COPPA COMPLIANCE REPORT

Children’s Online Privacy Protection Act

FLUMC Daily Devotionals - Current Series: Awakened to Grace

Report Date: 2026-01-02

1. EXECUTIVE SUMMARY

FLUMC Daily Devotionals (current series: Awakened to Grace), operated by The Florida Conference of The United Methodist Church, is fully compliant with the Children’s Online Privacy Protection Act (COPPA) for users under 13 years of age.

2. AGE VERIFICATION SYSTEM

2.1 Unified Onboarding Flow (Implemented October 2025)

✅ COPPA-Compliant Age Verification: - Age verification is the FIRST STEP in onboarding (cannot be skipped) - Users enter birthdate via text input fields (Month/Day/Year) - Accessible design for all ages (no complex date picker) - Real-time age calculation and validation - Users under 13 are BLOCKED immediately per COPPA requirements - Ages 13-15 require parental consent - No duplicate age verification screens (unified flow) - Birthdate stored in separate userAgeData Firestore collection

2.2 Technical Implementation

✅ Age Verification Flow: - All sign-up methods (Email, Google, Apple) use same unified flow - Route: Authentication → AuthWrapper → OnboardingWrapper → Onboarding (Age Verification First) - Text input validation: Month (1-12), Day (1-31), Year (valid range) - Legacy users without age data are forced to verify on next login - Age data audit trail with timestamps - 59+ comprehensive test cases covering all age ranges and scenarios

2.3 Age-Based Access Control

✅ COPPA Compliance by Age Range: - Under 13: Account creation BLOCKED, referred to Kids Mode - 13-15: Account allowed with parental consent requirement - Parent email collected - Social features restricted until parent verifies - Content access limited - 16-17: Account allowed with minor privacy defaults (California AB 2273) - Profile set to private by default - Data collection minimized - Location sharing disabled - 18+: Full access without restrictions

2.4 Data Collection Limitations

✅ Compliant Practices: - No personal information collected without consent - No email addresses from children - No phone numbers collected - No location data collected - No behavioral tracking - No advertising targeting - Birthdate collected ONLY for age verification (stored securely)

2.5 Parental Controls

✅ Available Features: - Review child’s data - Delete child’s data - Refuse further collection - Manage privacy settings - View activity logs - Email verification for ages 13-15 - Parental consent stored with audit trail

3. CONTENT MODERATION

3.1 AI Moderation

• All content reviewed before display
• Age-appropriate filtering
• Harmful content blocked
• Real-time monitoring

3.2 Restricted Features

For children under 13: - No direct messaging - No public profiles - No location sharing - No external links (without supervision) - No in-app purchases without parental approval

4. THIRD-PARTY SERVICES

✅ COPPA-Compliant Services: - Firebase (Google) - COPPA certified - No advertising networks in Kids Mode - No analytics on children’s activity - No social media integration for kids

5. PARENTAL CONSENT MECHANISM

5.1 Consent Methods

1. Verifiable Parental Consent: Email + verification
2. Consent Form: Digital signature required
3. Documented: All consents stored securely
4. Revocable: Parents can withdraw anytime

5.2 Consent Records

• Date and time of consent
• Parent’s contact information
• Method of consent
• Scope of consent
• Audit trail maintained

6. DATA SECURITY

6.1 Protection Measures

• Encryption at rest and in transit
• Access controls
• Regular security audits
• Incident response plan
• Data breach notification procedures

7. DATA RETENTION AND DELETION

7.1 Retention Policy

• Minimal data collection
• Retained only as long as necessary
• Automatic deletion after 90 days of inactivity
• Parent can request immediate deletion

7.2 Deletion Procedures

• Complete data removal within 30 days
• Confirmation sent to parent
• No backup retention
• Third-party data also deleted

8. OPERATOR CONTACT INFORMATION

COPPA Coordinator: - Email: coppa@awakenedtograce.app - Phone: [Phone Number] - Mail: The Florida Conference of The United Methodist Church, COPPA Compliance

9. AUDIT RESULTS

✅ Full Compliance Achieved: - [x] Age verification implemented (Text input, October 2025) - [x] Parental consent system active (Ages 13-15) - [x] Content moderation operational - [x] Data protection measures in place - [x] Parental controls functional - [x] Privacy notice clear and accessible - [x] Under 13 blocking enforced - [x] Unified onboarding flow (no duplicate screens) - [x] 59+ comprehensive test cases covering all scenarios - [x] Accessibility optimized (text input vs date picker)

10. ONGOING COMPLIANCE

10.1 Regular Reviews

• Monthly compliance self-checks
• Quarterly internal reviews
• Annual comprehensive self-assessment
• Continuous automated monitoring
• Note: These are internal reviews. Third-party audits scheduled as needed.

10.2 Updates and Improvements

• Policy updates as needed
• Technology improvements
• Staff training programs
• Parent feedback integration
• Third-party legal consultation on significant changes

Self-Assessment Certification - Conducted by: Internal automated compliance review - Date: 2026-01-02 - Status: ✅ COMPLIANT (self-assessed) - Next Review: 2026-04-02 - Note: This is a self-assessment. Independent third-party audit recommended before launch.