Substack · Substack Terms of Use · View original document ↗

COPPA Under-16 Prohibition

Medium severity High confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Substack recorded 5 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Substack Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Substack prohibits users under 16 from registering or sharing personal information. If Substack discovers it has collected data from someone under 16, it will delete that data.

This analysis describes what Substack's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The minimum age threshold of 16 is higher than COPPA's 13-year statutory minimum, which means Substack has adopted a stricter standard that also captures 13 to 15-year-olds who might otherwise legally use other platforms.

Consumer impact (what this means for users)

Users aged 13 to 15 are expressly prohibited from using Substack, a threshold higher than what COPPA strictly requires. Parents who believe their child under 16 has registered should contact tos@substackinc.com to request data deletion.

How other platforms handle this

Redfin Medium

To access and use the Services, you must be at least the age of majority in the state, province, or territory where you live or at least 18 years of age. If you are under the age of 13, you may not use the Services and you should not be visiting the Sites or using the Services.

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Garmin Medium

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...

See all platforms with this clause type →

Monitoring

Substack has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
The Children's Online Privacy Protection Act ("COPPA") requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children. We do not knowingly collect or solicit personally identifiable information from children under 16; if you are a child under 16, please do not attempt to register for Substack or send any personal information about yourself to us. If we learn we have collected personal information from a child under 16, we will delete that information as quickly as possible.

— Excerpt from Substack's Substack Terms of Use

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: COPPA, enforced by the FTC, requires verifiable parental consent before collecting personal information from children under 13. Substack's adoption of a 16-year age threshold exceeds this statutory minimum, which may also engage state-level minors' privacy statutes including the California Age-Appropriate Design Code (AADC, AB 2273) which imposes obligations for services likely to be accessed by users under 18. The EU's GDPR sets a digital consent age of 16 by default (with member states permitted to lower it to 13), making Substack's 16-year threshold consistent with GDPR's default standard. The UK Children's Code (Age Appropriate Design Code) similarly covers users under 18. GOVERNANCE EXPOSURE: Medium. The contractual commitment to delete data collected from under-16 users 'as quickly as possible' is an operational commitment that requires effective age verification or age assurance mechanisms to implement meaningfully. The Terms rely on self-declaration and contractual prohibition rather than technical age verification, which is increasingly scrutinized by regulators, particularly under the California AADC and the UK Children's Code. JURISDICTION FLAGS: California's Age-Appropriate Design Code creates heightened obligations for platforms likely to be accessed by minors under 18, including default privacy settings and data minimization requirements that go beyond the contractual prohibition in these Terms. UK and EU regulators have been active in enforcing Children's Code and GDPR age assurance requirements against platforms. The FTC's enforcement of COPPA has historically focused on actual knowledge and reasonable inference standards for minors' data collection. CONTRACT AND VENDOR IMPLICATIONS: Substack's reliance on contractual self-certification for age compliance (the user 'represents and warrants' legal age to contract) rather than technical age verification creates operational risk in jurisdictions where regulators expect affirmative age assurance. Procurement teams assessing Substack for institutional use in educational or youth-adjacent contexts should evaluate this gap. COMPLIANCE CONSIDERATIONS: Substack's operational implementation of the under-16 data deletion commitment should be documented and audited. The contact mechanism for reporting potential minor registrations (tos@substackinc.com) should be tested for responsiveness. Organizations using Substack in contexts where minor access is plausible should consider independent controls rather than relying solely on Substack's contractual prohibition.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC enforces COPPA and has primary jurisdiction over children's online privacy violations, including cases where platforms collect personal information from minors without adequate parental consent mechanisms.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US
VPPA
United States Federal

Provision details

Document information
Document
Substack Terms of Use
Entity
Substack
Document last updated
May 5, 2026
Tracking information
First tracked
May 9, 2026
Last verified
May 9, 2026
Record ID
CA-P-007352
Document ID
CA-D-00177
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
41416b34172df3713d5b8670e8d77adf1364d7996add1e774596900f50b939ae
Analysis generated
May 9, 2026 17:50 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Substack
Document: Substack Terms of Use
Record ID: CA-P-007352
Captured: 2026-05-09 17:50:51 UTC
SHA-256: 41416b34172df371…
URL: https://conductatlas.com/platform/substack/substack-terms-of-use/coppa-under-16-prohibition/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Substack's COPPA Under-16 Prohibition clause do?

The minimum age threshold of 16 is higher than COPPA's 13-year statutory minimum, which means Substack has adopted a stricter standard that also captures 13 to 15-year-olds who might otherwise legally use other platforms.

How does this clause affect you?

Users aged 13 to 15 are expressly prohibited from using Substack, a threshold higher than what COPPA strictly requires. Parents who believe their child under 16 has registered should contact tos@substackinc.com to request data deletion.

Is ConductAtlas affiliated with Substack?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Substack.