The agreement prohibits use of Substack by individuals under 16 and states that Substack does not knowingly collect personally identifiable information from children under 16. The agreement commits to deleting any such data if discovered.
This analysis describes what Substack's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a minimum age of 16 for platform use, which is above the COPPA threshold of 13, and commits Substack to deleting data collected from under-16 users upon discovery. The provision does not describe specific technical age verification mechanisms, which may be relevant to assessing COPPA compliance in practice.
This provision establishes that users under 16 are prohibited from registering for or using Substack, and that the platform will delete personally identifiable information collected from such users upon discovery. The agreement does not describe the age verification mechanism used to enforce this restriction.
How other platforms handle this
To access and use the Services, you must be at least the age of majority in the state, province, or territory where you live or at least 18 years of age. If you are under the age of 13, you may not use the Services and you should not be visiting the Sites or using the Services.
Our Services are not directed to children under 13. If you learn that anyone younger than 13 has unlawfully provided us with personal data, please contact us at privacy@medium.com.
The Service is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under the age of 13 has provided us with personal information without your cons...
Monitoring
Substack has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"The Children's Online Privacy Protection Act ("COPPA") requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children. We do not knowingly collect or solicit personally identifiable information from children under 16; if you are a child under 16, please do not attempt to register for Substack or send any personal information about yourself to us. If we learn we have collected personal information from a child under 16, we will delete that information as quickly as possible.— Excerpt from Substack's Substack Terms of Use
1) REGULATORY LANDSCAPE: COPPA, enforced by the FTC, requires verifiable parental consent before collecting personal information from children under 13. Substack's terms set the minimum age at 16, which is above the COPPA threshold and aligns with the minimum age applicable under GDPR for children's data processing in many EU member states. The UK's Age Appropriate Design Code sets an 18-year default for data protection standards for children, creating potential additional obligations for UK-accessible services. The FTC is the primary US enforcement authority for COPPA compliance. 2) GOVERNANCE EXPOSURE: Medium. The absence of a described technical age verification mechanism is a compliance risk factor, as COPPA enforcement has focused on whether platforms have adequate procedures to detect and prevent underage registration, not merely whether terms prohibit it. The commitment to delete data upon discovery is a standard remediation provision but does not address prevention. 3) JURISDICTION FLAGS: EU member states implementing GDPR Article 8 have set the minimum age for consent to data processing between 13 and 16; Substack's 16-year minimum aligns with the upper end of this range. The UK Children's Code imposes design-level obligations beyond mere age prohibition. California's Age-Appropriate Design Code Act may impose additional obligations for California minors. 4) CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Substack in educational or youth-oriented contexts should assess whether the under-16 prohibition is sufficient given applicable regulations in their jurisdictions. Vendors integrating with Substack should verify that their user populations comply with the age restriction. 5) COMPLIANCE CONSIDERATIONS: Legal teams should evaluate what age verification or gate mechanisms Substack employs in practice to enforce the under-16 prohibition, as this is a common focus of regulatory scrutiny. The deletion commitment should be mapped against data retention schedules to confirm it is operationally implemented. Contact at tos@substackinc.com is specified for reporting suspected underage users.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a minimum age of 16 for platform use, which is above the COPPA threshold of 13, and commits Substack to deleting data collected from under-16 users upon discovery. The provision does not describe specific technical age verification mechanisms, which may be relevant to assessing COPPA compliance in practice.
This provision establishes that users under 16 are prohibited from registering for or using Substack, and that the platform will delete personally identifiable information collected from such users upon discovery. The agreement does not describe the age verification mechanism used to enforce this restriction.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Substack.