OpenAI states that its services are not for children under 13 and that it does not intentionally collect data from them; if it discovers a child's data has been collected, it states it will delete it.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the age threshold for service eligibility and invokes COPPA compliance obligations; the 'knowingly' qualifier means enforcement depends on OpenAI's ability to detect underage users, which relies primarily on age declared at registration.
The updated policy removes language describing how OpenAI uses advertiser and data partner information to personalize ads and measure ad effectiveness. The policy also removes the specific mechanism Free and Go users previously had to control ad personalization through account settings. In exchange, the policy adds explicit authorization for OpenAI to identify which of a user's contacts use OpenAI services and to monitor all content submitted on the platform for fraud and misuse detection. The authorization to monitor content and identify contacts now appears in the main policy purposes section rather than in supplementary documentation. You can review the Korea Addendum if you are located in South Korea to understand region-specific privacy rules.
View change record →The updated policy removes language that previously described ad personalization controls available to Free and Go users through account settings, though the policy continues to authorize OpenAI to personalize ads and measure their effectiveness for these user tiers. Previously, the policy explicitly stated that 'For Free and Go users, you can use the advertising controls in your account settings to control what data we use to personalize the ads we show you on our Services.' This language is no longer present in the updated version. The policy still lists ad personalization as an authorized use of personal data for Free and Go users, but no longer explicitly describes how users can access controls to manage this practice. You should verify whether advertising controls remain functional in your OpenAI account settings, as the policy no longer explicitly references them.
View change record →The updated policy removes specific language stating that OpenAI receives advertiser data to personalize ads shown to Free and Go users. It also removes reference to account-level advertising controls previously described in account settings. These removals are replaced with broader language authorizing OpenAI to promote products through direct marketing and third-party properties, subject to choices and controls, but the terms no longer explicitly describe what advertiser data is collected, from whom, or how to manage it at the account level. The policy now requires users to follow a 'learn more' link to understand ad personalization controls, rather than documenting those controls directly in the privacy policy.
View change record →The policy states that users under 13 are not permitted to use OpenAI services and that data collected from such users will be deleted if discovered; parents who believe their child has created an account can request deletion through privacy.openai.com.
How other platforms handle this
Our Services are not directed to children under 13. If you learn that anyone younger than 13 has unlawfully provided us with personal data, please contact us at privacy@medium.com.
Redfin may offer interactive features such as chat services, forums, and social media pages. We may collect the information you submit or make available through these features. Any content you provide on the public sections of these channels will be considered "public" and will not be subject to the...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our services are not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.— Excerpt from OpenAI's OpenAI Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages the Children's Online Privacy Protection Act (COPPA), enforced by the FTC, which prohibits operators from collecting personal information from children under 13 without verifiable parental consent. The FTC has taken enforcement action against technology platforms for inadequate age verification and insufficient parental consent mechanisms. The 'knowingly' standard in COPPA means that platforms are not strictly liable for all underage data collection but must have reasonable mechanisms to detect and respond to known violations. GOVERNANCE EXPOSURE: Medium. The policy relies on user-declared age without describing any technical age verification mechanism, which is a common industry approach but one that the FTC has scrutinized in enforcement actions. If OpenAI becomes aware that a significant number of underage users are accessing its services, the adequacy of its current controls may be assessed under COPPA. JURISDICTION FLAGS: COPPA applies federally across all US jurisdictions. Some states including California have enacted additional children's privacy laws (California Age-Appropriate Design Code, also known as AB 2273) that impose broader obligations for services likely to be accessed by minors under 18. The applicability of the California AADC to OpenAI's consumer products may warrant separate legal assessment. CONTRACT AND VENDOR IMPLICATIONS: Educational institutions and other organizations that may facilitate student access to OpenAI products should assess whether FERPA obligations or the Children's Internet Protection Act impose additional requirements beyond COPPA. Vendor agreements with educational organizations should confirm which product tier applies and whether FERPA-compliant data processing terms are available. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that age verification or attestation mechanisms at account creation are documented and that the deletion process for identified underage user data is operationally tested. The California AADC's applicability to OpenAI's services should be assessed given the product's broad consumer accessibility.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the age threshold for service eligibility and invokes COPPA compliance obligations; the 'knowingly' qualifier means enforcement depends on OpenAI's ability to detect underage users, which relies primarily on age declared at registration.
The policy states that users under 13 are not permitted to use OpenAI services and that data collected from such users will be deleted if discovered; parents who believe their child has created an account can request deletion through privacy.openai.com.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.