Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Roblox's Privacy and Cookie Policy, covering how the platform collects, uses, and shares personal information for all users of Roblox services including its website, mobile apps, console apps, and development tools. The policy authorizes collection of identifiers, device data, usage activity, location data, communications, payment information, and facial images for age assurance, and permits sharing with service providers, advertising and analytics partners, and law enforcement or government authorities. Notably, the policy states that personalized advertising is disabled for users under 13, that non-personalized contextual ads may still be shown to under-13 users, and that personalized ads are not enabled until a user is 18.
This document is the Roblox Privacy and Cookie Policy, effective April 30, 2026, governing the collection, processing, storage, and disclosure of personal information across Roblox's platform services including websites, mobile apps, virtual reality and console applications, Roblox Player, and Roblox Studio. The policy states that Roblox collects identifiers, device information, usage activity, location-related data, communications content, payment information, and biometric-adjacent data (facial images for age assurance), and authorizes sharing with service providers, advertising partners, analytics partners, law enforcement, and successor entities in corporate transactions. The policy contains notable provisions relevant to a platform with a substantial minor user base: it states that personalized advertising is disabled for users under 13, that non-personalized ads may be shown to users under 13 based on contextual signals, and that personalized ads are not shown until users are at least 18, which creates operationally distinct age-tiered advertising restrictions; the policy also discloses facial image collection for age assurance purposes, which the agreement states is deleted once the process is complete, though the practical scope of biometric data governance frameworks such as Illinois BIPA may interact with this practice depending on jurisdiction. The policy engages COPPA, GDPR and UK GDPR, Brazil's LGPD, California's CCPA and CPRA, and a range of US state privacy laws addressed through a separate US State Privacy Policy Addendum; the platform's global user base of minors creates heightened regulatory exposure under COPPA enforced by the FTC, and under the EU's GDPR as applied to children's data under Article 8, with the policy appointing EU and UK Article 27 representatives and an EU DPO in compliance with those frameworks.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial14 important changes detected
14 versions captured · Last updated: June 2026
On May 14, 2026, Roblox added Hindi language support to its published privacy policy document listings. The policy documentation now includes a Hindi version (Roblox की प्राइवेसी और कुकी पॉलिसी …
View change record →Roblox updated its Privacy and Cookie Policy on May 6, 2026, effective April 30, 2026. The updated policy now includes a new 'Effective Date' header and a 'Summary of Recent …
View change record →Roblox restructured its Privacy and Cookie Policy on May 6, 2026, removing references to an earlier pending update notice and adding a new table-of-contents structure with expanded sections covering data …
View change record →On May 1, 2026, Roblox updated its Privacy and Cookie Policy to reflect changes being made on the platform. The updated policy now begins with an explicit effective date of …
View change record →Roblox updated its privacy policy on May 1, 2026 to restrict personalized advertising for users under 18. The previous policy stated the platform personalizes ads for all users; the updated …
View change record →Roblox updated its privacy policy on April 29, 2026 to add three new disclosures: clarification of who can see personalized versus non-personalized ads, description of information-sharing practices with authorities, and …
View change record →Roblox updated its Privacy and Cookie Policy effective April 23, 2026 to add detailed language about how it collects and uses persistent identifiers (IP addresses and device identifiers) from all …
View change record →Roblox restructured the presentation of its Privacy and Cookie Policy on April 22, 2026, adding a welcome section and reorganizing the table of contents. The document now opens with a …
View change record →Roblox updated its privacy policy publication on April 21, 2026, with an effective date of April 30, 2026. The updated policy reorganized its table of contents and added an explicit …
View change record →Roblox restructured its privacy policy on April 19, 2026, adding a table of contents and reorganizing content into sections covering when information is collected, how it is shared, security measures, …
View change record →Roblox updated its Privacy and Cookie Policy effective April 30, 2026, adding three substantive sections: clarification of who sees personalized versus non-personalized ads, disclosure of practices for sharing information with …
View change record →Roblox removed detailed explanations of how and why it collects user data, streamlined its privacy policy structure, and made specific clarifications about data practices for child accounts. The policy now …
View change record →Introduces automatic age-based feature gating with graduated privacy protections, deferring personalized advertising until age 18 rather than 13, representing stricter child privacy compliance.
Explicitly carves out exception allowing persistent identifier collection for children for core service functionality, clarifying what data collection remains permissible under COPPA compliance.
Adds transparency about government data requests, likely required by regulatory changes or litigation pressure to disclose law enforcement cooperation practices.
Introduces explicit GDPR compliance framework with designated EU representatives and data protection officer contact information, likely responding to increased EU regulatory enforcement.
Removal reflects shift away from broad third-party behavioral targeting disclosure, likely replaced by more restrictive age-tiered advertising policies that prohibit such practices for minors.
Removal of consolidated jurisdiction-specific rights section suggests these provisions were relocated to jurisdiction-specific sections (like the new GDPR section) rather than eliminated.
Removal of detailed tracking technology disclosure aligns with restrictions on such tracking for minors under age-tiered policy, though the current version mistakenly lists a contact provision under this name.
Removal of broad third-party sharing framework, particularly advertising and analytics partner sharing, reflects tightening of data sharing practices for compliance with child privacy regulations.
Removal may indicate this standard provision was moved to a separate policy section or deemed unnecessary as standard practice.
Shifted from general biometric collection framework to specific age assurance use case with explicit deletion guarantee post-assessment and reference to separate facial media policy.
Shifted from parental consent framework to data minimization-first approach with automatic deletion or account protections for excess data collection rather than requiring parental intervention.
Expanded from simple deletion-on-request policy to comprehensive retention governance framework emphasizing purpose limitation, persistent identifier management, and operational safeguards like access controls and employee training.
Monitoring
Roblox has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Age-Tiered Advertising Restrictions and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.