KidProof · Shopify

COPPA children's privacy (US) for Shopify sellers: do the rules apply to you?

If your service targets children under 13 — or you know you collect their data — COPPA requires verifiable parental consent, data minimization, and parental review/delete rights. The FTC's 2025 amendments add separate opt-in for third-party sharing and a written retention limit. Penalties run to tens of thousands per violation.

In force US rules Shopify

How COPPA children's privacy (US) works on Shopify

Shopify gives you the storefront and checkout, but legal compliance is on you, the merchant — Shopify's own terms make that explicit. The platform ships some tools (a cookie-banner and customer-privacy API, a hosted PCI-compliant checkout), but switching them on and configuring them correctly is your job, not Shopify's.

📦 On Shopify: Shopify merchants write their own policies, flows and disclosures, so US federal and state rules land directly on you, not on Shopify.

Does this apply to you?

This rule applies to Shopify sellers who run an online service directed to children under 13, or knowingly collect their data. Collect data from anyone under 13? COPPA wants verifiable parental consent — and the FTC's 2025 rules just got stricter. Not sure? The free checker tells you in about a minute — no signup.

The Shopify checklist

Whatever the platform handles, you still need to be able to answer "yes" to each of these — these are the points Shopify sellers most often get caught on:

Get verifiable parental consent before collecting from under-13s?
Published a COPPA children's privacy policy?
Give parents direct notice before collecting?
Collect only what the activity needs (no over-collection)?
Can parents review/delete data and revoke consent?
Written policy to delete kids' data when no longer needed?
Separate parental opt-in before third-party / ad sharing?
Reasonable security + confidentiality from any data-sharers?

What's at stake

⚠️ Exposure: up to $53,088 per violation (FTC) · Status: In force. On Shopify, that's on top of any account suspension for breaking platform policy.

Compare the penalty for every rule →

Common questions

Do I have to handle cOPPA children's privacy (US) myself on Shopify, or does Shopify cover it?

Shopify gives you the storefront, but cOPPA children's privacy (US) compliance is the seller's responsibility — the platform doesn't do it for you. The free checker shows exactly where you stand in about a minute.

Does COPPA apply to me?

It applies if your online service is directed to children under 13, or if you have actual knowledge you collect personal information from under-13s — including via plugins/SDKs you embed.

What counts as verifiable parental consent?

A method reasonably designed to confirm the consenting person is the parent — e.g. a signed consent form, a small card transaction, a government-ID check, or a video call. Keep a record of it.

What changed in the FTC's 2025 amendments?

Among other things: a separate opt-in before disclosing a child's data to third parties or using it for targeted advertising, and a written data-retention policy — you can no longer keep children's data indefinitely.

The source

RuleGoose checks this against the COPPA Rule (16 CFR Part 312), as amended by the FTC in 2025. Read it yourself: eCFR — 16 CFR Part 312 (COPPA Rule) →

Check your Shopify store against COPPA children's privacy (US) — free.
Answer a few questions, see exactly where you're exposed, and draft the fix. No signup, runs in your browser. Run the KidProof checker →

or get one RuleGoose Score across every rule your Shopify store has to meet.

The full Shopify picture

COPPA children's privacy (US) is one of several rules a Shopify store has to meet. See the full Shopify compliance checklist →, or read the platform-neutral COPPA children's privacy (US) guide.

Informational only, not legal advice, and not affiliated with the FTC or Shopify. Last reviewed 2026-06-30.