A Deep Dive on How Overwolf Handles User Data

Disclaimer: This post is a bit more technical than a normal high level explanation on data and privacy. For a more high level explanation, you may want to go here.

Background and Data Regulations

The purpose of this article is to be transparent and to set the record straight on how exactly we collect data, what that data is used for, and how we do not under any circumstance sell personal data or ad related data. If you have any further questions or need clarity on any privacy related topic, please reach out to support@overwolf.com.

Data handling has been a major focus over the last decade following a bunch of public scandals, perhaps the famous of them all is Cambridge Analytica + Facebook. In short, this resulted in several important privacy regulations including GDPR, CCPA and COPPA. The purpose of these regulations is to regulate how companies handle digital user’s footprints, provide do’s and don’ts, and force companies to provide services such as “the right to be forgotten” (aka “Delete my data”) and allow one access to see a copy of his or her data. Overwolf is compliant with these privacy regulations, so sharing with you the following paragraphs on how and why we are collecting data, is actually pretty straightforward for us.

Data flow

Let’s walk through how exactly Overwolf collects user data:

1. A gamer downloads an app
2. While the app is getting installed together with the engine (i.e Overwolf) an anonymous unique identifier is generated for the user. This identifier is called Machine Unique Identifier, aka ‘MUID’.
3. Gamer plays a game with the app
4. Analytical events are being set throughout this process:

• App installed
• App opened
• A specific window of an app is opened
• Game started
• App/Overwolf Crashes (yep, that happens as well)
• And other data points like number of screens (to enable a 2nd screen app support), GPU/CPU and other hardware stats to make sure we don’t fry the gamer’s machine

These analytics events are sent to a CDN provider, parsed, aggregated and sent to a Database. We use Amazon S3 for storage and Snowflake or MySql for compute.

Once that is completed, the MUID has all its analytics attached to it, but it still doesn’t tell us who that person is. The most detailed piece of information that is collected is the user’s IP, which is used to personalize language and track app performance since some bugs are sensitive to server distributions and game versions across regions.

After that super ordinary process has ended, we aggregate and present the anonymous data to the app’s developer, so he/she can take actions such as:

• Fix the app — if there are too many crashes
• Kill a feature — if not many users are using it more than 1 time
• Localize and adjust the app — if there are many users from France or Japan
• Etc.

If that gamer does choose to sign-in to Overwolf, which is non-mandatory, he’ll then have a record in Overwolf’s database, but that information is kept sealed and it is not shared with any of the app developers, nor with any 3rd party partner.

The end result, AKA the dashboard for the app developers, looks like this:

* that’s Redash btw, an open source BI tool we use to visualize the data

Here’s a simplified schema that describes the flow:

What is that data being used for?

Diving in a little deeper, here are some sample tables that we keep track of:

Sample database tables

Apart from exposing this data to the app developers, we only use it to track the health of our framework, highlight good trends and fix bugs.

Now, let’s talk about selling data

As mentioned in Overwolf’s Commitment to Gamers, we don’t sell personal data. Period.

The ONLY way we make money off data (and it’s very little, about 2% of our total revenue) is by selling aggregated, non personal reports to an industry-leading research company called NewZoo, which provides general insights and trends about the gaming market. We don’t sell data to commercial companies, nor do we plan to do so in the future.

Here’s one example of NewZoo’s reports: https://newzoo.com/insights/rankings/top-20-core-pc-games/

What’s the Business Model?

The Overwolf framework is built around a set of APIs and tools that allow creators to build their app in a gaming oriented environment. Since it’s kinda hard to spend so much time developing those wonderful apps, keeping them up-to-date and making sure they have 100% uptime, we introduced ads as a means to allow a steady income for the app developers. Overwolf works in a revenue share model with creators, and our cut is between 20 and 30 percent. We recently introduced a subscription model as well to allow another path for monetization while opening up the opportunity to remove ads. The bottom line is that we understand aversion to ads, but they are an avenue that enables developers to earn a fair wage for their work and it is important for us to give them options for monetization. BTW, we are quite strict on where developers can place ads.

How does that affect you?

Without data collection, developers cannot iterate and improve their products. It’s like building a machine in a dark room. As a result, we can enjoy apps that compliment the game, enhance the gaming experience and don’t break (well, often).

*Update - following PoE AMA — Overwolf plans to add an opt-out option from data collection.