8 Total
2 High severity
6 Medium severity
0 Low severity
Summary

This is Roblox's Privacy and Cookie Policy, covering how the platform collects, uses, and shares personal information for all users of Roblox services including its website, mobile apps, console apps, and development tools. The policy authorizes collection of identifiers, device data, usage activity, location data, communications, payment information, and facial images for age assurance, and permits sharing with service providers, advertising and analytics partners, and law enforcement or government authorities. Notably, the policy states that personalized advertising is disabled for users under 13, that non-personalized contextual ads may still be shown to under-13 users, and that personalized ads are not enabled until a user is 18.

Technical / Legal Breakdown

This document is the Roblox Privacy and Cookie Policy, effective April 30, 2026, governing the collection, processing, storage, and disclosure of personal information across Roblox's platform services including websites, mobile apps, virtual reality and console applications, Roblox Player, and Roblox Studio. The policy states that Roblox collects identifiers, device information, usage activity, location-related data, communications content, payment information, and biometric-adjacent data (facial images for age assurance), and authorizes sharing with service providers, advertising partners, analytics partners, law enforcement, and successor entities in corporate transactions. The policy contains notable provisions relevant to a platform with a substantial minor user base: it states that personalized advertising is disabled for users under 13, that non-personalized ads may be shown to users under 13 based on contextual signals, and that personalized ads are not shown until users are at least 18, which creates operationally distinct age-tiered advertising restrictions; the policy also discloses facial image collection for age assurance purposes, which the agreement states is deleted once the process is complete, though the practical scope of biometric data governance frameworks such as Illinois BIPA may interact with this practice depending on jurisdiction. The policy engages COPPA, GDPR and UK GDPR, Brazil's LGPD, California's CCPA and CPRA, and a range of US state privacy laws addressed through a separate US State Privacy Policy Addendum; the platform's global user base of minors creates heightened regulatory exposure under COPPA enforced by the FTC, and under the EU's GDPR as applied to children's data under Article 8, with the policy appointing EU and UK Article 27 representatives and an EU DPO in compliance with those frameworks.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

14 important changes detected

14 versions captured · Last updated: June 2026

June 24, 2026

unknown
What changed Roblox updated their Roblox Privacy and Cookie Policy on June 24, 2026. Change detected: 1 sentence(s) modified. Document contained 546 sentences after update.
View full change record →
What changed Roblox restructured its Privacy and Cookie Policy on May 15, 2026, replacing a brief effective-date notice with an expanded table of contents and organizational framework. The updated policy now opens with a dedicated privacy policy header, navigation categories for specific data collection scenarios (account setup, purchases, content posting, developer information), and jurisdiction-specific sections. The operational change is primarily structural: the policy reorganizes how privacy disclosures are presented and navigated rather than substantively altering collection practices or user rights.
Why this matters The updated privacy policy reorganizes how information is presented and indexed, adding a structured table of contents with sections for account creation, purchases, content posting, developer activities, and jurisdiction-specific privacy rights. The change is primarily structural: it groups related disclosures into clearer sections rather than modifying the substantive policies governing data collection or use. Users now have more granular navigation to find information relevant to their specific activities on the platform.
View full change record →

May 14, 2026 low

On May 14, 2026, Roblox added Hindi language support to its published privacy policy document listings. The policy documentation now includes a Hindi version (Roblox की प्राइवेसी और कुकी पॉलिसी …

View change record →
May 6, 2026 low

Roblox updated its Privacy and Cookie Policy on May 6, 2026, effective April 30, 2026. The updated policy now includes a new 'Effective Date' header and a 'Summary of Recent …

View change record →
May 6, 2026 low

Roblox restructured its Privacy and Cookie Policy on May 6, 2026, removing references to an earlier pending update notice and adding a new table-of-contents structure with expanded sections covering data …

View change record →
May 1, 2026 low

On May 1, 2026, Roblox updated its Privacy and Cookie Policy to reflect changes being made on the platform. The updated policy now begins with an explicit effective date of …

View change record →
May 1, 2026 medium

Roblox updated its privacy policy on May 1, 2026 to restrict personalized advertising for users under 18. The previous policy stated the platform personalizes ads for all users; the updated …

View change record →
April 29, 2026 low

Roblox updated its privacy policy on April 29, 2026 to add three new disclosures: clarification of who can see personalized versus non-personalized ads, description of information-sharing practices with authorities, and …

View change record →
April 23, 2026 medium

Roblox updated its Privacy and Cookie Policy effective April 23, 2026 to add detailed language about how it collects and uses persistent identifiers (IP addresses and device identifiers) from all …

View change record →
April 22, 2026 low

Roblox restructured the presentation of its Privacy and Cookie Policy on April 22, 2026, adding a welcome section and reorganizing the table of contents. The document now opens with a …

View change record →
April 21, 2026 low

Roblox updated its privacy policy publication on April 21, 2026, with an effective date of April 30, 2026. The updated policy reorganized its table of contents and added an explicit …

View change record →
April 19, 2026 low

Roblox restructured its privacy policy on April 19, 2026, adding a table of contents and reorganizing content into sections covering when information is collected, how it is shared, security measures, …

View change record →
April 16, 2026 low

Roblox updated its Privacy and Cookie Policy effective April 30, 2026, adding three substantive sections: clarification of who sees personalized versus non-personalized ads, disclosure of practices for sharing information with …

View change record →
March 8, 2026 medium

Roblox removed detailed explanations of how and why it collects user data, streamlined its privacy policy structure, and made specific clarifications about data practices for child accounts. The policy now …

View change record →

Recent Provision Changes Jun 24, 2026

Added (4)
Age-Tiered Advertising Restrictions High

Introduces automatic age-based feature gating with graduated privacy protections, deferring personalized advertising until age 18 rather than 13, representing stricter child privacy compliance.

Persistent Identifier Collection for Internal Operations Medium

Explicitly carves out exception allowing persistent identifier collection for children for core service functionality, clarifying what data collection remains permissible under COPPA compliance.

Law Enforcement and Government Authority Data Sharing Medium

Adds transparency about government data requests, likely required by regulatory changes or litigation pressure to disclose law enforcement cooperation practices.

GDPR and International Data Transfer Framework Medium

Introduces explicit GDPR compliance framework with designated EU representatives and data protection officer contact information, likely responding to increased EU regulatory enforcement.

Removed (6)
Behavioral Advertising and Cross-Context Data Sharing

Removal reflects shift away from broad third-party behavioral targeting disclosure, likely replaced by more restrictive age-tiered advertising policies that prohibit such practices for minors.

Data Subject Rights by Jurisdiction

Removal of consolidated jurisdiction-specific rights section suggests these provisions were relocated to jurisdiction-specific sections (like the new GDPR section) rather than eliminated.

Cookie and Tracking Technology Use

Removal of detailed tracking technology disclosure aligns with restrictions on such tracking for minors under age-tiered policy, though the current version mistakenly lists a contact provision under this name.

Data Sharing with Third Parties and Business Partners

Removal of broad third-party sharing framework, particularly advertising and analytics partner sharing, reflects tightening of data sharing practices for compliance with child privacy regulations.

Policy Updates and Notification

Removal may indicate this standard provision was moved to a separate policy section or deemed unnecessary as standard practice.

Modified (3)
Biometric Identifier Collection / Facial Image Collection for Age Assurance

Shifted from general biometric collection framework to specific age assurance use case with explicit deletion guarantee post-assessment and reference to separate facial media policy.

Collection of Personal Information from Children (COPPA Framework) / COPPA Data Minimization and Deletion for Under-13 Users

Shifted from parental consent framework to data minimization-first approach with automatic deletion or account protections for excess data collection rather than requiring parental intervention.

Account Closure and Data Retention / Data Retention and Deletion Policy

Expanded from simple deletion-on-request policy to comprehensive retention governance framework emphasizing purpose limitation, persistent identifier management, and operational safeguards like access controls and employee training.

View full change record →
High — 2 provisions
Medium — 6 provisions

Monitoring

Roblox has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Age-Tiered Advertising Restrictions and similar clauses.

Compare across platforms →
Archival ProvenanceSource & Archival Record
Last Captured June 24, 2026 00:09 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000073
Version ID CA-V-004156
SHA-256 3faf31f6bd3ef98d563c5b3e6c035b59fd338cc62ace0a458b7078e1ad890dc6
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans