COPPA & Children's Privacy

The Children’s Online Privacy Protection Act (COPPA) requires apps to obtain verifiable parental consent before collecting personal information from children under 13. ChorifIQ is designed to comply with COPPA in the following ways.

Age Verification

Every ChorifIQ account must select an age group during signup:

• Adult — 18 and older
• Teen — 13–17
• Child — Under 13

Age group is collected before any personal data is gathered. A user’s age group cannot be changed after it is set — specifically, a child or teen account cannot be reclassified as an adult.

How We Determine Your Age Group

For accounts created through the standard signup flow, ChorifIQ uses platform-provided Age Signals APIs — Apple’s Age Assurance APIs on iOS and Google’s Age Signals APIs on Android — to suggest an initial age group based on information already on file with your device’s app store account. Users must review and confirm the suggested age group before the account is created — the platform signal is a starting point, not a final determination.

For accounts created through a minor invite, the parent or guardian selects the minor’s age group (Teen or Child) at invitation time. The minor’s account is created with that age group automatically — they skip the age verification screen entirely.

Important: ChorifIQ does not receive, store, or transmit any actual age or date of birth from these APIs. The platform returns only an age-range signal (e.g., “under 13”), which is used solely to pre-select an age group in the signup flow.

Parental Consent for Children Under 18

Children and teens cannot sign up for ChorifIQ directly out of an abundance of caution to protect minors. ChorifIQ uses the FTC-approved email plus method to obtain verifiable parental consent (VPC) before any data is collected from a child account:

1. A family manager (the parent or guardian) enters the minor’s email address, selects the minor’s age group (Teen or Child), and acknowledges a data collection notice in-app.
2. A confirmation email is sent to the parent’s own email address — not the minor’s. The email includes a summary of what data will be collected.
3. The parent clicks the Confirm Parental Consent button in that email, which opens a secure web page to complete the confirmation. The link is valid for 72 hours and is signed with an HMAC token to prevent tampering.
4. Only after the parent confirms is the minor’s invitation email sent and any data collection permitted.
5. Both the in-app acknowledgment and the email confirmation are recorded in a compliance audit trail (consent_log table).

This two-step flow satisfies the FTC’s requirement for an “online mechanism such as a link in an email to confirm the parent’s consent” — ensuring consent is verifiable and cannot be spoofed by a minor.

See Inviting a Minor for the step-by-step parent flow.

What Data Is Collected for Children

ChorifIQ collects the minimum data necessary for a child account to function:

• A username (chosen by the parent or child — no real name required)
• Age group (child) — only the group label, never a date of birth or actual age
• Chore completion records (no personal content)

ChorifIQ does not:

• Send marketing emails to children
• Collect children’s location or contact information
• Allow children to interact with non-family members ChorifIQ allows only a parent to control:
• All notification channels for children under 13 (the child may set preferred reminder times)
• Email and SMS notifications for teens 13–17 (teens control their own on-device and push notifications)
• Inviting a minor to join a family

Parental Rights

Parents may:

• View all data associated with their child’s account by logging in as the account holder
• Delete their child’s account and all associated data by removing them from the family — see Account & Data Deletion
• Revoke consent by deleting the account at any time