What Is COPPA?
The Children's Online Privacy Protection Act (COPPA) is a US federal law regulating the collection of personal information from children under 13. Enforced by the Federal Trade Commission (FTC), COPPA applies to any app directed at children under 13 or that has actual knowledge it collects data from children under 13.
The FTC has issued fines exceeding $170 million in individual cases. In 2026, enforcement is stricter than ever.
Does COPPA Apply to Your App?
COPPA applies if either condition is true:
- Your app is directed at children under 13 - Determined by subject matter, visual content, language, and whether it appears in kids categories
- You have actual knowledge of users under 13 - If a user identifies as under 13 during signup
Even general-audience apps fall under COPPA once you know a user is under 13.
What Counts as Personal Information?
COPPA defines personal information broadly: full name, address, email, phone number, photos/videos/audio of the child, precise geolocation, and persistent identifiers (cookies, device IDs, ad IDs) when used for behavioral advertising.
Core Requirements
Parental Consent
Before collecting data from a child under 13, obtain verifiable parental consent through: signed consent forms, credit card transactions, government ID verification, video calls, or knowledge-based questions.
Privacy Policy
Publish a COPPA-compliant policy describing what data is collected from children, how it is used, parental rights, and your contact information.
Data Minimization
Only collect information reasonably necessary for participation. Do not condition access on disclosing more data than needed.
Data Retention and Deletion
Keep children's data only as long as necessary. Parents can request deletion at any time.
App Store Rules
Apple App Store: Apps in the Kids category must comply with COPPA. No third-party analytics or advertising without Apple's approval. Cannot link to external sites without a parental gate.
Google Play: Designed for Families apps must comply with COPPA. Only approved ad networks allowed. Must accurately declare the target age group.
Mixed Audience Apps
If your app targets both children and adults, implement a neutral age gate (date-of-birth input, not "Are you over 13?"). If the user indicates they are under 13, apply full COPPA protections: disable behavioral advertising, analytics tracking, and third-party data sharing.
Common Violations
The FTC has acted against apps for: collecting persistent identifiers for ads without consent, using tracking SDKs without disclosure, inadequate privacy policies, easily bypassed age gates, and collecting location data from children's apps.
International Considerations
While COPPA is US law, it applies if your app is on the US App Store or Google Play US. The EU has similar protections under GDPR (age of consent 13-16 by country). The UK's Age Appropriate Design Code adds further requirements.
Compliance Checklist
- Determine if your app targets or has under-13 users
- Implement a neutral age gate for general audience apps
- Obtain verifiable parental consent before collecting children's data
- Publish a COPPA-compliant privacy policy
- Disable behavioral advertising for under-13 users
- Audit all SDKs for COPPA compliance
- Implement data deletion functionality