Child Protection Policy

Firstage Inc. ("Company", "we", "us", or "our") implements strict policies in accordance with applicable laws to protect children's personal information and safety.

Child Definition and Scope of Application

Age Criteria

  • United States: Under 13 years old (COPPA)
  • European Union: Under 16 years old (GDPR Article 8, varies by country)
  • South Korea: Under 14 years old (Personal Information Protection Act Article 22)
  • Japan: Under 16 years old (Personal Information Protection Act)

Service Restrictions

Upon Age Verification Failure: Complete blocking of account creation and service usage Usage Without Parental Consent: Immediate account suspension and data deletion

Age Verification and Validation System

Required Verification Procedures

  1. Mandatory birth date entry during account creation
  2. Reliable age verification methods:
    • Credit card authentication (payment capability-based)
    • Mobile phone identity verification (carrier age information)
    • ID verification (when necessary)
  3. Additional verification for suspicious cases

Technical Protection Measures

  • Prevention of cookie-based age tracking
  • Automatic application of regional age standards based on IP
  • AI-based suspicious account detection system
  • Regular age information re-verification

Restrictions on Processing Children's Personal Information

Prohibited Information Collection

Absolutely Prohibited:

  • All personally identifiable information without parental consent
  • School names, addresses, and other location information
  • Photos, videos, and other biometric information
  • Friend relationships and contact information
  • Social media account integration information

Permitted Minimum Information (with parental consent)

  • Basic account information for service provision
  • Log information for safety purposes (IP, access times)
  • Learning progress information for educational purposes

Purpose Limitation

  • Educational Services: Limited to learning management and progress tracking
  • Safety Assurance: Prevention of inappropriate content exposure
  • Technical Support: Limited to service error resolution

Parental Consent System

Consent Acquisition Methods

Verifiable Parental Consent:

  1. Credit Card Authentication: Small payment followed by refund
  2. Digital Signature: Legally valid electronic signature
  3. Phone Verification: Recorded voice consent
  4. Written Consent: Mail or fax submission

Scope of Consent Specification

  • Personal information items to be collected
  • Purpose and scope of use
  • Retention period and deletion procedures
  • Third-party provision status (prohibited in principle)

Right to Withdraw Consent

  • Consent can be withdrawn at any time
  • Immediate information deletion upon withdrawal
  • Obligation to provide guidance on withdrawal methods

Educational Institution and School Account Management

Special Policy for Educational Institutions

Institutional Account Administrator Obligations:

  • Responsibility for student personal information processing
  • Verification and management of parental consent
  • Regular reporting of personal information processing status

Permitted Educational Purpose Processing:

  • Learning Management System (LMS) integration
  • Assignment submission and feedback systems
  • Learning performance analysis (anonymization required)

Educational Data Protection

  • Encrypted storage of learning data
  • Monitoring of teacher-student communication
  • Automatic filtering of inappropriate content
  • Automatic data deletion after semester completion

Content Safety Management for Children

Content Filtering System

Automatic Blocking Targets:

  • Violent and explicit content
  • Commercial advertising and marketing
  • Personal information collection attempts
  • Meeting solicitation content
  • Gambling elements

AI-Based Protection System

  • Real-time content monitoring
  • Detection of inappropriate language use
  • Blocking contact with adult users
  • Detection of personal information exposure attempts

Human Review System

  • 24-hour professional monitoring team operation
  • Child psychology expert consultation
  • Dedicated team for parental reports

Data Retention and Deletion

Retention Period Restrictions

  • General Service Data: Maximum 1 year
  • Educational Purpose Data: Until end of relevant semester
  • Safety Purpose Logs: Maximum 30 days
  • Parental Consent Records: Until consent withdrawal

Automatic Deletion System

  • Data review and re-consent upon reaching adulthood
  • Automatic deletion of inactive accounts after 90 days
  • Deletion within 24 hours upon parental request
  • Regular data cleanup (monthly)

Ensuring Children's Rights

Children's Fundamental Rights

  1. Personal Information Self-Determination: Control over personal information within age-appropriate limits
  2. Right to Safety: Protection from online risks
  3. Right to Education: Provision of digital literacy education
  4. Right to Participation: Age-appropriate service improvement feedback

Guardian Rights

  • Right to verify child's personal information processing status
  • Right to withdraw consent and request deletion
  • Right to set service usage restrictions
  • Right to monitor child's online activities

Incident Response and Reporting System

Immediate Response Cases

  • Inappropriate contact attempts targeting children
  • Unauthorized collection or use of personal information
  • Cyberbullying or threats
  • Exposure to inappropriate content

Report Processing Procedures

  1. Primary response within 24 hours
  2. Immediate suspension of related accounts
  3. Report to law enforcement (when necessary)
  4. Notification to guardians and educational institutions

Prevention Education Programs

  • Provision of digital safety education content
  • Raising awareness of personal information protection
  • Cyberbullying prevention education
  • Digital education support for parents

International Regulation Compliance

Compliance Laws

  • United States: COPPA (Children's Online Privacy Protection Act)
  • European Union: GDPR Article 8, ePrivacy Directive
  • South Korea: Personal Information Protection Act, Information and Communications Network Act, Youth Protection Act
  • Japan: Personal Information Protection Act, Youth Internet Environment Improvement Act

International Standards Application

  • ISO/IEC 29101: Privacy Architecture Reference
  • IEEE 2857: Privacy Engineering Standard
  • NIST Privacy Framework: US Privacy Protection Framework

Regular Review and Improvement

Quarterly Policy Review

  • Evaluation of child protection measure effectiveness
  • Technical protection system updates
  • Reflection of legal changes
  • Benchmarking international best practices

Annual Transparency Report

  • Number of child accounts and processing status
  • Protection measure application statistics
  • Incident occurrence and response status
  • Policy improvement items

Inquiries and Reports

Dedicated Contact Channels

Child Protection Team: [email protected] Emergency Reports: [email protected] (24 hours) Educational Institution Support: [email protected]

External Reporting Agencies

  • FTC: Children's Online Privacy Protection
  • National Center for Missing & Exploited Children: CyberTipline
  • Local Law Enforcement: As appropriate for jurisdiction

This policy prioritizes children's safety and rights protection and is continuously improved in accordance with changes in related laws.

Dedicated Officer: Child Protection Officer Hooney, Seol Final Review: Policy implementation date Contact: [email protected]

    Child Protection Policy | Firstage | Firstage