Is AI safe for kids? A COPPA-literate parent's checklist

"Is AI safe for kids" is the wrong question to ask in 2026. The right question is: safe for what, from what, and at what age? An AI tool that writes short stories for an eight-year-old has a different risk profile than one that holds open-ended conversations with a four-year-old. A creative tool with no chat surface is a different animal from a chatbot. Lumping them together is how parents end up either banning everything or accepting everything; neither is useful.

This is the parent's checklist I wish someone had handed me before I started building one of these tools myself. It's the questions I would ask any AI-for-kids product before letting my own children use it. If a product can't answer all seven cleanly, I would skip it.

First, what COPPA actually requires

The Children's Online Privacy Protection Act, US federal law, applies to children under 13. The short version of what it says: if you knowingly collect personal information from a child under 13, you need verifiable parental consent, you have to be specific about what you collect and how it's used, you have to let the parent review and delete it, and you can't condition the child's access on disclosing more than is needed for the activity.

The thing parents often miss: "personal information" is broader than email address. It includes audio recordings, video recordings, photographs, geolocation, persistent identifiers (cookies, device IDs that can track across sessions), and any combination of data that could identify a child. An AI tool that records a child's voice for transcription, even if it never stores the transcript, is collecting personal information under COPPA's definition.

The FTC has been progressively more aggressive about enforcement since 2023. Several large platforms — TikTok, YouTube, Epic Games — have paid eight- or nine-figure settlements. The risk to a small company that gets this wrong is existential.

The seven questions

1. What does my child actually input — and is any of it personal?

Read the input modes: text, voice, image, video. If a product accepts voice input or webcam input, ask whether the audio/video is recorded, where it's stored, for how long, and whether a human ever listens to it. "Processed and discarded" is acceptable. "Recorded for quality assurance" is not, for a child.

For text-only products, the question is whether the text is logged. Often it is, and that's fine for safety review — but the logged text should not include the child's name, school, address, or other identifying information. If the product requests a kid's "real name", that's a flag.

2. Can other users contact my child?

This is the single highest-risk surface and the one most often glossed over. If the product has any of the following, it's an order of magnitude riskier than one that doesn't:

• Public chat or DM
• Comments under user content
• "Friends" who are not real-life family or pre-approved
• Voice chat, even between approved friends, on a platform that also has strangers
• Live video

A product without any of these is dramatically simpler to evaluate. A "share" feature that gives a private link to known recipients is fine. A "share to community" feature that exposes the child's creation to strangers is not, no matter how good the moderation is.

3. What happens when the AI says something inappropriate?

It will, occasionally. The right answer is "we screen the output before it reaches the child, and we have a one-tap flag mechanism for when something gets through." The wrong answer is "our model is trained not to" — that's a claim that cannot be true.

Concretely: ask whether there is a pre-display content filter, what its categories are, and what the audit process is when something is flagged. A serious operator will be able to tell you.

4. Who owns my child's creations and prompts?

Most AI products grant themselves a license to use user content for training. For an adult, that's often a fair trade. For a child, it's a question of whether you're comfortable with your kid's prompts and outputs going into a future model's training data.

Look for: explicit opt-out, or — better — a default position that under-13 content is excluded from training entirely. The terms of service should say this directly, not bury it in a paragraph.

5. Is the business model aligned with my kid's well-being?

An ad-supported AI product for children is structurally incentivised to maximise screen time, attention, and emotional engagement — the same incentives that produce TikTok-for-kids. A subscription-supported product is incentivised to make sure your kid wants to come back without making them need to. The difference shows up in design choices: streaks, push notifications, FOMO mechanics, daily-login rewards. A good kids' product doesn't have those.

Ask: how does this company make money? If the answer involves data resale, behavioural advertising, or in-app currency aimed at the kid, those are concerns.

6. Can I see what my child has done, and can I delete it?

The COPPA right of review is yours. You should be able to log in, see every prompt your kid has typed, every output they've received, and delete the lot in one click. If a product makes this hard — buried setting, "contact support" — that's a yellow flag.

Bonus version: can you delete everything without keeping the account itself open? If the only way to remove the data is to email support and wait, the answer is "kind of."

7. What happens when something goes wrong?

If your kid is upset by something the AI produced, what's the playbook? Is there a human you can reach? Within how many hours? Is there a content-flag flow your kid can use without an adult present?

Test the support email before signing up. A reply within 24 hours is the bar. A no-reply is a hard pass.

Categories of AI-for-kids products

Loosely, four buckets exist as of 2026:

Chatbot companions (open-ended conversation). Highest risk. The conversation surface is unbounded, the emotional intimacy can be considerable, and the AI can drift into territory the operator didn't anticipate. Most of the 2024-2025 enforcement actions and lawsuits involved this category.

Tutoring tools (constrained subject matter, often homework). Lower risk. The interaction is task-shaped and the AI is largely answering bounded questions. The risk is mostly accuracy (wrong answers) rather than safety.

Creative tools (text, image, video, music, game generation). Variable. The risk depends almost entirely on whether the output is shown to other children or kept private. Private creative tools are low-risk; public-by-default ones inherit social-media risk.

Embedded assistants (Alexa-style, in the family home). Tricky. Often capture voice, often have weaker child-specific design, often surprise parents with what they remember.

The honest assessment of the category we're in (private creative tools) is that it's the easiest category to make safe, because you can decide architecturally that no child ever sees another child's output. That's a choice we made on day one, and it's the choice I'd look for in any creative-AI-for-kids product you're considering.

The shorter version, for the fridge

• Voice input that's recorded? Skip.
• Public chat or DM? Skip.
• Real name required? Skip.
• Ad-supported? Be careful.
• One-tap content flag? Required.
• Easy deletion of everything your kid did? Required.
• Replies to support email within 24h? Required.

That's not a perfect framework. It's the framework I use for my own household.

— Louis. None of this is legal advice. I am a parent who builds software, not a lawyer. If you're evaluating a product for COPPA compliance specifically, talk to one.