What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@whatnot.com', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': 'Email privacy@whatnot.com to report that a child under 13 has provided personal information or has an account on Whatnot and request deletion of all associated data. Provide enough detail to identify the account.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC is the primary enforcement authority for COPPA, which governs collection of personal data from children under 13 in the United States', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Children Under 13 and COPPA Compliance clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Children Under 13 and COPPA Compliance clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Children Under 13 and COPPA Compliance — Whatnot

Share 𝕏 Share in Share 🔒 PDF

Recent governance activity Whatnot recorded 2 documented changes in the last 30 days.

Start monitoring updates

Monitor governance changes for Whatnot Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Whatnot does not allow children under 13 to use the platform and states it will delete any personal data it discovers was collected from a child under 13.

ⓘ

This analysis describes what Whatnot's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision is required under COPPA, and its effectiveness depends on how robustly Whatnot verifies user ages at sign-up, which the policy does not detail.

⚠

Interpretive note: The adequacy of this provision depends on the technical age verification process used at registration, which is not described in the policy, and may be subject to FTC scrutiny if the platform attracts younger users.

Consumer impact (what this means for users)

Parents who discover their child under 13 has created a Whatnot account can request deletion of that child's data by contacting privacy@whatnot.com, and the policy states Whatnot will delete such data promptly.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Email privacy@whatnot.com to report that a child under 13 has provided personal information or has an account on Whatnot and request deletion of all associated data. Provide enough detail to identify the account.

How other platforms handle this

McDonald's Medium

Our online services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible.

TransUnion Medium

Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...

Replit Medium

Replit does not knowingly collect personal information from children under 13. Users between the ages of 13 and 18 may use the platform with parental or guardian consent. If we learn we have collected personal information from a child under 13 without verification of parental consent, we will delete...

See all platforms with this clause type →

Monitoring

Whatnot has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under the age of 13 may have provided us with personal information, please contact us at privacy@whatnot.com.

— Excerpt from Whatnot's Whatnot Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: This provision directly engages COPPA, enforced by the FTC, which requires verifiable parental consent before collecting personal information from children under 13 in the United States. The policy's reliance on a 'not knowingly collecting' standard is the baseline COPPA framework but may be insufficient if the platform's content or marketing is attractive to minors, as the FTC has pursued enforcement based on actual knowledge and contextual indicators. GOVERNANCE EXPOSURE: Medium. The policy does not describe the age verification mechanism used at registration. If Whatnot's user base or content is likely to attract users under 13, a 'we do not knowingly collect' disclaimer alone may not satisfy COPPA obligations under FTC enforcement standards. JURISDICTION FLAGS: US-wide COPPA obligations apply. Some US states have enacted additional children's privacy protections, including California's Age-Appropriate Design Code (AADC), which extends protections to users under 18 and imposes design obligations beyond COPPA. The UK Children's Code imposes similar obligations for UK users. CONTRACT AND VENDOR IMPLICATIONS: Third-party advertising and analytics vendors receiving data from Whatnot should be assessed to confirm COPPA-compliant data processing agreements are in place and that no child-derived data is being used for advertising targeting. COMPLIANCE CONSIDERATIONS: Compliance teams should review the technical age-gating mechanism at registration to assess whether it meets FTC COPPA guidance, and evaluate whether California's AADC and the UK Children's Code impose additional design or data minimization obligations on the platform.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC is the primary enforcement authority for COPPA, which governs collection of personal data from children under 13 in the United States
File a complaint →

Applicable regulations

CCPA/CPRA

California, USA

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

Universal Opt-Out Mechanism Expansion 2026

Provision details

Document information

Document

Whatnot Privacy Policy

Entity

Whatnot

Document last updated

May 5, 2026

Tracking information

First tracked

May 11, 2026

Last verified

May 11, 2026

Record ID

CA-P-010491

Document ID

CA-D-00732

Evidence Provenance

Source URL

https://www.whatnot.com/privacy

Wayback Machine

View archived versions →

Content hash (SHA-256)

b004999cb5790fcea852f2c7a74f97dc701c834bd53dc7719ae5d0ff36889183

Analysis generated

May 11, 2026 06:35 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Whatnot
Document: Whatnot Privacy Policy
Record ID: CA-P-010491
Captured: 2026-05-11 06:35:36 UTC
SHA-256: b004999cb5790fce…
URL: https://conductatlas.com/platform/whatnot/whatnot-privacy-policy/children-under-13-and-coppa-compliance/
Accessed: May 13, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Sale or Sharing of Personal Data with Advertising Partners medium
AI and Machine Learning Training on User Data medium
Data Sharing in Corporate Transactions medium
Cross-Border Data Transfers medium
Data Retention low
California Consumer Privacy Rights low

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Whatnot's Children Under 13 and COPPA Compliance clause do?

This provision is required under COPPA, and its effectiveness depends on how robustly Whatnot verifies user ages at sign-up, which the policy does not detail.

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.

Is ConductAtlas affiliated with Whatnot?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Whatnot.