TemplateFREE⏱️ 3-5 hours
COPPA Compliance Checklist Template
A structured COPPA compliance checklist for product teams building apps or websites directed at children under 13, covering parental consent, data...
Updated 2026-03-05
COPPA Compliance Checklist
| # | Area | Criteria | Score (1-5) | Findings | Action Required | Status | |
|---|---|---|---|---|---|---|---|
| 1 | |||||||
| 2 | |||||||
| 3 | |||||||
| 4 | |||||||
| 5 |
#1
#2
#3
#4
#5
Edit the values above to try it with your own data. Your changes are saved locally.
Get this template
Choose your preferred format. Google Sheets and Notion are free, no account needed.
Frequently Asked Questions
Does COPPA apply to apps used in schools?+
Yes. However, the FTC allows schools to provide consent on behalf of parents when the personal information is used for educational purposes. Schools must be informed about data practices and must provide written authorization. This "school consent" does not extend to commercial purposes. If you use student data for advertising, marketing, or any non-educational purpose, separate parental consent is required.
What counts as "personal information" under COPPA?+
COPPA defines personal information broadly. It includes obvious identifiers (name, address, email, phone) but also photos, videos, audio files containing a child's voice, geolocation data, and persistent identifiers like cookies and device IDs when used for purposes other than internal operations. Screen names that allow direct contact also qualify. Product teams often miss that analytics cookies and device fingerprints are personal information under COPPA.
Can we use age-gating to avoid COPPA?+
Age-gating alone does not exempt you from COPPA if your product is "directed to children" based on its content, design, and audience. If the product's subject matter, characters, activities, and design clearly appeal to children, COPPA applies regardless of an age gate. For general-audience products (like social media), age-gating creates a "mixed audience" classification. You must still apply COPPA protections to users you identify as under 13. For guidance on designing age-appropriate product features, the [glossary entry on product requirements](/glossary/acceptance-criteria) covers how to document audience-specific constraints.
What is a COPPA Safe Harbor program?+
The FTC allows industry groups to create self-regulatory "Safe Harbor" programs. Participants in approved programs (kidSAFE Seal, CARU COPPA Safe Harbor, iKeepSafe, ESRB Privacy Certified, TRUSTe/TrustArc COPPA) follow the program's guidelines, which must be at least as protective as the COPPA Rule. Safe Harbor membership provides some liability protection (the Safe Harbor program is the first point of enforcement, not the FTC directly). It is not a guarantee against FTC action, but it demonstrates good faith.
How do the proposed COPPA Rule updates affect compliance?+
The FTC proposed updates in 2024 that would eliminate most uses of targeted advertising to children, require separate opt-in consent for disclosing data to third parties, limit data retention to what is necessary, and require COPPA compliance from ed-tech companies even when operating under school consent. While not yet finalized, product teams should plan for these stricter requirements now rather than scrambling to comply after the final rule is published. ---
Explore More Templates
Browse our full library of PM templates, or generate a custom version with AI.