services providers and advertisers are also allowed to place their own Cookies on your hard drive.
- A user’s IP is collected.
- The web page you visited before accessing their services is logged.
- Web Beacons (also known as web bugs, pixel tags, or clear GIFs) track and measure the effectiveness of advertising. They are invisible and you don’t see them.
- You or your child’s device, browser, user settings and the way the player uses the services is collected, and the company says that is used to improve and personalize services.
- If the company is acquired by another company, or if they go bankrupt, your information can be disclosed and transferred. You will receive notice and 30 days to refuse the disclosure.
- When a player’s account is deactivated, Niantic, its clients, affiliates, or service providers may retain information --including profile information and user content -- for a commercially reasonable time period for backup, archival, and/or audit purpose.
- The company does not guarantee the absolute security of any information.
What does this all mean?
A profile of data collected about a player will provide information about their age, locations visited, email addresses, some browsing habits, conversations with other players, and interaction with advertising.
The company maintains that the majority of data collected is to improve user experience. They also said that any third party used to analyze log data is bound by contractual terms to process the data in accordance with European data protection laws. Those you can read here.
Under European laws, personal data can be collected only under strict conditions and for legitimate purposes.
Read the full privacy policy, here.