What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages COPPA (enforced by the FTC) with respect to users under 13, requiring verifiable parental consent before collecting personal data from children; the adequacy of Roblox's age-gating and consent mechanisms is a primary compliance focal point. The policy also engages GDPR and UK GDPR for EU/EEA and UK users, requiring a lawful basis for each processing activity and imposing data subject rights obligations; the policy identifies multiple legal bases includi…

How does Roblox's Roblox Privacy Policy affect users?

The policy authorizes Roblox to collect a broad range of personal data including identifiers, device information, behavioral and gameplay data, chat logs, and location-related data, and to share this information with advertising, analytics, and business partners for targeted advertising purposes, including for teen users aged 13-17. For users under 13, parental consent is required and parents have rights to access, correct, and delete their child's data, though the practical enforcement of thes…

How often is Roblox's Roblox Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Roblox updates this document?

Yes. Watcher subscribers ($9.99/month) can add Roblox to their watchlist and receive same-day email alerts whenever this document or any other Roblox document changes.

CA-D-000572

Roblox Privacy Policy

Roblox

Last change detected May 6, 2026 Privacy policy

SHA-256: 81a7dd2fb60d2a9c522… 4 versions captured 3 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Roblox ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

3 High severity

5 Medium severity

0 Low severity

Summary

This is Roblox's privacy policy, explaining what personal information Roblox collects from players and how it is used, shared, and protected. Roblox collects your name, email address, date of birth, device identifiers, location data, chat messages, gameplay activity, and purchase history, and the policy authorizes sharing this data with advertising and analytics partners for targeted advertising, including for users who are teens aged 13-17. If you are a parent of a child under 13, you can review and request deletion of your child's personal data by contacting Roblox at privacy@roblox.com or through the privacy request form at https://www.roblox.com/my/account.

Technical / Legal Breakdown

This document is Roblox's Privacy and Cookie Policy, effective April 30, 2026, governing the collection, use, storage, and sharing of personal data from users of the Roblox platform globally, with stated legal bases including consent, legitimate interests, contractual necessity, and legal obligation depending on jurisdiction. The policy states that Roblox collects identifiers (name, username, email, phone number, date of birth), device and technical data (IP address, browser type, operating system, device identifiers), usage and behavioral data (game activity, chat logs, purchase history, search queries), location data, user-generated content, and in some regions biometric or voice data; the terms authorize sharing this data with service providers, advertising and analytics partners, business partners, and in connection with corporate transactions. The policy asserts broad rights to use collected data for advertising personalization, product development, safety enforcement, and cross-context behavioral advertising, while also disclosing data collection practices from users under 13 subject to COPPA requirements, a distinction that is operationally significant given Roblox's substantial user base of minors. The policy engages COPPA (US), GDPR and UK GDPR (EU/EEA and UK users), CCPA/CPRA (California residents), and various other regional frameworks including Brazil's LGPD and South Korea's PIPA; enforcement authorities include the FTC, state attorneys general, the UK ICO, and EU data protection authorities. Material compliance considerations include the adequacy of parental consent mechanisms for under-13 users, the sufficiency of opt-out mechanisms for cross-context behavioral advertising under CPRA, and the lawfulness of data transfers from the EU/EEA to the United States under post-Schrems II transfer frameworks.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

3 important changes detected

4 versions captured · Last updated: May 2026

May 6, 2026

low

What changed Roblox's privacy policy was updated on May 6, 2026 with an effective date of April 30, 2026. The update added a new 'Summary of Recent Changes' section at the beginning of the policy and removed the introductory question 'Are you Under 13 or responsible for an under-13-year-old?' The change makes the policy structure more transparent by immediately disclosing that updates are being made, though the specific substantive policy changes referenced in the summary are not detailed in the provided diff.

Why this matters The updated policy now includes a 'Summary of Recent Changes' section that announces the policy is being updated effective April 30, 2026. This change makes policy updates more immediately visible to users. The removal of the introductory question about under-13 status is a structural change that does not alter substantive privacy rights or obligations. The specific substantive privacy changes referenced in the summary section are not detailed in the provided document excerpt.

View full change record →

May 6, 2026

low

What changed On May 6, 2026, Roblox updated the structure and presentation of its Privacy and Cookie Policy. The change involved adding a table of contents with section headings covering data collection, sharing, storage, rights by jurisdiction, and automated decision-making, while modifying the introductory framing to include a prompt asking whether users are under 13. The operational effect is organizational and presentational rather than substantive to the underlying privacy terms themselves.

Why this matters The updated Privacy Policy now includes an expanded table of contents and reorganized structure designed to improve navigation and clarity of existing terms. The change does not modify the underlying data collection, sharing, retention, or processing practices described in the policy. The operational effect is presentational and organizational; the substantive privacy rights and obligations remain as previously stated, effective April 30, 2026.

View full change record →

May 5, 2026 low

Roblox's privacy policy was updated on May 5, 2026 to reflect changes being made on the platform, with an effective date of April 30, 2026. The updated policy adds a …

View change record →

High — 3 provisions

Collection of Personal Data from Children Under 13 (COPPA) Compare →

For players under 13, Roblox states it collects limited information and requires parent permission before collecting more. Parents can ask Roblox to show them, fix, or delete their child's data.

Added May 12, 2026 Standard Seen across 262 platforms
Behavioral Advertising to Teen Users (Ages 13-17) Compare →

Roblox states it may show targeted ads to teen users aged 13-17 based on their in-game activity and behavior, though settings are available to adjust these preferences.

Added May 12, 2026 Standard Seen across 189 platforms
Data Sharing with Advertising and Analytics Partners Compare →

Roblox states it shares your personal data with advertising and analytics companies, who may use tracking technologies to follow your activity on Roblox and potentially on other websites.

Added May 12, 2026 Standard Seen across 246 platforms

Medium — 5 provisions

Do Not Sell or Share My Personal Information (California CPRA Opt-Out) Compare →

If you live in California, you have the right to tell Roblox to stop selling or sharing your personal information with advertising partners. You can do this through your account settings or a link on the Roblox website.

Added May 12, 2026 Standard Seen across 262 platforms
Data Retention and Deletion Rights Compare →

Roblox keeps your personal data for as long as it needs to for its services and legal requirements. You can request deletion of your data, and Roblox states it will respond within 45 days (with a possible 45-day extension).

Added May 12, 2026 Standard Seen across 223 platforms
Cookie and Tracking Technology Use Compare →

Roblox uses cookies and similar tracking tools to monitor how you use the platform, remember your settings, and show you targeted ads. You can manage cookie settings through your browser or Roblox's cookie preference tool.

Added May 10, 2026 Standard Seen across 251 platforms
Cross-Border Data Transfers Compare →

Roblox may transfer your personal data to the United States and other countries, which may have different privacy protections than your home country. The policy states that by using Roblox, you agree to these transfers.

Added May 12, 2026 Standard Seen across 246 platforms
User Rights and Privacy Request Process Compare →

Depending on your location, you may have rights to see, fix, delete, or move your personal data, or to object to how it is used. You can submit requests through your Roblox account settings or by emailing privacy@roblox.com.

Added May 12, 2026 Standard Seen across 262 platforms