Insights for EdTech

COPPA, FERPA, and the AI compliance stack for child-directed products.

Building software for kids — or for any audience that includes them — puts you in a regulatory regime that punishes generic legal advice. The 2025 COPPA Final Rule, FERPA when you sell into schools, state biometric and age-verification statutes, and the new AI-in-education layer all stack on top of each other. The default vendor MSA from your last B2B deal does not cover any of it.

This hub is for founders building child-directed products and the platforms that touch them — kids' apps, edtech, learning platforms, AI tutors, and adult-facing products with mixed audiences. Real clients, real Direct Notice drafting, real subprocessor disclosure work.

Questions This Hub Answers

• Does COPPA actually apply to my product, and how do I tell?
• How do I draft a Direct Notice that meets the 2025 Final Rule?
• What's the right verifiable parental consent mechanism for my use case?
• When does FERPA kick in alongside COPPA, and how do I handle both?
• What state-level age-verification laws do I need to plan for (Texas HB 1181, Florida, Utah)?
• How do I handle AI subprocessors when my product is child-directed?

Featured Insights

Hand-picked recent posts for this audience.

• Age Verification Is a Biometric Privacy Minefield: What Discord, IEEE, and Texas HB 1181 Actually Require
• COPPA Compliance in 2025: A Practical Guide for Tech, EdTech, and Kids' Apps
• COPPA Final Rule 2025: Essential Privacy Compliance Guide for Startups
• Convertible Notes & Cap Table Modeling for Regulated Startups

Browse all posts in this hub →

Browse by Topic

Topic-specific deep-dives across the blog:

• Privacy Law
• AI Law
• Policy, Compliance & Cybersecurity
• Regulatory Compliance & Legal Risk Management

Have a specific question?

Promise Legal works with the operators behind these audiences every day. Talk to our team about scoping the right legal infrastructure for your stage.

Start the conversation →