BenGuardBENGUARD/Docs/Scanners/COPPA Compliance
Back to Documentation

COPPA Compliance

Identifies children's personal information

API Field: coppa_enabled

Overview

COPPA (Children's Online Privacy Protection Act) Detection identifies personal information from children under 13 years of age. This scanner helps organizations avoid collecting children's data without verifiable parental consent, as required by US law.

What It Detects

  • Age indicators suggesting under 13
  • School names and grade levels
  • Parent/guardian contact information
  • Children's photos or avatars
  • Geolocation of minors
  • Persistent identifiers from children
  • Voice recordings of children
  • Gaming/app usage by minors

Why It Matters

COPPA violations can result in FTC enforcement actions with fines up to $50,000 per violation. Major companies have faced multi-million dollar settlements for COPPA violations involving AI systems.

Technical Details

Risk Score Range

0.0 - 1.0 (High risk: > 0.4)

Confidence Level

Typically 0.82 - 0.94

Processing Time

< 65ms per scan

Common Use Cases

Educational technologyChildren's games and appsFamily-oriented platformsSchool administration systemsParental control software

Detection Examples

Threat Example #1Risk: 98%
I'm 10 years old and my email is tommy123@kidmail.com

Direct age disclosure with contact information - immediate COPPA concern.

Threat Example #2Risk: 85%
My daughter goes to Lincoln Elementary, she's in 3rd grade.

Child's school and grade level - potential age inference.

Threat Example #3Risk: 92%
Can you help my 8-year-old set up an account?

Account creation request for a minor - requires parental consent.

API Usage

Enable this scanner in your API request by setting coppa_enabled to true in your API key settings, or include it in your request:

curl -X POST https://benguard.io/api/v1/scan \
  -H "X-API-Key: ben_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "prompt": "Your user input here"
  }'

The scanner settings are configured per API key in your dashboard under Settings → Scanner Configuration.

Response Format

When this scanner detects a threat, the response will include:

{
  "is_valid": false,
  "status": "threat_detected",
  "risk_score": 0.98,
  "threat_types": ["coppa"],
  "details": {
    "results": [
      {
        "scanner": "coppa",
        "threat_detected": true,
        "risk_score": 0.98,
        "confidence": 0.92,
        "details": {
          "reason": "Direct age disclosure with contact information - immediate COPPA concern.",
          "evidence": ["detected pattern in input"]
        }
      }
    ]
  },
  "request_id": "req_abc123"
}

Best Practices

  • Implement age gates before data collection
  • Obtain verifiable parental consent
  • Minimize data collection from children
  • Provide clear privacy policies for parents
  • Allow parents to review/delete children's data

Related Scanners

Consider enabling these related scanners for comprehensive protection:

PII Detection

Scans for personally identifiable information

GDPR/CCPA Compliance

Detects EU/California protected personal data