Children's Online Privacy — COPPA 2026 Notice

Version: COPPA-2026-v1 (DRAFT). Effective date: [set at publication]. Status: Draft for legal review — not yet finalized by licensed counsel.

Draft notice. This page is the cofounder-drafted COPPA 2026 privacy notice for BloxBuddy. It reflects the architecture we run and the requirements of 16 CFR Part 312 as amended effective April 22, 2026. A licensed attorney must review and sign off before the notice is considered final. Until then, please treat this as a good-faith disclosure, not a final legal document.

BloxBuddy is designed for children and is operated in alignment with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506, and the implementing regulations at 16 CFR Part 312 as amended effective April 22, 2026. This notice describes the categories of personal information we collect from children, why we collect them, how long we keep them, who we share them with, and how parents can review or delete the information we hold.

What we collect from a child

Voice recordings — short audio clips recorded while the child is actively speaking a building request. Voice recordings are biometric identifiers and therefore personal information under COPPA as amended.
A text transcript of the speech — produced automatically from the voice recording. Personal names, addresses, phone numbers, and similar identifying tokens are automatically redacted from this transcript server-side before any further processing.
A session identifier and pairing code — so the BloxBuddy plugin installed in Roblox Studio can be matched to the correct voice session. The pairing code is randomly generated and not derived from any personal information.
A list of the in-Studio actions BloxBuddy performed — e.g. "placed a red block at coordinates (x,y,z)." Used to show the child what happened and to let the child undo or rewind.
Diagnostic / error logs — technical information used to keep BloxBuddy working. We take care not to log personal information; any personal information that appears in a log by accident is redacted or purged within 30 days.

What we do NOT collect

We do not ask for or collect the child's real name, home address, email address, phone number, geolocation, photograph, video of the child, social media handles, or persistent identifiers used for behavioral advertising. We do not fingerprint the child's device. BloxBuddy does not display third-party advertising.

Separate consent for AI-training use of voice data

Under 16 CFR § 312.4 as amended, using children's personal information to train artificial intelligence or machine learning systems requires separate, express parental consent distinct from consent for core service operation. BloxBuddy honors this as follows:

Default setting: OFF. Unless a parent has explicitly opted in, no voice recording and no redacted transcript from a child's session is retained for, or used in, AI/ML training of any system operated by BloxBuddy or any third party.
Opt-in is available on the parent account settings page. Opt-in is always revocable. Revoking opt-in deletes any previously retained training-eligible pairings within 30 days.
What we would use, if opted in: redacted utterance transcripts paired with the structured scene that BloxBuddy produced in response. We would never train on raw voice recordings; opt-in covers transcripts only.
What we never use: voice recordings of children whose parents have not opted in; any data from children under the default configuration.

A parent who has not opted in receives the full BloxBuddy service with zero ML-training use of their child's data.

Retention policy (required under amended § 312.10)

Voice recordings — retained only for the duration of the live session required to produce the corresponding Studio commands, and deleted no later than 24 hours after session end. If the parent has opted in to ML training, the voice recording itself is still deleted within 24 hours; only the redacted transcript is retained.
Redacted transcripts + paired scene data (with ML opt-in only) — retained for up to 24 months or until parent revokes opt-in, whichever is sooner. Used exclusively to improve BloxBuddy's understanding of children's speech and building requests.
Session identifier + pairing code — deleted at session end.
Action list — retained for up to 90 days so that the child can undo a prior session. Automatically deleted at 90 days.
Diagnostic logs — retained for up to 30 days, then automatically deleted. Personal information is redacted before storage; any that slips through is purged no later than the 30-day mark.
Account records — retained while the parent account is active and deleted within 30 days of account closure, except where law requires longer retention.

Parent rights

A parent may at any time:

Review the personal information BloxBuddy holds about their child.
Refuse to permit further collection or use of their child's personal information.
Direct BloxBuddy to delete all personal information collected from their child.
Revoke any ML-training opt-in previously granted.

Contact parents@bloxbuddy.fun. We respond within 10 business days.

Third-party processors

BloxBuddy uses third-party processors to operate the service. None sell children's information, and all are contractually obligated to process children's information only on our instructions and only as needed to operate the service. Provider names will be enumerated here at launch.

Security program

BloxBuddy maintains a written information security program as required by 16 CFR § 312.8 as amended, including a designated individual responsible for information security, TLS in transit, encryption at rest, least-privilege access, annual written security assessment, and contractual safeguards with processors.

Changes to this policy

Material changes will be notified to parents by email before taking effect. Prior versions will be retained at /privacy/archive.

Contact

BloxBuddy — a father-son project of Number One Son Software Development
Privacy and parent-rights inquiries: parents@bloxbuddy.fun
Security disclosures: see /.well-known/security.txt