[anaskar]

Hey HN! We’re Daniel and Arjun, founders of StandardCode (http://www.standardcode.io/). We make it easy for companies to comply with child data privacy laws such as COPPA and GDPR by providing APIs for collecting parental consent and ID verification of minors.

COPPA regulation makes it difficult for companies to cater to children under 13 without building in safeguards to collect and manage parental consent and to block third-party sharing of data without transparency. As a result most companies just prohibit users under 13 from signing up for their services, either as a policy or by having an age gate that prevents an under-13 child from signing up.

However, with a record number of under-13 users on the internet due to the pandemic, behavior is permanently shifting and many companies now want to cater to all audiences. By providing APIs to manage the collection of consent, we allow companies to safely acquire underage users while minimizing friction in the sign-up flow.

Our customer-facing REST API presents a few high-level resources that are needed for collecting parental consent and ID verification for children. Customers typically make 1 API call to create a profile for a child, and then 2–3 more calls to collect parental consent or verify age and ID if necessary. Afterwards, we push data to a webhook endpoint to notify the customer when consent has been collected or an ID has been verified.

Our business model is based on usage — we charge a small fee per user for whom we need to collect parental consent or verify age and ID.

We'd love to hear from you, especially if you have experience with products catering to children!

[pierre]

Nice work!

You mention COPPA and GDPR but which country regulation do you cover (and in which language?). How do you ensure that the Parents giving consent are the parent of the child (and that you are not getting spoof?). How do you keep up with the changing regulations, with some country having multiple layers (Union, Federal, State, City, ...).

I like the focus on Childs, but you could also extend it to do KYC for financial institutions, the market may need a cheap and reliable solution.

[anaskar]

thank you! We’re starting out of the gate with COPPA and will fast-follow with GDPR so we currently cover the United States (in English).

re: spoofing. this is a tough problem to solve and no existing solution guarantees this. we would be able to see suspicious behavior though like multiple verification attempts, time between submission and verification, etc.

Changing regulations is tough. We work with a privacy lawyer to keep us abreast of changing policy and have researchers maintain a database of applicable state, federal, and international laws as well as recent lawsuits.

Financial KYC is interesting for sure. Right now we’re focused on child privacy and very much believe there’s a lot of work to be done there still.

[jvalencia]

Honestly, this is great. So many applications do this poorly if at all and COVID has not helped the situation. I do wonder about compliance across state/national lines.

[anaskar]

thanks! the laws do change across country lines. while we’re focused on the U.S. right now, we’re actively researching applicable laws in other jurisdictions.

[bartman]

Great to see innovation in this space. How does your service compare to offerings like those from PRIVO? Something we get a lot of value out of is their review of whether our practices are compliant (and if not, how to achieve it - all done in the design phase of new features etc) on top of offering a widget for verifiable parental consent. Is this something you also offer?

[anaskar]

thanks! so far the companies we’ve talked to are delaying full-blown reviews as long as possible because of the stage of company they’re in.

We certainly do work very closely with each company to work through their product and integrate as seamlessly as possible. whereas we don’t offer an official security review as of now, it is something we’re considering for the future. would love to chat, DMing you now!