What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages COPPA (enforced by the FTC) for users under 13 in the United States, requiring verifiable parental consent before collecting personal information beyond the limited categories disclosed; GDPR and UK GDPR for EEA and UK users respectively, requiring a lawful basis for each processing activity and establishing data subject rights including access, erasure, and portability; Brazil's LGPD with a designated local DPO; and multiple US state privacy laws inclu…

How does Roblox's Roblox Privacy Policy affect users?

The agreement establishes tiered privacy protections based on age: users under 13 receive stronger default privacy settings with personalized advertising and certain features disabled, users aged 13-17 have access to additional features but remain excluded from personalized advertising, and personalized advertising is available only to users aged 18 and older. Under these terms, Roblox collects persistent identifiers including IP addresses and unique device identifiers from all users including …

How often is Roblox's Roblox Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Roblox updates this document?

Yes. Monitor subscribers ($19/month) can add Roblox to their watchlist and receive same-day email alerts whenever this document or any other Roblox document changes.

CA-D-000572

Roblox Privacy Policy

Roblox

Last change detected May 15, 2026 Privacy policy

SHA-256: 606290cc424bb1c1f25… 6 versions captured 6 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Roblox ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

2 High severity

4 Medium severity

2 Low severity

Summary

This is the Roblox Privacy and Cookie Policy, covering how Roblox collects, uses, and shares personal information for all users across its platform including websites, mobile apps, VR apps, console apps, Roblox Player, and Roblox Studio. The policy states that personalized advertising is available only to users aged 18 and older, that users under 13 have stronger default privacy settings with certain features disabled, and that Roblox collects persistent identifiers such as IP addresses and device identifiers from all users including children for internal operational purposes. The policy also discloses that Roblox may collect facial images for age assurance purposes, deleting those images once the age assurance process is complete.

Technical / Legal Breakdown

This document is the Roblox Privacy and Cookie Policy, effective April 30, 2026, governing the collection, processing, storage, and sharing of personal information for all users of Roblox services globally, with specific provisions for users under 13, minors, EEA/UK/Swiss residents, Brazilian users, Korean users, California residents, and other US state residents. The policy states that Roblox collects identifiers, device information, location data, usage activity, communications content, social connections, payment information, and biometric-adjacent data such as facial images for age assurance; the terms authorize sharing this information with service providers, advertising partners, analytics partners, law enforcement, and in the context of corporate transactions. The policy discloses that personalized advertising is restricted to users aged 18 and older, that persistent identifiers are collected from users under 13 for internal operations under COPPA compliance frameworks, and that age assurance may involve collection of facial images that are deleted upon completion of the process. The policy engages COPPA, GDPR, UK GDPR, Brazil's LGPD, and various US state privacy laws including California's CCPA and CPRA; compliance obligations vary materially by jurisdiction and user age group. The April 2026 update specifically added language clarifying personalized versus non-personalized advertising eligibility by age and added disclosures regarding information sharing with authorities.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

6 important changes detected

6 versions captured · Last updated: May 2026

May 15, 2026

low

What changed On May 15, 2026, Roblox updated the structure and presentation of its Privacy and Cookie Policy. The company removed the previous header format stating the policy was effective April 30, 2026, and replaced it with a new welcome message and table of contents listing specific data collection, sharing, and rights topics. The functional privacy protections and disclosures remain substantively unchanged; this change is organizational and structural rather than substantive to the underlying privacy terms.

Why this matters This change is a structural reorganization of Roblox's Privacy and Cookie Policy documentation rather than a modification of underlying privacy rights or data practices. The updated format introduces a welcome statement and a detailed table of contents organizing topics such as data collection, sharing practices, security measures, and user rights by geographic region. The substantive privacy terms and obligations described in the policy remain functionally unchanged.

View full change record →

May 14, 2026

low

What changed Roblox added Hindi language support to their downloadable privacy policy materials on May 14, 2026. The policy now includes a Hindi version (Roblox की प्राइवेसी और कुकी पॉलिसी 20260430.pdf, 1 MB) alongside existing language options. This is a document availability change with no modification to the policy's substantive terms or rights.

Why this matters The updated privacy policy materials now include a Hindi language version, making the policy accessible to Hindi-speaking users who prefer to review terms in that language. The substantive rights, obligations, and terms disclosed in the policy remain unchanged. Users can now download the Hindi version alongside existing translations in 17 other languages.

View full change record →

May 6, 2026 low

Roblox's privacy policy was updated on May 6, 2026 with an effective date of April 30, 2026. The update added a new 'Summary of Recent Changes' section at the beginning …

View change record →

May 6, 2026 low

On May 6, 2026, Roblox updated the structure and presentation of its Privacy and Cookie Policy. The change involved adding a table of contents with section headings covering data collection, …

View change record →

May 5, 2026 low

Roblox's privacy policy was updated on May 5, 2026 to reflect changes being made on the platform, with an effective date of April 30, 2026. The updated policy adds a …

View change record →

May 5, 2026 low

Roblox restructured its privacy policy on May 5, 2026 by adding a detailed table of contents and reorganizing content sections. The prior version presented a brief summary of recent changes …

View change record →

Recent Provision Changes May 15, 2026

8 provisions unchanged.

View full change record →

High — 2 provisions

Persistent Identifier Collection from Users Under 13 Compare →

The policy states that Roblox collects IP addresses and unique device identifiers from users under 13 for specified internal operations including contextual advertising frequency capping, authentication, and security, without requiring separate parental consent for these identifiers under the COPPA internal operations exception.

Added May 21, 2026 Standard Seen across 284 platforms
Facial Image Collection for Age Assurance Compare →

The policy states that Roblox may collect facial images including selfies from users for the purpose of estimating age, with those images deleted upon completion of the age assurance process.

Added May 21, 2026 Standard Seen across 284 platforms

Medium — 4 provisions

Personalized Advertising Age Restriction Compare →

The policy states that personalized advertising is disabled for users under 13 by default and is not available to any user under the age of 18, regardless of account settings.

Added May 21, 2026 Standard Seen across 284 platforms
Information Sharing with Authorities Compare →

The April 2026 update added language to the policy describing Roblox's practices for sharing user information with governmental authorities; the specific language of this provision was not fully reproduced in the truncated document text provided.

Added May 21, 2026 Standard Seen across 284 platforms
Data Retention Post-Account Deletion Compare →

The policy states that account deletion initiates permanent data deletion but permits retention and processing of persistent identifiers such as IP addresses and device identifiers for up to two years after deletion for stated safety and security purposes.

Added May 10, 2026 Standard Seen across 284 platforms
Content Filtering and Personal Information Removal in Public Areas Compare →

The policy states that Roblox applies both human and automated filtering to public content areas to remove personal information, phishing attempts, and prohibited content, while acknowledging that these systems are not fully effective.

Added May 21, 2026 Common Seen across 133 platforms

Low — 2 provisions

Location-Specific Policy Addenda Override Compare →

The policy establishes that location-specific provisions in Section 8, covering regions such as the EEA, UK, California, Brazil, and Korea, take precedence over the general policy terms in Sections 1-5 in the event of a conflict.

Added May 21, 2026 Standard Seen across 217 platforms
Parental Email Collection and 24-Hour Deletion Window Compare →

The policy states that if a child provides a parent's email address to link a parental account and the parent does not complete the linking process, Roblox will delete that email address within 24 hours.

Added May 21, 2026 Standard Seen across 284 platforms