Substack prohibits users under 16 from registering or sharing personal information. If Substack discovers it has collected data from someone under 16, it will delete that data.
This analysis describes what Substack's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The minimum age threshold of 16 is higher than COPPA's 13-year statutory minimum, which means Substack has adopted a stricter standard that also captures 13 to 15-year-olds who might otherwise legally use other platforms.
Users aged 13 to 15 are expressly prohibited from using Substack, a threshold higher than what COPPA strictly requires. Parents who believe their child under 16 has registered should contact tos@substackinc.com to request data deletion.
How other platforms handle this
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13 without parental consent. If we become aware that we have collected personal information from a child under the age of 13 without parental consent, we wil...
Our online services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible.
YOU MUST BE AND HEREBY AFFIRM THAT YOU ARE AN ADULT OF THE LEGAL AGE OF MAJORITY IN YOUR COUNTRY OR STATE OF RESIDENCE. If you are under the legal age of majority, your parent or legal guardian must consent to this agreement.
Monitoring
Substack has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"The Children's Online Privacy Protection Act ("COPPA") requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children. We do not knowingly collect or solicit personally identifiable information from children under 16; if you are a child under 16, please do not attempt to register for Substack or send any personal information about yourself to us. If we learn we have collected personal information from a child under 16, we will delete that information as quickly as possible.— Excerpt from Substack's Substack Terms of Use
REGULATORY LANDSCAPE: COPPA, enforced by the FTC, requires verifiable parental consent before collecting personal information from children under 13. Substack's adoption of a 16-year age threshold exceeds this statutory minimum, which may also engage state-level minors' privacy statutes including the California Age-Appropriate Design Code (AADC, AB 2273) which imposes obligations for services likely to be accessed by users under 18. The EU's GDPR sets a digital consent age of 16 by default (with member states permitted to lower it to 13), making Substack's 16-year threshold consistent with GDPR's default standard. The UK Children's Code (Age Appropriate Design Code) similarly covers users under 18. GOVERNANCE EXPOSURE: Medium. The contractual commitment to delete data collected from under-16 users 'as quickly as possible' is an operational commitment that requires effective age verification or age assurance mechanisms to implement meaningfully. The Terms rely on self-declaration and contractual prohibition rather than technical age verification, which is increasingly scrutinized by regulators, particularly under the California AADC and the UK Children's Code. JURISDICTION FLAGS: California's Age-Appropriate Design Code creates heightened obligations for platforms likely to be accessed by minors under 18, including default privacy settings and data minimization requirements that go beyond the contractual prohibition in these Terms. UK and EU regulators have been active in enforcing Children's Code and GDPR age assurance requirements against platforms. The FTC's enforcement of COPPA has historically focused on actual knowledge and reasonable inference standards for minors' data collection. CONTRACT AND VENDOR IMPLICATIONS: Substack's reliance on contractual self-certification for age compliance (the user 'represents and warrants' legal age to contract) rather than technical age verification creates operational risk in jurisdictions where regulators expect affirmative age assurance. Procurement teams assessing Substack for institutional use in educational or youth-adjacent contexts should evaluate this gap. COMPLIANCE CONSIDERATIONS: Substack's operational implementation of the under-16 data deletion commitment should be documented and audited. The contact mechanism for reporting potential minor registrations (tos@substackinc.com) should be tested for responsiveness. Organizations using Substack in contexts where minor access is plausible should consider independent controls rather than relying solely on Substack's contractual prohibition.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The minimum age threshold of 16 is higher than COPPA's 13-year statutory minimum, which means Substack has adopted a stricter standard that also captures 13 to 15-year-olds who might otherwise legally use other platforms.
Users aged 13 to 15 are expressly prohibited from using Substack, a threshold higher than what COPPA strictly requires. Parents who believe their child under 16 has registered should contact tos@substackinc.com to request data deletion.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Substack.