Our Privacy Principles
We believe that everyone deserves the right to privacy.
Our privacy ratings are designed to protect all users of a product and flag any potential privacy risks if the risk applies to any intended user of the product. We believe this approach appropriately protects children and students when using products that have different privacy practices based on the type of user, because rather than provide a false impression of safety for all users when only one group of users is afforded better privacy protections, we display potential issues if any users are at risk. Ultimately, this best-in-class privacy rating approach holds companies accountable and allows parents, educators, and consumers to feel more confident and informed about a product's overall privacy risks up front. Our comprehensive approach is also designed to provide users the opportunity to learn more about how a product's privacy risks may affect their own decision to use a product based on their unique needs and concerns.
Moreover, our privacy rating approach allows parents and educators to make an informed decision for themselves with all the available information about whether a product may be appropriate to use in their context because products often protect their personal or behavioral information differently than children and students. Our privacy rating approach also takes into account the possibility of extrapolation of a child or student's personal or behavioral information in child profiles by proxy or association with Managed Accounts, such as a parent or teacher that has a student's account associated with their own. Parental or managed accounts with different roles may not have the same privacy practices, and often have fewer legal protections. For example, if a product has mixed privacy practices that include the use of "worse" practices for adult users such as targeted ads or tracking, but does not use the same "worse" practices for child profile accounts, the product may still be able to indirectly track or target children or students on the product through a parent or educator's managed account.
An application or service can have many intended users or just one type of specific intended user. For example, some products are designed for a general audience that does not include kids, but other products are designed to be used exclusively by children or students. In addition, some products are designed for a mixed audience and are intended to be used by anyone including children, teens, students, parents, educators, and consumers. Our privacy ratings are a measure of the minimum commitment to privacy a product is willing to make for all its users.
General Audience Products
A general‐audience product is a product intended for adults where the company has no actual knowledge that a child under the age of 13 has registered an account or is using the service, and no age gate or parental consent is required prior to the collection or use of personal or behavioral information. For example, a product that is not intended for children and would not likely appeal to children under 13, such as a tax preparation service, would be considered a general‐audience product.
However, a general‐audience product may be considered directed to children if the product would appeal to children under 13 years of age, which takes several factors into consideration such as: the subject matter, visual content, the use of animated characters or child‐oriented activities and incentives, music or other audio content, the age of people depicted in the product, the presence of child celebrities or celebrities who appeal to children, language or other characteristics of the product, or whether advertising promoting or appearing on the product is directed at children. Therefore, a general‐audience application or service that collects personal or behavioral information from users with animated cartoon characters with child oriented activities would likely be a child‐ directed product.
A mixed‐audience product is directed at children but does not target children as its "primary audience" – rather, it targets teens 13 to 18 years of age or adults. A mixed‐audience product is required to obtain age information from any user before collecting any personal or behavioral information. In addition, if a user indicates they are a child under the age of 13, the company must obtain parental consent before any personal or behavioral information is collected or used. For example, an education or consumer product that allows parents or teachers to log in through a separate account to use the product, or to monitor or manage their children or student's accounts, would be a mixed‐audience product.
A product directed at children is a product where the company has actual knowledge it is collecting information from children under the age of 13 because children are targeted as the primary audience, and, as a result, parental consent is required before the collection or use of any personal or behavioral information. For example, an application or service that teaches ABCs or basic numbers with animated cartoon characters would be a child‐directed product.
A product's privacy rating is intended to be used by all users of a product to help better understand any potential issues with a product's privacy practices. This is an important feature of our privacy evaluations and rating, because if a general audience or mixed‐audience product is used by both children and adults but has different privacy practices for adults than for kids, our rating reflects any "worse" practices because it applies to any intended or unintended user of the product. This is an important distinction and different privacy rating approach than other third-party privacy seals or badges, because other approaches are limited to verifying only that child or student data is protected for minimum compliance, but ignore any worse privacy practices that may apply to other types of users such as parents, educators, or consumers.