Fitbit's services are not intended for children under 13, and Fitbit states it will delete data if it discovers it has been collected from a child under that age.
This analysis describes what Fitbit's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy relies on a reactive approach to children's data rather than proactive age verification, meaning children under 13 may use the service and provide health data before the issue is identified and addressed.
Interpretive note: The policy does not describe the specific age verification mechanisms in place, making it unclear whether the operational implementation meets COPPA's verifiable parental consent standard.
If a child under 13 creates a Fitbit account, their health data including heart rate and sleep information may be collected before Fitbit becomes aware and acts to delete it, as the policy does not describe active age verification measures.
How other platforms handle this
Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information.
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13 without parental consent. If we become aware that we have collected personal information from a child under the age of 13 without parental consent, we wil...
Our online services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible.
Monitoring
Fitbit has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete the information as soon as possible.— Excerpt from Fitbit's Fitbit Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages the Children's Online Privacy Protection Act, which requires verifiable parental consent before collecting personal information from children under 13, and imposes obligations on operators of websites and online services directed at children. The FTC enforces COPPA and has brought numerous enforcement actions against fitness and health platforms. The reactive language in this provision, stating Fitbit will delete data if it learns a child under 13 has provided it, may not satisfy COPPA's requirement for active compliance measures. GOVERNANCE EXPOSURE: Medium. The absence of described age verification mechanisms creates COPPA compliance risk, particularly given that fitness trackers are commonly purchased as gifts for minors. The policy's reliance on self-reported age without verification is an area the FTC has scrutinized in prior enforcement actions. JURISDICTION FLAGS: COPPA applies across the US. EU users under 16 (or lower thresholds set by member states) require parental consent under GDPR Article 8 for information society services. UK GDPR and the UK Age Appropriate Design Code impose additional obligations for services likely to be accessed by children. CONTRACT AND VENDOR IMPLICATIONS: Retailers and distributors of Fitbit products for youth markets should assess whether their sales practices create any co-liability under COPPA for enabling child account creation without parental consent mechanisms. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether Fitbit's age gate mechanisms at account creation are adequate to satisfy COPPA's verifiable parental consent requirements, and whether the reactive deletion procedure described in the policy constitutes a sufficient operational safeguard. The UK Age Appropriate Design Code may require additional review if the product is marketed or accessible to minors in the UK.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy relies on a reactive approach to children's data rather than proactive age verification, meaning children under 13 may use the service and provide health data before the issue is identified and addressed.
If a child under 13 creates a Fitbit account, their health data including heart rate and sleep information may be collected before Fitbit becomes aware and acts to delete it, as the policy does not describe active age verification measures.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Fitbit.