Fitbit's services are not intended for children under 13, and Fitbit states it will delete data if it discovers it has been collected from a child under that age.
This analysis describes what Fitbit's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy relies on a reactive approach to children's data rather than proactive age verification, meaning children under 13 may use the service and provide health data before the issue is identified and addressed.
Interpretive note: The policy does not describe the specific age verification mechanisms in place, making it unclear whether the operational implementation meets COPPA's verifiable parental consent standard.
If a child under 13 creates a Fitbit account, their health data including heart rate and sleep information may be collected before Fitbit becomes aware and acts to delete it, as the policy does not describe active age verification measures.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Fitbit has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete the information as soon as possible.— Excerpt from Fitbit's Fitbit Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages the Children's Online Privacy Protection Act, which requires verifiable parental consent before collecting personal information from children under 13, and imposes obligations on operators of websites and online services directed at children. The FTC enforces COPPA and has brought numerous enforcement actions against fitness and health platforms. The reactive language in this provision, stating Fitbit will delete data if it learns a child under 13 has provided it, may not satisfy COPPA's requirement for active compliance measures. GOVERNANCE EXPOSURE: Medium. The absence of described age verification mechanisms creates COPPA compliance risk, particularly given that fitness trackers are commonly purchased as gifts for minors. The policy's reliance on self-reported age without verification is an area the FTC has scrutinized in prior enforcement actions. JURISDICTION FLAGS: COPPA applies across the US. EU users under 16 (or lower thresholds set by member states) require parental consent under GDPR Article 8 for information society services. UK GDPR and the UK Age Appropriate Design Code impose additional obligations for services likely to be accessed by children. CONTRACT AND VENDOR IMPLICATIONS: Retailers and distributors of Fitbit products for youth markets should assess whether their sales practices create any co-liability under COPPA for enabling child account creation without parental consent mechanisms. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether Fitbit's age gate mechanisms at account creation are adequate to satisfy COPPA's verifiable parental consent requirements, and whether the reactive deletion procedure described in the policy constitutes a sufficient operational safeguard. The UK Age Appropriate Design Code may require additional review if the product is marketed or accessible to minors in the UK.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy relies on a reactive approach to children's data rather than proactive age verification, meaning children under 13 may use the service and provide health data before the issue is identified and addressed.
If a child under 13 creates a Fitbit account, their health data including heart rate and sleep information may be collected before Fitbit becomes aware and acts to delete it, as the policy does not describe active age verification measures.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Fitbit.