# Apple Kids Category Compliance Research **Date:** 2026-04-04 **Purpose:** Comprehensive compliance reference for QuickChat AAC (iPad, ages 0-5, offline-first, local data, parent-gated settings) **Methodology:** Apple official documentation, FTC/EU regulatory sources, developer community reports --- ## 1. Kids Category Rules (Current 2025-2026) ### Official Requirements (Apple App Review Guidelines 1.3 + 5.1.4) **Age Band Selection:** Apps must select one of three age bands in App Store Connect: - **5 and under** (this is us) - 6-8 - 9-11 **Data Transmission — Hard Prohibition:** > "Kids Category apps may not send personally identifiable information or device information to third parties." — Guideline 1.3 (exact text) This applies to the **entire app**, including sections intended for adults (e.g., parent settings area). The prohibition covers PII, device identifiers, and any information that "could be used directly or combined with other information to identify users and their devices." **Third-Party Analytics — Default Prohibited, Limited Exception:** > "Apps in the Kids Category should not include third-party analytics or third-party advertising." — Guideline 1.3 Exception: Third-party analytics may be permitted **only if** the service: - Does NOT collect or transmit the IDFA - Does NOT collect identifiable information about children (name, DOB, email) - Does NOT collect location data - Does NOT collect device information that could identify users **Third-Party Advertising — Default Prohibited, Limited Exception:** Contextual advertising may be permitted **only if**: - The ad service has **publicly documented** practices for Kids Category apps - Ad creatives are **human-reviewed** for age appropriateness **External Links and Purchases:** > "These apps must not include links out of the app, purchasing opportunities, or other distractions to kids unless reserved for a designated area behind a parental gate." — Guideline 1.3 **Privacy Policy:** Required for all Kids Category apps (Guideline 5.1.4b). **Metadata Restriction:** Terms like "For Kids" and "For Children" in app metadata are reserved exclusively for Kids Category apps (Guideline 2.3.8). **Permanence Warning:** Once customers expect your app to follow Kids Category requirements, it must continue to meet these guidelines in subsequent updates, even if you deselect the category. ### Prohibited/Problematic SDKs (Developer Community Reports) The following have caused rejections under Guideline 1.3: - **Firebase Analytics** — rejected even after disabling IDFA collection. Apple may require complete code removal, not just disabling. - **Firebase Crashlytics** — flagged as third-party analytics - **React Native Firebase** — multiple documented rejection issues (GitHub issues #4494, #47200, #5064) - **App Tracking Transparency framework** — must NOT be implemented in Kids Category apps at all (it implies tracking, which is prohibited) - **Any SDK that includes IDFA access** — even if unused, the binary presence of the framework can trigger rejection **Source:** [react-native-firebase #4494](https://github.com/invertase/react-native-firebase/issues/4494), [react-native #47200](https://github.com/facebook/react-native/issues/47200), [Apple Developer Forums](https://developer.apple.com/forums/thread/130863) **Safe Alternatives:** - Apple's own App Analytics (via App Store Connect) — first-party, no SDK required - Self-hosted analytics (e.g., Countly self-hosted, Plausible self-hosted) — data stays on your infrastructure - No analytics at all (simplest compliant path) ### What This Means for QuickChat AAC Since we are offline-first with no third-party SDKs, no ads, no external links in the child-facing UI, and no analytics SDKs, we are in an excellent compliance position. The main risk vectors are: 1. Accidentally including a framework dependency that phones home 2. Any future addition of crash reporting or analytics 3. Links in the parent settings area that aren't behind a parent gate --- ## 2. Parent Gate Requirements ### What Apple Officially Says From [Building Apps for Kids](https://developer.apple.com/app-store/kids-apps/) and [Design Safe Experiences](https://developer.apple.com/kids/): **Required gate scenarios:** - In-App Purchases - Links to external websites - Links to social networks - Links to other apps - Any other actions requiring parental oversight **Gate design guidance (official):** - Must be "adult-level tasks" that are "genuinely difficult for children to bypass" - Can use "math problems, question-based tasks, or other verification methods" - Should "randomize the combination of questions and answers each time" to prevent memorization - **For pre-literate children:** Must include voiceover prompts to involve parents **Important distinction (Guideline 5.1.4b):** > "The parental gate requirement for the Kids Category is generally not the same as securing parental consent to collect personal data under these privacy statutes." A parent gate is a UX barrier, not a legal consent mechanism. ### What Works in Practice (Developer Community) **Math problems** — The most commonly documented accepted approach. Typically multiplication or multi-step arithmetic that a young child cannot solve. **Random question-answer pairs** — Accepted. Questions rotate to prevent memorization. **Code-entry / PIN** — Libraries like [HYParentalGate](https://github.com/RomanN2/HYParentalGate) exist (Swift, code-entry based), but there is no public confirmation of Apple's stance on static PINs. A randomized challenge is safer than a fixed PIN. **Gesture-based gates** (e.g., "swipe in a specific pattern," "hold three fingers") — No documented Apple guidance found. These would be risky for pre-literate children since they could be discovered by trial and error. ### Recommended Implementation for QuickChat AAC Given our target age (0-5, pre-literate): 1. **Randomized math problems** (e.g., "What is 14 x 3?") — safe, well-documented 2. **VoiceOver prompt** telling the child "Ask a grown-up to help" — Apple specifically recommends this for pre-literate audiences 3. **Randomize every presentation** — prevents memorization 4. Parent gate must protect: settings, any external links, subscription/purchase flows ### Ambiguity Flag Apple does not publish an exhaustive list of accepted gate types. The guidelines say "adult-level tasks" and show math as an example, but do not explicitly prohibit or approve other approaches. When in doubt, math + randomization is the safest bet. --- ## 3. COPPA Compliance ### What Triggers COPPA COPPA applies based on **directedness to children**, not just explicit age collection. The FTC evaluates: - Subject matter and visual content - Animated characters or child-oriented activities - Music/audio designed for kids - Age of models featured - Language and tone - Advertising placement **QuickChat AAC is unambiguously child-directed.** COPPA applies. Period. ### 2025 COPPA Rule Amendments The FTC finalized amendments on January 16, 2025; published in Federal Register April 22, 2025; effective June 23, 2025. **Full compliance deadline: April 22, 2026.** Key changes: - **Expanded definition of "personal information"** — now includes biometric identifiers (voiceprints, facial templates, fingerprints, gait patterns) - **Data minimization is now a legal obligation** — collect only what's necessary, retain only as long as needed, no indefinite retention - **Stricter vendor/SDK auditing** — must audit third-party data flows, retention, sub-processors - **Enhanced parental consent mechanisms** — deletion workflows, parental dashboards - **Mandatory data mapping** across all collection points ### Does On-Device-Only Storage Exempt You from COPPA? **Short answer: No, but it dramatically reduces your compliance surface.** COPPA regulates the **collection** of personal information from children by operators of websites and online services. Key analysis: 1. **COPPA applies to "operators" of commercial websites/online services directed to children.** An App Store app qualifies as an "online service." 2. **"Collection" under COPPA means gathering, receiving, or tracking personal information.** Even on-device, if your app collects personal information (names, photos, voice recordings, persistent identifiers), COPPA's requirements technically apply. 3. **However**, if data never leaves the device and is never transmitted to you or any third party, many of COPPA's requirements become moot in practice: - No third-party disclosure to regulate - No data breach notification concern (data isn't in your possession) - No data deletion request to fulfill (parent controls the device) - No parental consent for disclosure (there is no disclosure) 4. **The FTC has not published explicit guidance stating on-device-only apps are exempt.** The search results across legal analyses confirm this gap. **Practical recommendation:** Treat COPPA as applicable. Maintain a privacy policy. Do not collect persistent identifiers. Do not transmit anything. This gives you de facto compliance without needing to test the legal theory. **Source:** [FTC COPPA FAQ](https://www.ftc.gov/business-guidance/resources/complying-coppa-frequently-asked-questions), [Promise Legal COPPA Guide 2025](https://blog.promise.legal/startup-central/coppa-compliance-in-2025-a-practical-guide-for-tech-edtech-and-kids-apps/), [FTC Press Release](https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-finalizes-changes-childrens-privacy-rule-limiting-companies-ability-monetize-kids-data) ### Biometric/Voice Data Warning The 2025 COPPA amendments add **voiceprints** to the definition of personal information. QuickChat AAC uses AVSpeechSynthesizer (output only, no voice capture), so this is not currently an issue. **However**, if we ever add speech recognition (SFSpeechRecognizer) or voice recording features, those would immediately trigger COPPA's biometric data provisions. --- ## 4. iCloud Sync and Kids Category ### Can a Kids Category App Use iCloud? **Yes, with important caveats.** Apple's guidelines prohibit sending PII or device information **to third parties**. iCloud/CloudKit is Apple's first-party service, not a third party. Apple's own documentation describes children using iCloud to store "photos, videos, documents, notes, contacts, calendars, mail, backups, and other app data." **SwiftData + CloudKit sync** is a first-party Apple framework syncing data to Apple's own infrastructure under the user's (or parent's managed) Apple ID. This is fundamentally different from sending data to a third-party analytics or advertising service. ### Does Apple Consider iCloud Sync as "Data Collection"? **Under Apple's Kids Category rules:** No explicit prohibition found. The rules target third-party data transmission, not Apple's own iCloud infrastructure. **Under COPPA:** iCloud sync means data leaves the device and goes to Apple's servers. Apple is the cloud provider, not the app developer. The data is still under the parent's Apple ID and Apple's own COPPA-compliant privacy practices. The app developer never receives or accesses this data. ### Ambiguity Flag There is **no explicit Apple documentation** that says "Kids Category apps may use iCloud sync" or "Kids Category apps may not use iCloud sync." The absence of a prohibition, combined with Apple actively marketing iCloud as part of the child account experience, suggests it is permitted. However, this has not been tested through a public App Review rejection/appeal that we can cite. ### Practical Recommendation 1. Start with **local-only SwiftData** (no CloudKit sync) for the initial release 2. This eliminates any possible ambiguity 3. Add iCloud sync as a future feature after confirming with Apple Developer Support or observing other Kids Category apps using it successfully 4. When/if adding sync, use SwiftData's private CloudKit database only (user's own data, not shared) --- ## 5. SwiftData in Kids Category Apps ### Does SwiftData Phone Home? **No.** SwiftData is a local persistence framework built on top of Core Data. When used without CloudKit integration: - All data is stored locally in SQLite on the device - No network calls are made - No data is transmitted anywhere - No telemetry or analytics are built into the framework SwiftData is as privacy-safe as writing to a local file. ### Known Issues **No known Kids Category-specific issues with SwiftData.** It is a pure Apple first-party framework with no third-party dependencies, no network activity (when used locally), and no data collection. ### CloudKit Integration Consideration If SwiftData is configured with CloudKit sync enabled (via the iCloud capability), it will sync data to Apple's servers. This is opt-in at the developer level — it requires explicit code and entitlement changes. It does not happen by default. ### Recommendation for QuickChat AAC Use SwiftData in local-only mode. This is the simplest, most compliant approach. Configuration: - Use `ModelContainer` without CloudKit configuration - Do NOT add the iCloud capability or CloudKit entitlement - Do NOT enable Background Modes for Remote Notifications (used for CloudKit sync) --- ## 6. App Review Gotchas for Kids' Apps ### Common Rejection Reasons (Developer Community Reports) **1. Hidden SDK data collection** Even if you don't use a third-party SDK's tracking features, if the SDK binary includes code that *could* collect data, Apple may reject. They scan binaries for framework signatures. Solution: completely remove prohibited SDKs, don't just disable features. **2. Incomplete parent gates** Any link, purchase opportunity, or external content must be gated. Developers report rejections for missing gates on: subscription restore buttons, privacy policy links, "rate this app" prompts, and social media links. **3. App Tracking Transparency presence** Do NOT include the ATT framework. Its mere presence implies tracking capability, which is prohibited. **4. Privacy declaration mismatches** Your App Privacy "nutrition label" must exactly match your app's actual behavior. Apple cross-references declarations with binary analysis. Claiming "no data collected" while including Firebase will cause rejection. **5. Category lock-in** Once in the Kids Category, removing it is difficult. Developers report that even after removing Kids Category designation, App Store Connect continues to enforce Kids Category restrictions on updates. This can require Apple support intervention to resolve. **6. Age rating questionnaire (NEW - 2025)** Apple introduced new age rating categories (13+, 16+, 18+) and a comprehensive questionnaire. Developers must complete updated age rating forms by **January 31, 2026** or face delays on app updates. **7. Metadata "For Kids" restriction** Using terms like "For Kids" or "For Children" in app name, subtitle, icon, screenshots, or description is reserved for Kids Category apps only. If you're in the category, you can use these terms. If you're not, you'll be rejected. ### Hidden Requirements **Privacy policy is mandatory** — not just recommended. Must be accessible within the app, not just on your website. **All sections must comply** — the data rules apply to the entire app, including parent/adult areas. You cannot have a "parent section" that uses third-party analytics while the "kid section" doesn't. **Source:** [Apple App Review Guidelines](https://developer.apple.com/app-store/review/guidelines/), [BuddyBoss Guide](https://buddyboss.com/docs/app-store-guideline-1-3-safety-kids-category/), [RevenueCat Guide](https://www.revenuecat.com/blog/growth/the-ultimate-guide-to-app-store-rejections/) --- ## 7. GDPR-K (EU Children's Privacy) ### Age of Digital Consent by Country GDPR Article 8 sets a default age of **16** for digital consent, but member states can lower it to as low as **13**. Current landscape: | Age | Countries | |-----|-----------| | 13 | Denmark, Portugal, Sweden, UK | | 14 | Spain | | 15 | France, Greece | | 16 | Germany, Austria, Netherlands (and GDPR default) | For a 0-5 age group, **parental consent is required in every EU jurisdiction.** No ambiguity here. ### 2025 EU Requirements (7 Key Changes) 1. **Private-by-default settings** — No open profiles, no public friend lists, no automatic location sharing. Cameras, microphones, downloads disabled unless user opts in. 2. **Stricter age verification** — Reliable, hard-to-bypass methods required (mobile network checks, bank linking, EU Digital Identity Wallet). 3. **Ethical design for children** — Eliminate manipulative interfaces by default. Infinite scrolling, autoplay, body-altering filters, and reward mechanics require explicit consent. 4. **Child rights-focused risk assessments** — Mandatory for any platform accessible to minors. 5. **Transparency in data use** — Children's data treated as "ethically charged." Clear, age-appropriate explanations required. 6. **Limiting algorithmic influence** — Recommendation systems designed to maximize engagement face scrutiny. 7. **Global compliance mandate** — Services accessible in EU, UK, or US must comply across all jurisdictions. **Source:** [GDPR Register - 7 Key Changes](https://www.gdprregister.eu/gdpr/eu-childrens-data-privacy-2025-7-changes/) ### Legitimate Interest vs. Consent For children's data, GDPR supports multiple lawful bases (legitimate interest, contract performance), but these are **rarely appropriate** for children's data due to its sensitivity. The GDPR explicitly requires considering whether the data subject is a child when invoking legitimate interest. **Practical guidance:** For a child-directed app, **consent (with parental authorization) is the only safe lawful basis.** ### EU Requirements Specific to QuickChat AAC Since we store all data locally and do not transmit data to any server: - Many GDPR requirements become moot (no data processing to declare, no cross-border transfers, no right-of-access requests to fulfill) - **Still required:** A GDPR-compliant privacy policy disclosing what data the app collects locally, how it's stored, and that it is not transmitted - **Still required if we add iCloud sync:** Data processing transparency, since Apple's servers may be in various jurisdictions - **Ethical design rules apply regardless** — no manipulative UI patterns, no engagement-maximizing mechanics targeting children ### Reward Mechanics Warning The EU's 2025 ethical design requirement states that "reward mechanics require explicit user consent rather than being pre-enabled." Since QuickChat AAC includes gamification and rewards as a core feature, we should: 1. Ensure rewards encourage communication, not screen time 2. Allow parents to configure/disable reward mechanics 3. Document that rewards are therapeutically motivated, not engagement-driven 4. Consider this in the parent settings area --- ## 8. AVSpeechSynthesizer and Kids Category ### Privacy Status: Clean AVSpeechSynthesizer is fully on-device. Key facts: - **All text-to-speech conversion happens locally** — no data leaves the device - **No network calls required** — works completely offline - **No internet connection needed** — "making it a go-to choice for privacy-conscious apps and offline functionality" - **No user data transmitted** — "Since all processing happens on the device, your app never sends user data to the cloud" - **No latency from network** — audio generated almost instantly **Source:** [Apple AVSpeechSynthesizer Documentation](https://developer.apple.com/documentation/avfaudio/avspeechsynthesizer), [Callstack TTS Guide](https://www.callstack.com/blog/on-device-text-to-speech-on-apple-devices-with-ai-sdk), [Personal LLM Tutorial](https://llm.chinesepowered.com/blog/tutorial-using-apples-avspeechsynthesizer-for-offline-text/) ### Voice Download Caveat Enhanced/premium voices (e.g., Siri voices) may need to be downloaded from Apple's servers on first use. This is a one-time system-level download managed by iOS, not by the app. The app itself makes no network call — iOS handles the voice download through Settings > Accessibility > Spoken Content > Voices. For Kids Category compliance, this is not a concern because: 1. The download is a system-level operation, not an app operation 2. No user data is transmitted 3. The built-in default voices work without any download ### SFSpeechRecognizer Warning (NOT currently planned) Unlike AVSpeechSynthesizer, the speech **recognition** framework (SFSpeechRecognizer) may make network calls for processing. On-device recognition is available on newer devices, but the framework may "sometimes need an Internet connection to update its local data." If speech recognition is ever added, this needs careful evaluation for Kids Category compliance. ### Recommendation AVSpeechSynthesizer is fully safe for Kids Category apps. No compliance concerns whatsoever. --- ## 9. TestFlight for Kids Category Apps ### The Age 13 Problem **TestFlight requires users to be 13 or older.** This is a hard requirement — children with child Apple IDs (under 13) cannot install TestFlight or accept TestFlight invitations. The age requirement varies by jurisdiction: - **13** — United States - **16** — Germany, Austria, Spain **Source:** [Apple Developer Forums](https://developer.apple.com/forums/thread/675464), [Apple Community Discussions](https://discussions.apple.com/thread/253222166) ### Workaround for Testing with Children Under 13 Since our target users are 0-5, we cannot test via TestFlight on their devices directly. The documented workaround: 1. On the child's iPad, go to Settings > Media & Purchases 2. Sign in with an **adult's** Apple ID (just for Media & Purchases, not iCloud) 3. Send the TestFlight invitation to the adult's email 4. Install the app via TestFlight using the adult's credentials 5. After installation, sign out of the adult's Media & Purchases account **Caveats:** - This breaks "Ask to Buy" functionality while the adult ID is signed in - Must be reversed after each installation/update - Not scalable for large beta groups ### Alternative Testing Methods - **Ad Hoc Distribution** — install directly via Xcode or MDM profile. No age restriction. Limit of 100 devices per year. - **Enterprise distribution** — requires Apple Developer Enterprise Program membership - **Xcode direct install** — plug in the iPad and run from Xcode. No restrictions, but not distributed. ### Recommendation For development and internal testing: use Xcode direct install. For small-scale user testing with families: use Ad Hoc distribution with provisioning profiles. For broader beta: use TestFlight with the adult account workaround (with clear instructions for testers). --- ## 10. Recent Changes (2024-2026) ### Age Rating System Overhaul (July 2025) Apple overhauled the age rating system, adding new categories: - Previously: 4+, 9+, 12+, 17+ - Now: 4+, 9+, **13+**, **16+**, **18+** New questionnaire covers: - In-app controls (parental tools) - Capabilities (chat, web access) - Medical/wellness topics - Violent themes **Compliance deadline: January 31, 2026.** Missing this deadline may delay future app updates. ### Declared Age Range API (2025) New API allowing parents to share a child's age category (not exact birthdate) with app developers: - Parents choose: Always, Ask First, or Never - Developers receive age category, not DOB - Includes age assurance method signal where legally required ### PermissionKit Framework (2025) New framework for requesting parental permission for child communication features: - Chat, follow, add-user actions require parent approval - Parents approve via Messages from their own device - **SignificantChange API** — notifies children/teens when significant app changes require parental consent ### SensitiveContentAnalysis Framework Detects nudity in images/videos before display. Real-time intervention in video-calling apps. Not directly relevant to QuickChat AAC but worth knowing about. ### App Store Product Page Transparency (2025) Parents now see expanded information on app product pages: - Content frequency details - Privacy nutrition label - Content control availability - UGC indicators - Messaging feature disclosure - Advertising disclosure ### Age Assurance Regional Requirements Certain regions now impose legal age-based obligations requiring: - Age category information support via Declared Age Range API - Significant change consent triggers - Parental withdrawal of consent notifications **Source:** [Apple Developer News](https://developer.apple.com/news/?id=091202019a), [Apple Kids Page](https://developer.apple.com/kids/), [Apple Upcoming Requirements](https://developer.apple.com/news/upcoming-requirements/) --- ## Summary: QuickChat AAC Compliance Posture ### What We're Doing Right (by design) | Aspect | Status | Notes | |--------|--------|-------| | No third-party SDKs | COMPLIANT | No Firebase, no analytics, no ad SDKs | | On-device data storage | COMPLIANT | SwiftData local-only, no cloud transmission | | AVSpeechSynthesizer | COMPLIANT | Fully on-device, no network calls | | No external links in child UI | COMPLIANT | All navigation stays within the app | | No advertising | COMPLIANT | No ads of any kind | | No tracking | COMPLIANT | No IDFA, no persistent identifiers sent anywhere | | Parent-gated settings | COMPLIANT | Adult area behind gate | ### What We Need to Build/Verify | Requirement | Action Needed | |-------------|---------------| | Parent gate implementation | Randomized math problems + VoiceOver prompt for pre-literate users | | Privacy policy | Write and include in-app (accessible from parent settings) | | Age rating questionnaire | Complete by Jan 31, 2026 | | App Privacy nutrition label | Declare accurately in App Store Connect (likely "No Data Collected") | | COPPA privacy policy | Include in privacy policy, mention no data collection/transmission | | GDPR privacy statement | Cover EU requirements in privacy policy | | Reward mechanics documentation | Document therapeutic purpose of gamification for EU ethical design compliance | | Parent-gate all links | Even privacy policy link, App Store rating link, support email — everything in parent area | ### Risk Areas to Monitor 1. **iCloud sync (future)** — If added later, research further before implementation 2. **Speech recognition (future)** — Would trigger biometric data provisions under COPPA 2025 3. **Any third-party dependency** — Audit every library for hidden network calls or data collection 4. **EU reward mechanics rules** — Document therapeutic justification, give parents control 5. **SDK binary scanning** — Apple scans binaries; ensure no prohibited frameworks are linked even transitively through dependencies 6. **Category lock-in** — Once in Kids Category, difficult to leave. This is fine for our use case but be aware. --- ## Sources ### Apple Official Documentation - [App Review Guidelines](https://developer.apple.com/app-store/review/guidelines/) — Guidelines 1.3, 2.3.8, 5.1.4 - [Building Apps for Kids](https://developer.apple.com/app-store/kids-apps/) — Parent gate requirements, age bands - [Design Safe and Age-Appropriate Experiences](https://developer.apple.com/kids/) — Frameworks, gate design, new APIs - [App Updates in the Kids Category](https://developer.apple.com/news/?id=091202019a) — 2025 age rating changes - [AVSpeechSynthesizer Documentation](https://developer.apple.com/documentation/avfaudio/avspeechsynthesizer) - [SwiftData Documentation](https://developer.apple.com/documentation/swiftdata) - [Apple Family Privacy Disclosure for Children](https://www.apple.com/legal/privacy/en-ww/parent-disclosure/) ### FTC / COPPA - [FTC COPPA FAQ](https://www.ftc.gov/business-guidance/resources/complying-coppa-frequently-asked-questions) - [FTC Press Release: 2025 COPPA Amendments](https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-finalizes-changes-childrens-privacy-rule-limiting-companies-ability-monetize-kids-data) - [Federal Register: COPPA Rule 2025](https://www.federalregister.gov/documents/2025/04/22/2025-05904/childrens-online-privacy-protection-rule) - [Promise Legal: COPPA Compliance Guide 2025](https://blog.promise.legal/startup-central/coppa-compliance-in-2025-a-practical-guide-for-tech-edtech-and-kids-apps/) - [Finnegan: Updated COPPA Rule Analysis](https://www.finnegan.com/en/insights/articles/the-ftcs-updated-coppa-rule-redefining-childrens-digital-privacy-protection.html) ### EU / GDPR - [GDPR Article 8](https://gdpr-info.eu/art-8-gdpr/) — Child consent provisions - [European Commission: Children's Data Safeguards](https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/legal-grounds-processing-data/are-there-any-specific-safeguards-data-about-children_en) - [GDPR Register: 7 Key Changes 2025](https://www.gdprregister.eu/gdpr/eu-childrens-data-privacy-2025-7-changes/) - [PRIVO: GDPR Age of Digital Consent](https://www.privo.com/blog/gdpr-age-of-digital-consent) - [iubenda: App Privacy Requirements for Kids](https://www.iubenda.com/en/help/114081-app-privacy-requirements-for-kids) ### Developer Community - [react-native-firebase #4494](https://github.com/invertase/react-native-firebase/issues/4494) — Kids Category rejection - [react-native #47200](https://github.com/facebook/react-native/issues/47200) — Guideline 1.3 rejection - [Apple Developer Forums: Analytics in Kids Category](https://developer.apple.com/forums/thread/130863) - [Apple Developer Forums: Firebase in Kids Category](https://developer.apple.com/forums/thread/133400) - [Apple Developer Forums: TestFlight Age 13](https://developer.apple.com/forums/thread/675464) - [Medium: Parent Gate Guidelines](https://medium.com/@laurentm/apple-ios-app-store-guidelines-for-kids-category-the-parental-gate-fa4ba10edd6f) - [BuddyBoss: Resolving Guideline 1.3](https://buddyboss.com/docs/app-store-guideline-1-3-safety-kids-category/) - [RevenueCat: App Store Rejections Guide](https://www.revenuecat.com/blog/growth/the-ultimate-guide-to-app-store-rejections/)