COPPA
COPPA (Children’s Online Privacy Protection Act) is the U.S. federal law that regulates the collection of personal data from children under 13. It applies to operators of online services directed at children or that knowingly collect data from children. Ministrium’s Child Check-in module handles sensitive data of minors and therefore operates under specific COPPA safeguards.
What COPPA requires
In essence, COPPA requires:
- Clear notice to parents or guardians about what data is collected and why.
- Verifiable consent from parents before collecting data.
- Parental access to the child’s data at any time.
- Right to delete the minor’s data on the parents’ request.
- Minimization: only collect what is strictly necessary for the service.
- Reasonable security in storage and transmission.
How Ministrium applies it
Notice to parents
When a church activates the Child Check-in module, it must publish a minors’ privacy notice that Ministrium generates automatically with the church’s information. The notice describes what data is collected (name, age, allergies, authorized contacts), why it’s collected (child’s safety during the service), and how long it’s kept.
Verifiable guardian consent
Before registering a minor for the first time, the guardian must:
- Identify themselves at the kiosk (typically with their phone number or a household code).
- Confirm they have read the privacy notice.
- Indicate who else can pick up the minor (other authorized guardians with phone number and name).
This consent is logged in the audit trail with timestamp, IP, and device. See Audit and logs.
Access and deletion
Guardians can:
- View the check-in history of their child from the app or member portal.
- Request deletion by writing to the church. The church executes the deletion from CRM → Members → Delete minor’s data, which removes the personal information without breaking the aggregated audit log.
The deletion is permanent and not recoverable. The church keeps an aggregated anonymized record for its attendance reports, but no personal data of the minor.
Minimization
The module only collects what is necessary for safe check-in operation:
- Minor’s name and age.
- Photo of the dropping-off guardian (for visual verification at pickup; automatically deleted after 30 days).
- Health information (allergies, medications, conditions) only if the guardian chooses to provide it, and only visible to authorized roles.
- Emergency contacts.
We do not collect: biometric data, the minor’s financial information, real-time geolocation data, or social media data.
Security
- Module access restricted to the admin, pastor, secretary, and kids_check_in roles.
- Health information under additional explicit permission.
- Tags with unique codes printed at drop-off, presented by the guardian at pickup.
- Every module action audited with additional detail.
- Automatic deletion of pickup photos after 30 days.
COPPA formally applies to U.S. operators or those targeting U.S. users. Churches in other countries that use the Child Check-in module also benefit from these safeguards, which also satisfy LFPDPPP, LGPD, and GDPR for minors’ data.
When a minor turns 13
On their 13th birthday, the system automatically reclassifies the minor as a young member:
- Moves from the minors’ database to the general member database.
- The additional safeguards (guardian photo, unique tags, health visibility restrictions) are deactivated.
- Previous history is preserved aggregated in the attendance report, without the COPPA-related sensitive data.
Reporting a concern
If a guardian has concerns about how their child’s data is handled, they should first contact the church (the data controller). To escalate, they can write to legal@ministrium.com with copy to security@ministrium.com.
Next steps
- Child Check-in — the module in detail.
- HIPAA — for health data.
- Audit and logs — the append-only log that supports compliance.