COPPA Compliance Guide
ℹ️Compliance group:
general-privacy-consent — full-flexibility mode; configure your profile to show age-gated consent for children under 13. Use compliance: { type: 'general-privacy-consent' } in your ConsentiSetup config.COPPA (Children's Online Privacy Protection Act) applies to websites and online services directed at children under 13 in the United States.
Configuration
ts
createConsenti({
ageGate: {
enabled: true,
minimumAge: 13,
requireParentalConsent: true,
},
})How it works
When ageGate.enabled: true:
- The frontend widget shows an age verification screen before the consent banner
- If the user indicates they are under
minimumAge, consent submission is blocked - If
requireParentalConsent: true, the form collects aparentalConsentToken - The
age_verifiedandparental_consent_tokenfields are stored on the consent record
API fields
json
{
"visitorId": "uuid",
"consentJson": { "analytics": "denied" },
"ageVerified": true,
"parentalConsentToken": "signed-token-from-parent-flow"
}Parental consent flow
Consenti does not implement the parental consent flow itself — it stores the token your system generates. A typical flow:
- Child enters age, is redirected to parental consent page
- Parent enters email, receives verification link
- Parent clicks link → your system generates a signed JWT
- JWT is passed as
parentalConsentTokenwhen submitting consent
Dashboard filtering
In the admin dashboard, consent records with age_verified: true are flagged so compliance officers can audit them separately.
🚨COPPA applies to operators, not technology vendors. You are responsible for implementing the full parental consent flow. Consenti provides the infrastructure; your legal team determines whether COPPA applies to your service.
⚠️For services not directed at children: implement age screening. Redirect users who indicate they are under 13 away from your service entirely (do not simply deny consent). This is a legal requirement, not a UX choice.