Find a PDF version of this document here.
1.0 Purpose
The purpose of this document is to show developers how easy it is to use the Developer Dashboard to set up their online services to use the AgeCheq API. It walks a developer through the steps of setting up a developer account, registering an online service as an AgeCheq application, and generating a Privacy Disclosure by identifying what Personally Identifiable Information (PII) that online service collects, stores, and shares.
2.0 Create a Developer Account
The first step to using the AgeCheq Developer Dashboard is to create a developer account. Point your web browser to https://developer.agecheq.com and create a new developer account to get started with the AgeCheq service.
The service will ask you for a user name, a valid email address, and a password to get started. Once your account has been created successfully, you'll be asked to log in with your new credentials. Do so, and you'll be redirected to the main dashboard page.
3.0 Register your online service as an AgeCheq application
Once you have signed up for the AgeCheq service, you will want to set up an application to identify your online service to AgeCheq. Click on the Add a New App button across the top of the AgeCheq Developer Dashboard to do so. You'll see a pop up appear that asks how you would like to name the online service.
Provide a name to help you identify the online service and click Save. You should now be on the app editing page. If it isn’t already selected, click on the button labeled The Basics.
3.1 Enter basic information about your online service
· Application Name: The name shown to your customers identifying your online services may be changed here.
· Description: Give your online service a single sentence description so Parents can follow what game or app they are approving. This text is only used for display and marketing purposes.
· API Age Cutoff: The AgeCheq API automatically reports whether a user is 13 or older as well as whether the user is 18 or older using a true/false value. If you would like the AgeCheq API send back a similar report about a different age, enter an API Age Cutoff.
· Additional Agree Message: If there is text included in this field, it will appear on the privacy disclosure as an additional message that must be agreed to.
· PIICrypt: PIICrypt is an optional AgeCheq service that allows a developer to store Personally Identifiable Information (PII) in cloud based storage using a key that is stored on the device. The service also allows Parents to clear PII when desired without involving the developer.
The Related Links on the right give parents more information about your app.
• Full Privacy Policy: This URL should point directly to your published privacy policy for your online service on the Web. That way, customers may see your entire privacy policy for your online service from the Parent Dashboard when parents are giving their consent to collect their child’s data.
• Web URL: If your online service is available on the Web, enter its URL here so that it appears to your customers in the AgeCheq Parent Dashboard. This link is used to feature your online service within the AgeCheq Parent Dashboard to increase awareness and market share.
• iOS* Store URL: If you have an iOS version of your online service, drop a link to it here so that it appears to your customers in the AgeCheq Parent Dashboard. This link is used to feature your online service within the AgeCheq Parent Dashboard to increase awareness and market share.
• Google* Play Store URL: If your online service is available through Google Play, drop a link to it here so that it appears to your customers in the AgeCheq Parent Dashboard. This link is used to feature your online service within the AgeCheq Parent Dashboard to increase awareness and market share.
• Support Email: You may enter your online service’s support email address to have it appear in your customers’ Parent Dashboard as an option to reach out to you in case of an issue.
Click on the Save App Changes button to conserve your choices.
3.2 Catalog what PII is collected
Next, you’ll want to build your online Privacy Disclosure. Click on the What’s Collected button.
Here you'll find a menu of features in your online service that you are required to share with your customers for COPPA Compliance. Ask yourself which features your online service uses and answer the questionnaire honestly to complete this step. Select the Personally Identifiable Information that your online service collects. Make sure to specify whether the information is collected, collected and stored, or collected – stored – and shared with someone else.
Here are some details on each entry:
• IP Address: If your online service captures, stores, or shares the current IP Address of its users, these options must be checked.
• Device ID: If your online service captures, stores, or shares a unique identifier for the device that the software is running on, these options must be checked.
• Child Age: If your online service captures, stores, or shares the age of its users, these options must be checked.
• Child Name: If your online service captures, stores, or shares the name of its users, these options must be checked.
• Location: If your online service gets any information about where its user is or says they are, check the appropriate options.
• Photos: If your online service deals with user photos in any way, these options should be checked appropriately.
• Video: If your online service takes any video, these options should be checked appropriately.
• Audio/Voice: If your online service records or streams user audio in any way, these options should be checked appropriately.
• Email: If your online service asks your users for any email address, these options should be checked appropriately.
• Twitter: If your online service asks your users for any Twitter information, these options should be checked.
• Facebook: If your online service asks your users for any Facebook information, these options should be checked.
• Other Social: If your online service asks your users for any information related to a social network that is not Facebook or Twitter, click these options.
Click Save App Changes to continue. You’ll see a popup that reads “Application Saved Successfully”.
3.3 Identify 3rd party services used
Next, click the 3rd Party Services button. Here, find any services your game or app may use and add it as well. If you can’t find a particular service, just select the checkbox for the appropriate Unlisted service until that service has confirmed what Personally Identifiable Information they collect.
Below the disclosure checklist, you’ll find a group of 3rd Party Functionalities that your online service may implement. Select the services your application uses, and check any services you may use in those lists. If the appropriate service you use isn’t found, just select “Third Party APIs” from the list.
• In App Purchases: Does your online service feature a way to make purchases using an online payment method? If so, answer yes here.
• Analytics: If your online service uses an established analytics package, select it from this drop down list.
• Advertising: If your online service features any advertising, select the advertising provider here. The following entries are checked depending on whether your online service collects the following information, whether it is stored indefinitely, and finally whether the online service provides that information to any third parties over the Internet.
• Text Messaging: If your online service sends text messages, select yes here.
• Multimedia Messaging: If your online service delivers video or images, select yes here.
• Third Party APIs: If your online service uses any other APIs, you'll need to answer yes to this question. Furthermore, these third party APIs must be COPPA compliant as well.
Finally, clicking on the Disclosure Preview button ( ), will display the Privacy Disclosure as a customer will ultimately see it.
3.4 Identify revocation information
Next, click the Revocation button. This section of the developer dashboard tells AgeCheq how to handle parent’s requests for developer to reveal what data they’ve collected on their child and whether they want to revoke their permission for the developer to collect personal information on their child.
· Parental Permission Revocation: The COPPA law requires that developers remove any Personally Identifiable Information about a child under 13 if a parent revokes their permission for an app to collect it. These fields tell AgeCheq how to reach you if a parent does decide to revoke their permission. You may get the revocation by email, by a Web call, or both.
· Parental PII Request: These fields tell AgeCheq how to reach you if a parent wants to know what Personally Identifiable Information (PII) has been collected. You may get this request by email, by a Web call, or both.
· Test: Test Revocation and PII request Web calls using these test buttons.
All these requests could optionally return a bit of data stored with the user by the developer using the AgeCheq associate API command. That way, when you get these alerts back you’ll be able to better understand which user they reference.
For more information on revocation messages and the notifications they trigger, look at this associated document on parental callback notifications at: http://documentation.agecheq.com/pdf/Parental_Callback_Notifications.pdf
3.5 Runtime Controls
Once you have your online service up and running with the AgeCheq API, you might not want to force your customers to go through all the hurdles of verifiable parental consent all at once. The Runtime Tuning portion of the AgeCheq Developer Dashboard is useful for managing the amount of “friction” your customers might face while trying to comply with the COPPA rule.
There are two ways that AgeCheq can help developers manage this risk. The first is by limiting or “throttling” the percentage of API calls to check for parental approval requests, and the second is to give developers the ability to track how many times a parent has been asked to authorize a game or app. For more information on these onboarding tools, look at this associated document at: http://documentation.agecheq.com/pdf/Customer_Onboarding_Tools.pdf
Click on the Runtime Controls button to access the controls for these tools.
3.5.1 API Throttle Control
The API Throttle control allows developer so manage their transition to full COPPA compliance by allowing them to control the percentage of parental approval requests that are actually processed. Setting the tuning at 100% indicates that each and every request to see if an app has been approved by a parent or not will hit the AgeCheq database and report back a valid answer. Setting the tuning to 0% indicates that each and every request to the AgeCheq database will return a “verified” result, so that you may incrementally get your customers COPPA compliant by giving a percentage of your users a “free pass”.
If the API Throttle is used, the check API command will report that it was used, and whether the check was dismissed or actually processed. Take a look at the data.checktype return value of the check API command in the AgeCheq API documentation for more information (http://documentation.agecheq.com/pdf/AgeCheq_API_Documentation.pdf).
3.5.2 Application Trials
The AgeCheq system may track how many times an application asks a parent to authorize an app for their child. That way, the game or app could make an informed decision whether to allow the child to play or force an action by a parent based on how many warnings they have received. The application trial information is returned to the developer following the check API command through the data.trials value.
Take a look at the check API command in the AgeCheq API documentation for more information (http://documentation.agecheq.com/pdf/AgeCheq_API_Documentation.pdf).
3.6 Viewer
If you would prefer to rely on AgeCheq to provide the entire user interface for COPPA compliance, you may use the AgeCheq Viewer in your software. The integrated user interface is known as the “AgeCheq Viewer” and it runs in a Web view of some sort, whether that is a pop-up or child browser window, or an actual Web control within the context of a mobile app. The controls for the AgeCheq Viewer are available in the AgeCheq Developer Dashboard by clicking on the Viewer button.
The text at the top of this screen will provide the URL to open to show the AgeCheq Viewer. The viewer requires that the developer enter a valid Return URL before the viewer will function properly. This URL will be opened once the viewer has done its job getting appropriate COPPA compliance and approval of any selected privacy policy, terms of service, or end user license agreement.
· Background Color: The background color behind the app icon when it is shown in the Agecheq Viewer user interface.
· Header Text: This markup-enabled line of text is shown at the top of the AgeCheq Viewer. It typically describes your privacy and compliance policies in brief.
· Prompt Text: This text is displayed below the header text and is meant to be a “call to action”. It is also markup-enabled.
· Include AgeCheq: If this selection is turned on, the AgeCheq Viewer will ask underage users to provide their AgeCheq PIN and check the relationship of that child to the associated app. If the “Include AgeGate” switch is not turned on, the system assumes that the application targets children and that all users are underage.
· Include AgeGate: If this selection is turned on, the AgeCheq Viewer will ask the user to provide their date of birth. Users that self-identify themselves as children are asked to provide their AgeCheq PIN for COPPA compliance if the “Include AgeCheq” switch is also on. Otherwise, the current age of the user is returned along with their response to the acceptance request.
· Return URL: This URL is opened in the browser once the viewer has done its job getting appropriate COPPA compliance and associated approvals. There are a series of query string variables passed in the call that will inform the developer about the user’s choices.
· Privacy Policy URL: The URL of the application’s full privacy policy should be here so that users may view it and agree to it. Leave this field blank if your software doesn’t use a full privacy policy.
· Terms of Service URL: The URL of the application’s terms of service agreement should be here so that users may view it and agree to it. Leave this field blank if your software doesn’t use a terms of service.
· EULA URL: The URL of the application’s end user license agreement should be here so that users may view it and agree to it. Leave this field blank if your software doesn’t use an EULA.
3.7 App Maintenance
There are several generic app maintenance features of the Developer Dashboard.
3.7.1 Upload a New Icon
To upload a new icon for an app, click on the AgeCheq icon in the upper-left hand portion of the screen. Click the button that reads Browse and pick a 150x150 pixel PNG image from your file system. Click on the Upload button to complete the process.
3.7.2 Delete an App
Click on the trash can icon ( ) across the top of the screen. Select Delete Your App to bring up a dialog that reads Are You Sure. Click the button that reads Yes, delete it to complete the process.
4.0 Account Maintenance
Some information about your AgeCheq Developer account may be managed from the Account button in the upper right hand corner of the screen. Click it to bring up some important information about the account.
· Developer Key: This is a unique identifier used in the AgeCheq API to identify the developer who is making the calls to the AgeCheq server.
· Your Email: This is the email address chosen for the account when it was created.
· Company: This optional field is displayed to parents when they look at the automatically generated Privacy Disclosures.
· Email for Billing Alerts: This is the email address that AgeCheq will use to get in contact with the customer for administrative purposes.
· Change Password: Click on this button to change the password for the AgeCheq Developer Dashboard account. Be sure to enter the current password as well as the new password and its confirmation first.
Click the Save Changes button to confirm and save any changes.
5.0 Integrate the AgeCheq API
The final step to using AgeCheq for COPPA compliance is integrating the AgeCheq API into your online service. We have a growing library of software development kits (SDKs) to get you started with the integration as well as a simple and straightforward document describing the API itself. You may choose to either use the appropriate SDK to integrate our API into your online service, or if you choose you may open up the documentation on the API itself and make calls directly to the underlying RESTful Web service. Please find these documents and samples at http://documentation.agecheq.com.