Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is the Roblox Privacy and Cookie Policy, covering how Roblox collects, uses, and shares personal information for all users across its platform including websites, mobile apps, VR apps, console apps, Roblox Player, and Roblox Studio. The policy states that personalized advertising is available only to users aged 18 and older, that users under 13 have stronger default privacy settings with certain features disabled, and that Roblox collects persistent identifiers such as IP addresses and device identifiers from all users including children for internal operational purposes. The policy also discloses that Roblox may collect facial images for age assurance purposes, deleting those images once the age assurance process is complete.
This document is the Roblox Privacy and Cookie Policy, effective April 30, 2026, governing the collection, processing, storage, and sharing of personal information for all users of Roblox services globally, with specific provisions for users under 13, minors, EEA/UK/Swiss residents, Brazilian users, Korean users, California residents, and other US state residents. The policy states that Roblox collects identifiers, device information, location data, usage activity, communications content, social connections, payment information, and biometric-adjacent data such as facial images for age assurance; the terms authorize sharing this information with service providers, advertising partners, analytics partners, law enforcement, and in the context of corporate transactions. The policy discloses that personalized advertising is restricted to users aged 18 and older, that persistent identifiers are collected from users under 13 for internal operations under COPPA compliance frameworks, and that age assurance may involve collection of facial images that are deleted upon completion of the process. The policy engages COPPA, GDPR, UK GDPR, Brazil's LGPD, and various US state privacy laws including California's CCPA and CPRA; compliance obligations vary materially by jurisdiction and user age group. The April 2026 update specifically added language clarifying personalized versus non-personalized advertising eligibility by age and added disclosures regarding information sharing with authorities.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial7 important changes detected
7 versions captured · Last updated: June 2026
Roblox added Hindi language support to their downloadable privacy policy materials on May 14, 2026. The policy now includes a Hindi version (Roblox की प्राइवेसी और कुकी पॉलिसी 20260430.pdf, 1 …
View change record →Roblox's privacy policy was updated on May 6, 2026 with an effective date of April 30, 2026. The update added a new 'Summary of Recent Changes' section at the beginning …
View change record →On May 6, 2026, Roblox updated the structure and presentation of its Privacy and Cookie Policy. The change involved adding a table of contents with section headings covering data collection, …
View change record →Roblox's privacy policy was updated on May 5, 2026 to reflect changes being made on the platform, with an effective date of April 30, 2026. The updated policy adds a …
View change record →Roblox restructured its privacy policy on May 5, 2026 by adding a detailed table of contents and reorganizing content sections. The prior version presented a brief summary of recent changes …
View change record →This new provision establishes automatic privacy protections for under-13 users and delays personalized advertising until age 18, indicating a shift toward stricter child privacy compliance.
This new biometric data collection practice represents a significant privacy expansion, as Roblox now explicitly collects and processes facial images, though with stated deletion after verification.
Addition of law enforcement data sharing practices increases transparency about government data requests and user information disclosure.
This new hierarchy clause clarifies that location-specific privacy rules take precedence, potentially allowing regional opt-outs and stricter regulations to override general policy.
This new provision specifies data handling for parental account setup failures, ensuring unused parental contact information is promptly deleted.
Removal of explicit third-party data sharing provision may indicate tightened data sharing restrictions, particularly in response to child privacy regulations limiting advertising partner access.
Removal of explicit CPRA opt-out language may suggest integration into location-specific policies or substantive changes to data sharing practices.
Removal of cookie usage disclosure suggests restrictions on tracking technologies, likely due to stricter child privacy enforcement limiting cookies for under-13 users.
Removal of explicit cross-border transfer disclosure may indicate relocation to location-specific policies or compliance with stricter regional data localization requirements.
Removal of user rights summary suggests consolidation into location-specific addenda per the new override clause, potentially allowing tiered rights based on jurisdiction.
Previous version stated only necessary information was collected with parental consent; current version now explicitly includes persistent identifiers (IP address, device identifiers) collected from users under 13 without mentioning parental consent requirement.
Previous version allowed behavioral advertising at age 13; current version delays personalized advertising until age 18, establishing a more restrictive policy for teen users.
Previous version outlined general retention and 45-day deletion response times; current version specifies that persistent identifiers can be retained for up to two years post-deletion for safety and security purposes.
Monitoring
Roblox has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Age-Tiered Advertising Restrictions and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.