Children under 13 can use Roblox with a username, password, and birthdate, plus an optional gender. Roblox collects persistent identifiers like IP addresses for internal operations and states it does not use this data for behavioral advertising.
This analysis describes what Roblox's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the data collection floor for Roblox's youngest users and the legal framework under which Roblox claims COPPA compliance, which is one of the most actively enforced areas of US privacy law for platforms with minor users.
Children under 13 on Roblox have their data collection limited to account setup information and persistent identifiers for internal operations only. Parents have the right to review, delete, or restrict further collection of their child's personal information by submitting a request through the Roblox Customer Support Form.
How other platforms handle this
Our online services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible.
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13 without parental consent. If we become aware that we have collected personal information from a child under the age of 13 without parental consent, we wil...
Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information.
Monitoring
Roblox has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you're under 13 years old and create an account, we ask for some information (which is non-personal information, as defined by COPPA) to let you use Roblox. We'll collect: your username (required). We need this to create your account and run the Roblox Service. We don't use your username to identify you outside of Roblox; your password (required). We need this to log you in to your account and to run the Roblox Service; your date of birth (required). We'll use this information to make sure your account has certain default settings intended for your age; your gender (optional). We will use this information to customize your experience.— Excerpt from Roblox's Roblox Privacy Policy
REGULATORY LANDSCAPE: This provision directly engages COPPA, enforced by the FTC. COPPA requires verifiable parental consent before collecting personal information from children under 13, with limited exceptions for internal operations. Roblox's reliance on the internal operations exception for persistent identifier collection is a standard but scrutinized approach. The FTC has historically taken enforcement action against platforms that allowed third-party access to children's data even where internal-operations exceptions were claimed. The policy's assertion that persistent identifiers are used only for enumerated internal operations is a key compliance claim that requires operational verification. GOVERNANCE EXPOSURE: High. Roblox's large under-13 user base makes COPPA compliance a primary enforcement risk. The policy asserts that contractual requirements and technical measures prevent misuse of persistent identifiers, but the adequacy of these controls is not described in detail. Any gap between the policy's assertions and operational implementation could constitute a COPPA violation with significant civil penalty exposure. JURISDICTION FLAGS: United States (COPPA, FTC enforcement). State-level children's privacy laws in California (AADC-equivalent protections under CPRA), Utah, and other states may impose additional obligations for minor users that exceed COPPA's baseline. Internationally, GDPR Article 8 and UK GDPR impose more stringent parental consent requirements for users under 16 (or lower national age thresholds). CONTRACT AND VENDOR IMPLICATIONS: Service providers processing persistent identifiers from users under 13 must be bound by contractual requirements sufficient to meet COPPA's operator-agent standard. Vendor contracts should be reviewed to confirm they prohibit secondary use of children's data, require deletion upon request, and include audit rights. Standard vendor agreements may not include these provisions without specific COPPA addenda. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the list of service providers with access to persistent identifiers from under-13 users to confirm contractual compliance. The parental consent and notification flows, including the optional parent email collection and the 24-hour deletion window if linking is not completed, should be tested for operational accuracy. The retention policy for children's data, including the two-year post-deletion safety retention period, should be evaluated for consistency with COPPA's data minimization requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the data collection floor for Roblox's youngest users and the legal framework under which Roblox claims COPPA compliance, which is one of the most actively enforced areas of US privacy law for platforms with minor users.
Children under 13 on Roblox have their data collection limited to account setup information and persistent identifiers for internal operations only. Parents have the right to review, delete, or restrict further collection of their child's personal information by submitting a request through the Roblox Customer Support Form.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Roblox.