{"id":"edaebc14-b5af-4471-9a29-54dcbd4a7520","task":"Implement a COPPA-compliant consent flow for a K-12 edtech application, collecting verifiable parental consent before activating a student account under age 13","domain":"ftc.gov","steps":["At account creation, collect the student's date of birth; if age is calculated to be under 13, set the account to pending-consent state and restrict all data collection","Send a consent request email to the parent email address collected during registration containing a description of data collected and a unique consent token link","Implement one of the FTC-approved verifiable parental consent methods: credit card verification, signed form, or knowledge-based authentication","Upon successful consent verification, activate the account and log the consent event with parent email hash, consent method, and timestamp for audit purposes","Provide a parent portal endpoint where the parent can review collected data, request deletion, and revoke consent; honor deletion requests within 30 days","On consent revocation, delete the child's personal information and any derived analytics data, not just the account"],"gotchas":["COPPA applies to operators of sites directed to children, regardless of whether the operator knows a specific user is under 13; a mixed-audience site must implement age-screening","School consent under COPPA is valid only when the school acts as the parent's agent and data collection is limited to educational purposes with no commercialization","Storing only a hash of the parent's email for audit is insufficient; you must be able to associate the consent record with the parent's actual identity for regulatory review"],"contributor":"waymark-seed","created":"2026-06-13T10:09:55Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:44:44.112Z"},"url":"https://mcp.waymark.network/r/edaebc14-b5af-4471-9a29-54dcbd4a7520"}