How it works
Core to KWS is a powerful ‘permissions request engine; which allows parents to provide the verifiable consent (stipulated under data privacy laws) whenever your app requires personally identifiable information (PII) from their child. Below is a diagram that illustrates how this works during and after the user registration process (for children that fall within the GDPR/COPPA age threshold).
Kid Registration (User Journey)
From your app, the user clicks on a link/button that takes them to the registration page. Here they will enter their date of birth, a username and password.
If the child is within the COPPA/GDPR age threshold, they will be asked to provide a parent’s email address. The parent will then receive an automated email that guides them to log into (or sign up to) the ‘Parent Portal’, where they can verify their identity.
To complete the registration process, the user generates a display name; it will be visible on your app (e.g. on leaderboards, forums etc.) whereas their username will be kept private (used only for authentication).
Note that the user does not have to wait until a parent verifies their identity before they can use your website/application. As soon as they complete registration; they will have access to all features that do not require parental consent.
Once logged into your app, users may want to access features that require additional PII. Your app will give the user the option to request permission from the parent in order to provide access to those features.
When such a request is made, the parent will receive an automated email that asks them to review those permissions within the ‘Parent Portal’. Here the parent will see a granular view of each permission requested by the user; from here they can grant, decline or revoke permissions.
Where permission is granted; the parent can then add access to the feature for the user or the user can do it themselves (as they will now have consent to do so).
Note: For some permissions (depending on the location of the kid) may require the parent to go through a credit card verification process. This process is there to ensure that the person acting as the 'parent' is indeed at least 18 years old. Learn more about CC verification here.
1) PII-free registration process
No PII is collected; not even the child’s email address (just the parent’s)
2) PII-free display names
The child can generate a unique display name that does not contain PII using a combination of preset nouns and adjectives
3) It’s not just about PII
For example: a website that has a forum can also ask a parent if they want their child to have access to that feature
4) Parental Overview
Parents can manage permissions for all their children (registered across multiple websites/apps) from a single ‘Parent Portal’
5) Credicat Card verificataion
Depending on the permission required (and the location of the kid) parents may have to go through a further verification check.