Phosra Spec / Capability

OCSS v1.0 — Draft

Privacy

Data minimization, retention, and deletion rights.

Read the rule listBack to all capabilities

What Privacy does

One data-rights enforcement layer for every minor-data regime.

Every child-safety regime — COPPA 2.0, GDPR-K, India DPDPA, UK AADC, Connecticut SB 3, Maryland Kids Code — has different rules for what minor data can be collected, how long it can be retained, who it can be sold to, and when it must be deleted. Each is enforced by a different regulator, on a different timeline.

Privacy is the data-rights enforcement layer. It blocks targeted ads to minor accounts, caps geolocation precision, strips third-party trackers at the router and DNS layer, processes deletion requests across every connected platform, and produces the Data Protection Impact Assessment evidence pack on demand. Every retention timer is policy-driven, every opt-out signal is honored.

A platform can answer “is this minor’s data being handled lawfully across every jurisdiction” without writing one statute-specific code path. A parent can issue a single deletion request that propagates everywhere their child has an account.

How partners plug in

Privacy is a socket. Opt-out signals flow in. Deletion + audit flows out.

These are the upstream consent strings, hash-sharing networks, and opt-out signals Privacy honors and propagates — either shipping today, in conversation with a partner, or pending an upstream pilot.

Powered byPrivacy
IAB GPC (Global Privacy Control) — universal opt-out signal honored across the stackMappings shipped
Powered byPrivacy
NCMEC / industry CSAM hash sharing — minor-data minimization at ingressPending pilot
Powered byPrivacy
USA Privacy String + GPP — multi-state consent string interopMappings shipped

Standards & laws

What Privacy does for each statute.

  • COPPA 2.0 — enforces FTC’s expanded retention + deletion rules for under-17 users.
  • EU GDPR-Kids + UK AADC — applies the strictest member-state defaults, per-account.
  • India DPDPA — implements the “data fiduciary” duties for minor accounts.
  • California CCPA / CPRA (minor opt-out) — honors opt-out-of-sale across the network.
  • Connecticut SB 3 + Maryland Kids Code — enforces the no-targeted-ads + no-precise-location rules.
  • NY S8102 (data broker liability) — produces the per-minor data-flow audit pack.
  • EU Data Act + DSA Art. 28 — implements the minor-data-portability right.

Conformance

Adopter Tier 1 certification.

To ship Privacy-conformance for an Adopter Tier 1 certification, your implementation must pass the Privacy suite. Test count is [draft] coming Q3 2026. The suite covers opt-out signal propagation, retention-timer correctness, deletion-request fan-out, and DPIA evidence-pack generation.

We are co-authoring the suite with our design partners. If you want a seat at the table while the bar is being set, reach out.

Rule list

The 13 rules Privacy ships

Every rule below is implemented by this capability. Pulled directly from the rule registry.

  • Privacy LocationBlocks location-sharing surfaces (live location, geo-tagged posts) on minor accounts by default.
  • Privacy Profile VisibilityDefaults minor profiles to private and prevents discovery by non-contacts in search or suggested-users surfaces.
  • Data Sharing ControlControls what personal data can be shared with third parties and platform partners.
  • Data MinimizationEnforces collection only of the minor data strictly necessary for the requested feature; rejects schema overreach at ingest.
  • Third-Party Tracker BlockBlocks third-party tracking pixels, fingerprinting scripts, and cross-site cookies on minor sessions.
  • Geolocation Precision CapCaps the precision of any location data minor accounts emit at city-level granularity or coarser.
  • Targeted Ad BlockBlocks behavioral advertising, ad profiling, and retargeting for minor users across connected platforms.
  • Data Deletion RequestTriggers data deletion workflows on connected platforms and enables full profile removal via API.
  • Geolocation Opt-InEnsures location tracking is disabled by default, requiring explicit parental authorization to enable.
  • AI Training Data Opt-OutEnsures minor users' interactions, prompts, and outputs are excluded from any AI model training pipeline by default.
  • Image RightsProtects minors' image rights by controlling photo sharing and facial recognition usage.
  • Student Privacy School ModeActivates COPPA-aligned student-privacy defaults on a device when the school-mode flag is set by an authorized school.
  • Commercial Data BanBans the sale, license, or commercial transfer of minor user data to third parties under all circumstances.
Read § →

Implementing Privacy? Talk to us.

Talk to a Partner EngineerRead the CharterTalk to us