COPPA Compliance
Last Updated: September 2026
1. What is COPPA?
The Children's Online Privacy Protection Act (COPPA) is a United States federal law enacted in 1998 that protects the privacy of children under the age of 13. COPPA requires online services that collect information from children to obtain verifiable parental consent, clearly disclose their data practices, and give parents control over their children's personal information. As a platform designed for children, Grove takes COPPA compliance seriously and goes beyond the minimum requirements in many areas.
2. How Grove Complies
Verifiable Parental Consent
Grove requires a credit card transaction ($997 enrollment fee) to create a child's account. Under COPPA, a monetary transaction using a credit card is an approved method of verifying that the person providing consent is, in fact, a parent or legal guardian. No child data is collected until this consent is verified.
Data Minimization
We only collect information that is necessary for the Grove service to function. We do not collect location data, contact lists, photos, videos, browsing history, data from other apps, social media data, or biometric data. Every piece of information we collect has a specific, documented purpose directly tied to your child's developmental experience.
No Advertising
Grove operates on a subscription model. There is zero advertising on the platform. Zero tracking pixels. Zero data sales to third parties. Your child's data is never used to build marketing profiles, target ads, or sold to data brokers. This is unconditional and permanent.
Parental Access
Parents have full visibility into their child's data at all times through the parent dashboard. You can view conversation summaries, developmental reports, knowledge graph data, and all other information Grove collects. You can export everything in standard formats (JSON + PDF) or delete everything with a single action.
Data Security
All data is encrypted with AES-256 encryption at rest and TLS 1.3 in transit. Conversation data is encrypted with family-specific keys using a zero-knowledge architecture, meaning even Grove engineers cannot read individual conversations without the family's key. Our infrastructure is SOC 2 Type II certified with quarterly penetration testing and annual third-party security audits.
Third-Party Processors
Grove works with a limited number of third-party processors, each bound by Data Processing Agreements (DPAs) that prohibit them from retaining or using your child's data:
| Processor | Purpose | Data Retained? |
|---|---|---|
| Anthropic (Claude AI) | Conversation engine | No (per DPA) |
| OpenAI (Whisper) | Speech-to-text transcription | No (per DPA) |
| ElevenLabs | Text-to-speech voice output | No (per DPA) |
| Stripe | Payment processing | Payment data only (Grove never stores card numbers) |
3. Your Rights Under COPPA
As a parent or legal guardian, COPPA grants you the following rights:
Review your child's information
You can access and review all information Grove has collected from your child at any time through your parent dashboard, including conversation transcripts, developmental data, knowledge graphs, and generated reports.
Request deletion of your child's information
You can request permanent deletion of all data associated with your child. Deletion is completed within 30 days. The only exception is safety event records that are required to be retained by law for mandatory reporting compliance.
Refuse further collection
You can stop Grove from collecting additional information from your child at any time by canceling your subscription or contacting us. Your existing data remains accessible for export until deletion is requested.
Revoke consent at any time
Your consent to data collection is not permanent. You may revoke it at any time through your account settings, by canceling your subscription, or by contacting us directly. When consent is revoked, all child data is deleted within 30 days.
4. How to Exercise Your Rights
You can exercise your COPPA rights through any of the following methods:
Parent Dashboard
Navigate to Settings → Data to view, export, or delete your child's information. All actions take effect immediately (with deletion completed within 30 days).
Contact us at privacy@exploregrove.com for any data-related requests. We respond within 48 hours.
Account Cancellation
Cancel your subscription at any time through your account settings. Your data is preserved for 90 days for export, then permanently deleted.
5. Contact
If you have questions about our COPPA compliance or wish to exercise your parental rights, please contact us:
Privacy: privacy@exploregrove.com
Compliance: compliance@exploregrove.com