EOS Data Rights Services

Account linking, user data requests, and user data deletion

Epic Online Services (EOS) implements a General Data Protection Regulation (GDPR) policy for collecting data from users and for managing account connectivity with applications. This page provides a guide for both the limitations imposed by this policy and the procedures for requesting user data.

Accessing User Data through the Developer Portal

When a user installs an application that implements EOS, will be prompted to provide consent for the application to collect their data and share it with the organization that owns the application. This information is considered to be owned by the user, and the organization must make a request to EOS to interact with their account or obtain information from it.

You can request user data through the Developer Portal. From your organization's home page, click Account Linking to view the User Account Linking page.

Click image for full size.

From this page, you can provide a Player ID for the user whose data you want to retrieve and click Search to view their information. Once you locate a valid user, the page will display all of the identity providers and products the user has linked.

Click image for full size.

Exporting User Data

You can click the Export Data button for any application to request that user's progression and player data for that specific product. This request is linked with the user's product user ID, which is unique on a product-by-product basis. Alternatively, the Export All Data button at the bottom of the page will request the user's data for all products managed by your organization. Any time you make a request for data, you will be prompted to provide a valid email address to send the requested information to.

You can issue requests to export data for an individual user once every 10 days. If you attempt to request data more than once within this period, the service will respond with a 409 Conflict error. The maximum expected time to process a request is 14 days, though requests are usually processed more quickly. Within that period, the requester will be emailed a link to a bundle containing the requested data. This bundle will be accessible for 30 days, after which a new request will need to be made to obtain up-to-date data.

The bundle might contain encrypted information, as in the case of Player Data Storage info. Refer to our section on the Player Data Storage Decryption Tool for information about how to read encrypted data.

Unlinking a User's Account

Users may wish to change which accounts they have linked through EOS—for example, if they decide they no longer want to maintain an account for a given identity provider, or if they have a different account with a different username that they want to link instead. Alternatively, it may be necessary to unlink a user's account with a specific identity provider as part of security or fraud prevention measures.

The Unlink Account button will remove a linked account for an identity provider. Once an account has been removed, it will no longer be tracked by your organization. The user will no longer be able to login to your products using that identity provider unless they are re-linked. When you unlink an account, it is instantaneous, as it does not necessarily remove other linked accounts or remove the user from EOS.

Deleting User Data

Some circumstances may necessitate deleting a user's data completely. For example, you might want to permanently remove the user due to a violation, their account data may become corrupted or compromised, or they may specifically request that their account data be removed.

Clicking Delete Data for a given product will permanently delete the user's player and progression data for that game.

For more extreme circumstances, the Delete All Data at the bottom of the page will delete all of the user's data across all applications managed by your organization. It will also unlink all of their accounts for all identity providers.

Requests to delete all data have a 10-day grace period. This allows for the cancellation of the request in case the request for deletion was due to a compromised account.

Player Data Storage Decryption Tool

When requesting all stored data for a user through EOS Data Rights Services, files stored using the Player Data Storage Interface are included. These specific files are encrypted, and they need to be decrypted using the Player Data Storage Decryption Tool.

To decrypt a bundle, you will need the following information:

  • Either an encrypted file or a directory containing multiple encrypted files.

  • An encryption key configured for your product through EOS_Platform_Options::EncryptionKey. This is the same key used to initialize the SDK in your project.

  • The product user ID of the user whose information is being decrypted.

Epic Games does not know or maintain a record of your encryption key. You must configure your encryption key for your own product when you initialize the SDK, and you should keep a secure record of it.

Locate the FileDecryptionTool in the directory with your EOS SDK distribution and run it from a command line. You may decrypt either individual files or all of the files in a directory, depending on how you input the command to decrypt files.

If you provide incorrect values for the key or user ID, the tool will produce incorrect results, as both of these input parameters are user-defined and there is no way to validate them.

Decrypting Single Files

The command for decrypting single files is:

FileDecryptionTool -input encrypted_pds_file -output dencrypted_pds_file -key 123abcdef -user 123abcdef

The parameters for this command are:

Parameter

Usage

Description

input

-input D:/Files/[Encrypted_File_Name]

A relative or full path to the target file to be decrypted.

output

-output D:/Files/[Decrypted_File_Name]

The output filename for saving the decrypted file contents, either as a relative or a full file path.

key

-key 123abcdef

The encryption key configured for the Product and required to decrypt the files. Consists of 64 hex characters. }

user

-user 123abcdef

The file owner's product user ID.

This will save the contents of the decrypted file to the designated output file.

Decrypting All Files in a Directory

The command for decrypting a directory of files is:

FileDecryptionTool -input folder_with_encrypted_pds_files -output folder_with_decrypted_pds_files -key 123abcdef -user 123abcdef

The parameters for this command are:

Parameter

Usage

Description

input

-input D:/Files/EncryptedDirectoryName

A relative or full path to the target file to be decrypted.

output

-output D:/Files/DecryptedDirectoryName

The output filename for saving the decrypted file contents, either as a relative or a full file path.

key

-key 123abcdef

The encryption key configured for the Product and required to decrypt the files. Consists of 64 hex characters.

user

-user 123abcdef

The file owner's product user ID.

This will save the decrypted information into a duplicate folder structure. Any files that are not recognized as valid Player Data Storage files will be skipped, and the command line will output an error.