Location-based games are poised for massive growth. This segment of the market is estimated to reach $285 billion in value by 2023. Not to be outdone, game developers (and tech giants) are weighing in with ever-more immersive experiences.

The biggest hurdle for developers in the kidtech space is that such games are often not playable until they can access the user’s location, but  geolocation is personal information under COPPA and GDPR-K and can’t be used without parental consent.

“COPPA covers the collection of geolocation information ‘sufficient’ to identify street name and name of city or town. One example where COPPA would be triggered is where an app takes the user’s longitude and latitude coordinates and translates them to a precise location on a map.”


What if my game doesn’t store geolocation data?

In many cases, location-based games will not store the location data they collect. Instead, they collect and process it in real-time and then often discard. Even so, this does not eliminate the requirement for verifiable parental consent (VPC):

“COPPA covers the collection of geolocation information, not just its use or disclosure.”


The challenge has been how to obtain verifiable parental consent. This has led some game developers to completely exclude kids from using their games while some have focused on other types of games that don’t need to collect location data. However, this does not have to be the case..

Kids Web Services (KWS) offers a VPC flow that allows the inclusion of kids in experiences by facilitating a GDPR and COPPA-compliant process to obtain parental consent. In this guide, we’ll walk through exactly how you can utilise KWS to best effect when building location-based games.

Set up a KWS App

Follow these steps to set up your KWS app

If you don’t already have access to a KWS environment, ask for a free sandbox. 


Once you have set up your app, liaise with your implementation manager to hash out what other permissions are required alongside the geolocation permission.

How the permissions are described to the parent will be key to ensuring compliance and maximising conversion. Once the set-up process is complete, your implementation manager will then add the permissions to your KWS App.

The User flow (kids)

Below is the flow that you should build using KWS:

Key to this flow is the following:

  1. Identify which of your users are kids at sign-up. To achieve this, pass the user’s date of birth and their country to the Age Gate API. This API will return a flag that signals if the user is indeed defined as a ‘kid’ based on their age and country (e.g ‘isMinor’ = true).
  2. Now that you have determined that the user is a kid, direct them to a sign-up flow that is powered by KWS. Use the pre-built Single Sign On (SSO) view that you can trigger from within your app.
    • Use this handy guide to define how your SSO view should function. Key to this is ensuring that the geolocation permission is requested as part of the sign-up flow (as it is essential to full gameplay).
    • The SSO View is pre-built to collect the following information from the kid during sign up:
      • Kid’s username and password – both are used for authentication.
      • Kid’s display name – this is an anonymous display name that is visible to other users within your app. You may choose to turn this optional feature off if you don’t require it within your app.
      • Parent’s email address – KWS will use this to contact the parent whenever consent is required.
  3. Once the registration process is complete, KWS will automatically send an email to the parent, letting them know that their child signed up to your app and that they require further permissions before using any location-based features. The parent may then choose to grant permission and go through the VPC process to verify their identity in accordance with data privacy laws.
  4. Use the ‘Get User Profile’ API endpoint to periodically check what permissions the user has been granted by their parent. As soon as the geolocation permission is granted, allow the child to access location-based features.

Some best practices

Avoid completely blocking kids from accessing features that do not require the geolocation permission while they are waiting for their parent to grant them access. You can achieve this by building into your experience a limited gameplay feature or an interactive tutorial.  We call this ‘progressive permissioning’ and it’s a great way to maximise engagement and conversion even when you have to obtain VPC before enabling full gameplay.

This will also avoid frustrating kids as it’s not uncommon for them to then ‘cheat the system’ by restarting the sign up process and providing a false age.  

Beyond this, giving the kid a glimpse of the experience increases the likelihood of them ‘nagging’ their parents for access to the features that lie behind permissions. This in itself drastically increases the conversion rate (the likelihood of parents granting that permission).


You’ve done it! Your app should now be accessible to the ever growing community of kid-gamers.