OpenAI's services are not intended for children under 13, and the company states it will delete any personal data it discovers was collected from a child under that age.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision implements compliance requirements under the Children's Online Privacy Protection Act (COPPA) and similar child privacy regulations. It establishes OpenAI's operational stance regarding age-gated service access and creates a data deletion procedure for inadvertently collected information from children under 13.
The updated policy removes language describing how OpenAI uses advertiser and data partner information to personalize ads and measure ad effectiveness. The policy also removes the specific mechanism Free and Go users previously had to control ad personalization through account settings. In exchange, the policy adds explicit authorization for OpenAI to identify which of a user's contacts use OpenAI services and to monitor all content submitted on the platform for fraud and misuse detection. The authorization to monitor content and identify contacts now appears in the main policy purposes section rather than in supplementary documentation. You can review the Korea Addendum if you are located in South Korea to understand region-specific privacy rules.
View change record →The updated policy removes language that previously described ad personalization controls available to Free and Go users through account settings, though the policy continues to authorize OpenAI to personalize ads and measure their effectiveness for these user tiers. Previously, the policy explicitly stated that 'For Free and Go users, you can use the advertising controls in your account settings to control what data we use to personalize the ads we show you on our Services.' This language is no longer present in the updated version. The policy still lists ad personalization as an authorized use of personal data for Free and Go users, but no longer explicitly describes how users can access controls to manage this practice. You should verify whether advertising controls remain functional in your OpenAI account settings, as the policy no longer explicitly references them.
View change record →The updated policy removes specific language stating that OpenAI receives advertiser data to personalize ads shown to Free and Go users. It also removes reference to account-level advertising controls previously described in account settings. These removals are replaced with broader language authorizing OpenAI to promote products through direct marketing and third-party properties, subject to choices and controls, but the terms no longer explicitly describe what advertiser data is collected, from whom, or how to manage it at the account level. The policy now requires users to follow a 'learn more' link to understand ad personalization controls, rather than documenting those controls directly in the privacy policy.
View change record →Parents should be aware that no technical age verification is described in the policy; if a child under 13 uses the service, their conversation data may be collected before any corrective deletion occurs.
How other platforms handle this
Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete such info...
Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information. Users between the ages of 1...
Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our services are not directed to children under the age of 13. If you are under 13, please do not use our services or provide us with any personal information. If we learn that we have collected personal information from a child under 13, we will delete it. If you believe a child under 13 has provided us with personal information, please contact us at privacy@openai.com.— Excerpt from OpenAI's OpenAI Privacy Policy
(1) REGULATORY LANDSCAPE: This provision directly implicates COPPA (Children's Online Privacy Protection Act), enforced by the FTC, which requires verifiable parental consent before collecting personal information from children under 13. For EEA users, GDPR Article 8 sets the digital consent age at 16 (or lower as set by member states, with a floor of 13), and age verification obligations may apply. The UK Age Appropriate Design Code (Children's Code) imposes additional design and data minimization obligations for services likely to be accessed by minors. (2) GOVERNANCE EXPOSURE: High. The policy states services are 'not directed to' children under 13 but does not describe a verified age gate or parental consent mechanism. Regulators have taken enforcement action against AI and tech companies for inadequate COPPA compliance, and the FTC has signaled heightened scrutiny of AI platforms. (3) JURISDICTION FLAGS: US-wide COPPA exposure applies. EEA jurisdictions with a digital consent age above 13 (e.g., Germany at 16, France at 15) create additional compliance obligations. The UK Children's Code applies where children are 'likely' to access the service, regardless of whether the service is formally directed at them. (4) CONTRACT AND VENDOR IMPLICATIONS: B2B customers deploying OpenAI services in educational or family-facing contexts should conduct independent COPPA and state minor privacy law assessments and should not rely solely on OpenAI's policy statement as sufficient compliance coverage. (5) COMPLIANCE CONSIDERATIONS: Teams should evaluate whether existing age verification and parental consent mechanisms meet COPPA requirements and whether product design adequately limits minors' access; the absence of a described technical enforcement mechanism in the policy is a due diligence flag.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision implements compliance requirements under the Children's Online Privacy Protection Act (COPPA) and similar child privacy regulations. It establishes OpenAI's operational stance regarding age-gated service access and creates a data deletion procedure for inadvertently collected information from children under 13.
Parents should be aware that no technical age verification is described in the policy; if a child under 13 uses the service, their conversation data may be collected before any corrective deletion occurs.
ConductAtlas has identified this type of provision across 10 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.