Once Human has been met with a bombardment of negative reviews after users got a hold of the Privacy Policy and saw what was listed under the “Personal information we receive from you” and the “Personal information we collect through your use of our Services or from other sources” sections.
At first glance, it does seem a little over the top, and it is understandable that there may be some cause for concern, however, it’s probably not as bad as it seems. You do have options here.
We can’t speak to whether this company or game has any malicious intent toward its users, but by giving them the benefit of the doubt, we might be able to ease some minds as to what all this actually means. We’re not affiliated in any way with Once Human or its developers.
What users are saying about the privacy policy
The biggest review speaking to the issues the community has with the Once Human policy was posted by a gamer named “gamer” on Steam.
We do agree with the transparency of information, and we hope that this information is updated very soon to provide users with more clarity on the subject. But this user does bring up a few alarming points and seems very well-educated in matters involving GDPR, so we should all be worried right? Well, maybe not.
The information that Once Human receives from you
The scary Privacy Policy that many users are talking about in the reviews of the game comes when you first launch the game for the first time. Kudos to whoever saw this because this is a lengthy quadruple-stacked beef burger of a policy that I had to read to write this article. Anyway.
It’s worth noting that, users are subject to country-specific privacy policy details – so the below may not be relevant to your or your country of residence.
Name & Contact Details | Such as first and last name, title, prefix, email address, telephone number, (instant) messaging account, postal address, date of birth, age, gender, country/region, and government-issued ID, such as passport information, as required by applicable laws for age verification and correction of personal information. |
Account Information | Such as your email address, chosen username and password, security questions and answers, avatar, and other information you share in your account. |
Billing Information | Such as debit or credit card details, bank account details, and billing address. |
User Content | Such as reviews about our Services and other user-generated content you may create or share on our Services, such as items and assets created or uploaded within our games, and videos and posts on our social media pages, blogs, and comment sections. |
Gameplay Information | Such as roles, heroes, character appearance, attributes (e.g., level, scores, experience points, and skills), progression and results, virtual currencies, item inventory, tasks and rewards, social connections within the Services, and chat logs. |
Preferences | Such as language, interests, other customer feedback/preferences that you might express during your use of our Services, and information you voluntarily provide in our surveys (e.g., your age, education background, occupation, and interests). |
Marketing Data | Such as language, interests, other customer feedback/preferences that you might express during your use of our Services, and information you voluntarily provide in our surveys (e.g., your age, educational background, occupation, and interests). |
Communication History | Such as details of your communications with us and details of your claims, complaints, and queries in general. |
Transaction Information | Such as details of products and services you have purchased from us, and order and purchase history within our Services, including transaction receipt number and purchase amount. |
You can find the full Privacy Policy here if you would like to read more about it.
Here the policy seems pretty standard, and somewhat what you’d expect to see from an online game (of course, this varies from company to company) but there are obvious reasons people may be concerned about this level of data collection, especially with the Tiktok bill occurrences, it has people worried.
There’s one piece of information that stands out in particular and that’s “government-issued ID” EG: Passport info, but this is only taken when submitted by you whether it is required by law. Once Humans cannot just magically take your passport information. We cannot think of a reason other than the talks of games in the future requiring ID verification to prevent underage access, so this could well be an implementation for the future.
But again, unless you give it to them, they can’t have it. Just because it is listed in a policy, does not mean it will be imposed upon you. Game developers have to list all scenarios in which they may have to retain or collect data in policies such as the Privacy Policies, so users know the potential information that the company or game may collect. But that does not mean it will apply to everyone at all times.
@PriateSoftware on X posted an interesting tweet on the subject:
Once Human also plays host to an instant messaging system, which of course means that any messages you send will be retained for however long the company sees fit. This is standard practice.
Does Once Human have your social media information?
Yes, if you give it to them. There’s another section in the Privacy Policy that states Once Human will retain social media information from you, such as friends lists, profile pictures etc, the full policy can be found below.
Social Media Information | Such as name/nickname/username as it appears on your social media account profile, profile pictures, social media account ID, associated email address and other social media profile information, including lists of friends on social media. |
Location Information | Such as IP geolocation information, cell-ID, and Wi-Fi connection location. |
Device Information | Such as information about your devices and your use of our Services, such as IP address, MAC address, device identifiers, device model, device operating systems, regional and language settings, internet service provider, screen resolution, frame rate, ping value, stack information (e.g., crash reports and core dumps), server health indicators (e.g., CPU and memory usage, I/O usage, and load average), date and time stamps of actions (e.g., installing or using the Services), advertising identifiers, events within our Services (e.g., logins and gameplay attempts), and events on third-party websites (e.g., engagement time, number of clicks and views, and clicks and views of campaigns and communications materials). This includes data obtained through cookies and similar technologies, as described in the Cookies and Similar Technologies Policy applicable to the specific Service that you are using. |
Game Account Information | Such as your email address, nickname/username, age, country/region, and game account ID, which we collect from the third-party game account provider when you use such account (e.g., Xbox account, PSN account, Steam account or Epic Games account) to log onto our Services. |
Third-Party Payment Information | Such as a hashed identifier of your account with the third-party payment processing service, and the country/region from which your payment originated. |
This likely comes from the fact you can link your social media accounts in the game for unique rewards, this is done presumably so the developers can market the game to you further, and keep you updated on any news regarding the game.
But as with most things, this is entirely optional and you do not have to link your accounts to Once Human to play the game. If you don’t want them to have certain information, just don’t give it to them. We do agree that they take full advantage and it is very extensive the amount of data collection that they perform, but ultimately, the power is in your hands.
Steam would not allow a malicious game onto its platform
At the end of the day, Steam won’t allow a game on its platform that was maliciously collecting tonnes of user information without good cause. Although we don’t know how extensive the Steam checks are, it doesn’t (to our knowledge) have a history of allowing malicious content on its platform. We can’t think of one example of Steam letting a malicious game onto its platform. Steam doesn’t want to make itself liable for any kind of lawsuit. (we’re not saying there’s never been a case, we just can’t find one)
We’re not saying this game isn’t a data farm, and we’re not saying it is, we’ve just seen a lot of misconceptions about what these policies mean. And we’d hate to see misconceptions ruin an otherwise good game, or screw a small company out of a player base. We hope that this is resolved soon and that a lot more transparency is added to the Privacy Policy, to give users a better sense of where their data is going.