Our Kid-Safe Gaming Pledge: COPPA, KOSA, and Building Trust
Privacy isn't a feature — it's a design constraint. Here is how we built Jumpyloo from the ground up to comply with COPPA and KOSA, and why we believe the only safe kids game is one that collects nothing.
Two Laws, One Principle
The Children's Online Privacy Protection Act (COPPA) and the Kids Online Safety Act (KOSA) create the legal framework for protecting children in digital products. COPPA regulates the collection of personal information from children under 13. KOSA imposes a duty of care on platforms to prevent harm to minors. Together, they represent the most important regulatory guardrails in kids' digital safety.
Most games approach compliance as a checklist: implement a COPPA-compliant consent flow, use a kid-safe ad network, disable data collection for child-identified accounts, and maintain a privacy policy that describes these practices. This approach works within the letter of the law, but it creates an architecture of exceptions — special paths for children, separate data handling, different policies — instead of an architecture of safety by default.
We took a different approach. Jumpyloo does not handle children's data differently because Jumpyloo does not handle anyone's data at all. There is no "kids mode" to activate because there is no adult mode to differentiate from. The game has one privacy posture, and it applies to every user equally.
What COPPA Compliance Means for Jumpyloo
Under COPPA, operators of online services directed at children must provide notice of their data collection practices and obtain verifiable parental consent before collecting personal information from children. "Personal information" includes names, email addresses, persistent identifiers used for tracking, geolocation data, and more.
Jumpyloo's compliance architecture is simple: we collect nothing that triggers COPPA.
- No account creation — no email, username, or password to store.
- No analytics SDK — no behavioral data, no session recordings, no funnel analysis.
- No advertising SDK — no device identifiers shared with ad networks.
- No push notifications — no device token to register.
- No social features — no friend lists, chat, or message boards.
- No geolocation access — the game does not request location permissions.
- No camera or microphone access — the game does not request photo or audio permissions.
Because Jumpyloo does not collect any personal information from any user, the parental consent mechanism under COPPA is never triggered. There is nothing to consent to because there is no data pipeline to authorize.
Jumpyloo processes all game state locally on the device. Scores, progress, preferences — everything is stored in local storage that never leaves the phone. There is no server to send data to, no analytics endpoint to call, and no user database to maintain.
KOSA's Duty of Care
The Kids Online Safety Act imposes a duty of care on platforms to prevent and mitigate harms to minors, including mental health harms, online bullying, and exposure to harmful content. While KOSA primarily targets social media platforms and large online services, its principles apply to any product directed at children.
For Jumpyloo, KOSA compliance follows naturally from our design philosophy:
- No algorithmic content feeds. The game has no infinite scroll, no recommendations, and no user-generated content. The experience is deterministic — the same inputs produce the same gameplay.
- No social pressure. There are no leaderboards visible to other users, no friend comparisons, and no "share your score" prompts. The only person competing is the player against their own best climb.
- No addictive design patterns. Jumpyloo does not use variable-ratio reward schedules, daily streak bonuses that trigger anxiety about missing a day, or "fear of missing out" mechanics. The game is fun to play and easy to put down.
- No harmful content vector. Because there is no user-generated content, no messaging, and no external links, there is no pathway for harmful content to reach a child through the game.
The Transparency Commitment
Building trust with parents means being clear about what the game does and does not do. Our privacy policy at jumpyloo.com/privacy is written in plain language — not legalese. Every parent should be able to read it and understand exactly what happens when their child plays Jumpyloo.
Here is the summary: the game is on your device. It stays on your device. Nothing is recorded, transmitted, or sold. When you delete the app, every trace of game data goes with it.
Why This Matters More Now Than Ever
The kids gaming landscape is changing. Regulators are paying closer attention. Parents are more informed about digital privacy than any previous generation. And children are spending more time on mobile devices than ever before. Building a kids game that collects no data is not just a compliance strategy — it is a trust strategy. We want parents to feel good about handing their child Jumpyloo, not ambivalent or worried.
That feeling — of confidence, not concern — is the measure of success for our kid-safe design. Everything else is implementation detail.