Roblox may collect a selfie or facial image from you to verify your age. The policy states this image is deleted after the age check is complete, but the collection of facial imagery is a form of biometric data processing.
This analysis describes what Roblox's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Facial imagery used for age estimation constitutes biometric data in many jurisdictions, triggering specific legal requirements around consent, disclosure, and deletion that go beyond standard privacy obligations.
Interpretive note: The scope of users subject to facial age estimation, the identity of the age estimation vendor, and the technical deletion mechanism are not fully described in this policy text; the referenced Facial Media Capture Policy would need to be reviewed for complete analysis.
If you are asked to complete age verification on Roblox, your facial image is collected and processed. The policy states this image is deleted after the age estimation process is complete, but the act of collection and processing of facial imagery may trigger biometric privacy rights in certain US states and GDPR special category data protections in the EU.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Roblox has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"To assess user ages, Roblox may collect information about you, including images such as a selfie, to perform age assurance. Information collected to assess user ages, such as images taken to perform facial age estimation, is deleted once the age assurance process is complete. You can learn more about Roblox's practices in the Roblox Facial Media Capture Policy.— Excerpt from Roblox's Roblox Privacy Policy
REGULATORY LANDSCAPE: Facial imagery used for biometric identification or age estimation engages Illinois BIPA (which requires written consent and prohibits sale of biometric data), Texas CUBI, Washington's My Health MY Data Act, and GDPR Article 9 (special category biometric data requiring explicit consent). The FTC also has enforcement interest in biometric data practices under its unfair and deceptive practices authority. The policy's claim that images are deleted post-process does not eliminate the collection and processing event itself, which is the trigger for most biometric privacy obligations. GOVERNANCE EXPOSURE: High. Biometric data collection, even for a brief age-check purpose, creates significant regulatory exposure in Illinois (BIPA provides a private right of action with statutory damages of $1,000 to $5,000 per violation), and in EU/EEA jurisdictions where facial data is classified as special category data requiring explicit consent. The scope of the user population potentially subject to facial age estimation is not clearly bounded in the policy text, which adds to the exposure profile. JURISDICTION FLAGS: Illinois (BIPA, private right of action), Texas (CUBI), Washington (My Health My Data Act), EU and EEA (GDPR Article 9), UK (UK GDPR). California's CPRA includes biometric data as sensitive personal information with specific disclosure and opt-out obligations. The policy references a separate Roblox Facial Media Capture Policy for further detail, which should be reviewed in conjunction with this document. CONTRACT AND VENDOR IMPLICATIONS: If Roblox uses a third-party age estimation vendor, that vendor's data processing agreement must include biometric-specific protections, including prohibition on retention beyond the session, prohibition on secondary use, and confirmation of technical deletion. Standard DPAs may not cover biometric data adequately. Vendor assessment should include confirmation of ISO 27001 or equivalent certification and a review of the vendor's own subprocessor chain. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm the technical deletion mechanism for facial images post-age-estimation, including audit logs demonstrating deletion. Consent flows for users in Illinois, Texas, and EU jurisdictions must be reviewed to ensure they meet jurisdiction-specific standards for biometric data. The Roblox Facial Media Capture Policy referenced in the document should be reviewed for consistency and completeness. A data protection impact assessment (DPIA) under GDPR Article 35 is likely required given the special category nature of biometric data.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Facial imagery used for age estimation constitutes biometric data in many jurisdictions, triggering specific legal requirements around consent, disclosure, and deletion that go beyond standard privacy obligations.
If you are asked to complete age verification on Roblox, your facial image is collected and processed. The policy states this image is deleted after the age estimation process is complete, but the act of collection and processing of facial imagery may trigger biometric privacy rights in certain US states and GDPR special category data protections in the EU.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Roblox.