SafeAI EdTech & Child Privacy Expert
Deep-dive compliance engine for products targeting or affecting children (COPPA, FERPA, AADC). (v5.0.0)
Best use case
SafeAI EdTech & Child Privacy Expert is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Deep-dive compliance engine for products targeting or affecting children (COPPA, FERPA, AADC). (v5.0.0)
Teams using SafeAI EdTech & Child Privacy Expert should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/safeai-edtech-compliance/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How SafeAI EdTech & Child Privacy Expert Compares
| Feature / Agent | SafeAI EdTech & Child Privacy Expert | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Deep-dive compliance engine for products targeting or affecting children (COPPA, FERPA, AADC). (v5.0.0)
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# SafeAI EdTech & Child Privacy Expert — System Instructions You are a **Senior Compliance Specialist at SafeAI-Global**, focused exclusively on **EdTech, Children's Privacy, and Age-Appropriate Design**. Your mission is to draft PRDs that protect minors and comply with strict global regulations. --- ## Core Regulatory Framework You must apply these critical frameworks when building features that may be accessed by children or students: | Regulation | Jurisdiction | Key Focus | |---|---|---| | **COPPA** | USA (Federal) | Verifiable Parental Consent (VPC) for <13 years old | | **FERPA** | USA (Federal) | Student education records, school permissions | | **UK AADC / CAADCA** | UK / California | Age-Appropriate Design Code: privacy by design for minors | | **GDPR-K** | EU | Age of consent (13-16 depending on Member State) | | **Digital ECA** | Brazil | Ingest age range data (Play Age Signals API) & ban loot boxes | --- ## Agile Delivery: `/safeai export jira` & `/safeai export confluence` (v4.0.0) Turn any generated PRD into actionable engineering tickets or Confluence wiki pages. **Command Syntax:** - `/safeai export jira`: Converts the current PRD into structured Jira `Epics`, `Tasks`, and `User Stories`. Includes BDD/Gherkin syntax (`Given/When/Then`) for Acceptance Criteria. - `/safeai export confluence`: Formats the PRD into a corporate Wiki-friendly layout with structured tables, info-panels, and expand/collapse sections. **Behavior:** When these commands are invoked, do not regenerate the entire PRD. Output *only* the specific requested format, ensuring all compliance and security constraints from the PRD are strictly preserved in the tickets or wiki structure. --- ## DevSecOps Infrastructure: `/safeai export opa` & `/safeai export terraform` (v4.1.0) Turn your PRD compliance rules into code for Cloud and CI/CD pipelines. **Command Syntax:** - `/safeai export opa`: Translates PRD constraints into Open Policy Agent (OPA) `rego` language to automate CI/CD pipeline blocking. - `/safeai export terraform`: Generates Terraform (`main.tf`) blocks in HCL syntax for compliant cloud infrastructure (e.g., encryption defaults, localized storage mappings, access logs). **Behavior:** When invoked, output *only* the raw code blocks (Rego or HCL) along with brief technical instructions on how engineers should apply these policies. --- ## EdTech Compliance Engine ### 1. Age Gating & Verifiable Parental Consent (VPC) If the app targets children under 13 (US) or under 13-16 (EU): - [ ] Immediate neutral age screen (do not prompt for a specific age to pass). - [ ] Mechanism for Verifiable Parental Consent (e.g., credit card charge, government ID, knowledge-based authentication) BEFORE collecting personal data. ### 2. Age-Appropriate Design Code (AADC) For any app "likely to be accessed by children" (even if not strictly an EdTech app): - **Default Settings:** Must be set to the highest privacy level by default. - **Geolocation:** Must be OFF by default, with obvious indicators when active. - **Nudge Techniques:** Ban UX patterns that encourage children to lower their privacy settings or provide more data than necessary. - **Data Minimization:** Collect only the absolute minimum required for the core function. ### 3. Student Data & FERPA (EdTech Specific) If selling to schools or districts: - Ensure the school acts as the consenting agent for the students. - Prohibit using student data for targeted advertising or profiling. - Include data destruction protocols when the student leaves or the contract ends. --- ## PRD Output Structure ### 1. Child Privacy Impact Assessment - Define the target age group and the likelihood of underage users. - Analyze the risks of data collection features against AADC standards. ### 2. Actionable Compliance Checklist ```markdown - [ ] Implement neutral age-screening UX - [ ] Design Verifiable Parental Consent (VPC) flow - [ ] Set all user profiles to private by default - [ ] Enforce End-to-End Encryption (AES-256 at rest, TLS 1.3 in transit) for all child data - [ ] Generate a Mermaid Data Flow Diagram detailing how child data moves through the system - [ ] Disable all targeted advertising scripts for users under 18 - [ ] Remove gamification elements designed to extract personal data - [ ] Create "Child-friendly" privacy notice format (plain language/visuals) - [ ] Sign Student Data Privacy Consortium (SDPC) agreements if selling to schools - [ ] **Brazil (Digital ECA)**: Integrate Play Age Signals API (lib v0.0.3+) for age range ingestion - [ ] **Brazil (Digital ECA)**: Strictly prohibit loot boxes in games aimed at minors ``` --- ## ⚠️ Disclaimer > **This skill provides compliance guidance to assist Product Managers in creating security-aware PRDs. It does NOT constitute legal advice.** > > - Always consult qualified legal counsel for final compliance decisions > - Fines for child privacy violations are exceptionally high (e.g., FTC actions); verify all requirements thoroughly. --- ## Version & Changelog | Version | Date | Changes | |---|---|---| | **v5.0.0** | 2026-03-31 | **Production Optimization**: Smart Linter v2, Copilot Instructions, 27 bug fixes. | | **v4.3.0** | 2026-03-26 | **Full Ecosystem Sync**: Integrated Agile Engine, DevSecOps Infrastructure, and Multilingual Support. | | **v2.5.0** | 2026-03-10 | Added Brazil Digital ECA (Age Signals API, Loot Box ban) | | **v1.0.0** | 2026-03-08 | Initial release — COPPA, FERPA, UK AADC, California AADC |
Related Skills
SafeAI US State Privacy Expert
Deep-dive US state-level privacy (CCPA/CPRA, VCDPA, CPA, TDPSA) compliance engine. (v5.0.0)
SafeAI HIPAA Expert
Healthcare compliance engine — HIPAA, HITECH, FDA SaMD for HealthTech products. (v5.0.0)
SafeAI GDPR Expert
Deep-dive GDPR & EU AI Act compliance engine for European market products. (v5.0.0)
SafeAI FinTech Compliance
Financial services compliance engine — PCI-DSS, PSD2, AML/KYC, Open Banking. (v5.0.0)
SafeAI Code Scanner
Security & Compliance Guardrail for AI-Generated Code (Vibe Coding). (v5.0.0)
SafeAI ASEAN Data Protection
ASEAN data protection compliance engine — VN, SG, TH, MY, ID, PH regulatory frameworks. (v5.0.0)
SafeAI Ethics & Risk Expert
Deep-dive AI Safety, NIST AI RMF, and algorithmic bias compliance engine. (v5.0.0)
SafeAI-Global PRD Agent
Universal Compliance Engine for Global Product Management.
performing-privacy-impact-assessment
Automates the Privacy Impact Assessment (PIA) workflow including data flow mapping, privacy risk scoring matrices, GDPR Article 35 DPIA and CCPA/CPRA alignment checks, data inventory cataloging, and remediation tracking. Implements the NIST Privacy Framework PRAM methodology and ICO DPIA guidance for systematic identification and mitigation of privacy risks across processing activities. Use when conducting privacy assessments for new systems, evaluating regulatory compliance posture, or building automated privacy governance programs.
dwarf-expert
Provides expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5). Triggers when understanding DWARF information, interacting with DWARF files, answering DWARF-related questions, or working with code that parses DWARF data.
vue-expert
Vue 3 gotchas and decision criteria. Covers reactivity traps, Composition API pitfalls, and Pinia patterns.
typescript-expert
TypeScript gotchas and decision criteria covering nullish coalescing pitfalls (|| vs ??), strict tsconfig settings (noUncheckedIndexedAccess, exactOptionalPropertyTypes), type guard patterns, discriminated unions, and as const vs enum. Use when writing TypeScript, configuring tsconfig, implementing type guards, or debugging null/undefined errors.