KidProof · How-to

How to comply with COPPA children's privacy (US)

If your service targets children under 13 — or you know you collect their data — COPPA requires verifiable parental consent, data minimization, and parental review/delete rights. The FTC's 2025 amendments add separate opt-in for third-party sharing and a written retention limit. Penalties run to tens of thousands per violation.

Step by step

Work through these — each is a place compliance is won or lost. KidProof's checker verifies every one for you in about a minute.

  1. Get verifiable parental consent before collecting from under-13s?
  2. Published a COPPA children's privacy policy?
  3. Give parents direct notice before collecting?
  4. Collect only what the activity needs (no over-collection)?
  5. Can parents review/delete data and revoke consent?
  6. Written policy to delete kids' data when no longer needed?
  7. Separate parental opt-in before third-party / ad sharing?
  8. Reasonable security + confidentiality from any data-sharers?

The fast way

🪿 Don't do it by hand. The free KidProof checker walks you through each step, flags exactly what's missing, and Clause drafts the fix for you — then re-check until you're clear. No signup, runs in your browser.

What's at stake if you skip it

⚠️ Exposure: up to $53,088 per violation (FTC) · Status: In force. Every rule's penalty →

The source

RuleGoose checks this against the COPPA Rule (16 CFR Part 312), as amended by the FTC in 2025. Read it yourself: eCFR — 16 CFR Part 312 (COPPA Rule) →

Check your COPPA children's privacy (US) compliance — free.
See exactly which steps you've missed and draft the fix in about a minute. Run the KidProof checker →

or read the full COPPA children's privacy (US) guide, or get one RuleGoose Score across every rule.

Informational only, not legal advice, and not affiliated with the FTC. Last reviewed 2026-06-30.