TL;DR
April 22, 2026 was the enforcement deadline for updated COPPA rules covering new consent requirements, data retention limits, and disclosure obligations for services directed at children under 13. Schools, edtech platforms, and parents navigating these rules need to document what privacy policies say—and when. Convert: Web to PDF lets you save any privacy policy or compliance page as a timestamped PDF in seconds. Free, no account, no upload.
What Changed on April 22, 2026
The Federal Trade Commission's updated Children's Online Privacy Protection Act (COPPA) rule brought its final compliance deadline on April 22, 2026. The rule is the most significant overhaul of children's online privacy requirements since the original COPPA was enacted in 1998.
The key changes now in force:
Separate opt-in consent for targeted advertising. Operators can no longer bundle advertising consent into general terms of service. Parents must give separate, specific consent before an operator can serve targeted ads to children.
Strict data retention limits. Operators must delete children's personal information "as soon as reasonably practicable" once it's no longer needed for the purpose it was collected. General terms like "we retain data for business purposes" are no longer sufficient.
Enhanced disclosure requirements. Privacy notices must now include specific descriptions of what data is collected, how long it's retained, who it's shared with, and how parents can exercise deletion rights.
School contracts. Schools authorizing edtech tools on behalf of parents must now ensure those tools meet the stricter consent and retention standards. The responsibility chain is explicit: if a school uses a tool with children's data, the school is vouching for that tool's compliance.
Why Documenting Privacy Policies Matters Right Now
COPPA enforcement has historically been reactive—the FTC investigates after complaints or visible violations. But 2026 marks a shift:
Multi-jurisdictional enforcement is now the norm. The joint settlement between California, Connecticut, and New York against Illuminate Education in 2025 demonstrated that multiple states' attorneys general will coordinate enforcement actions. A violation of COPPA can simultaneously trigger investigations from the FTC and multiple state agencies.
The Consortium of Privacy Regulators now comprises 10 states, pooling resources and sharing intelligence. This means smaller violations that might have fallen below a single AG's threshold can now aggregate into coordinated enforcement.
Class action exposure. The updated COPPA rules create clearer grounds for private litigation, particularly around the requirement for separate advertising consent. Parents whose children were tracked for advertising without specific consent have cleaner legal grounds in 2026 than before.
For schools, edtech companies, and any operator with a children's audience, this means you need documentation—not just compliance, but evidence that you reviewed and verified the tools you use.
What Documentation to Create
For Schools and Administrators
Every edtech tool a school uses with students' data should have a corresponding compliance record. That record should capture:
- The vendor's privacy policy as of the review date
- The vendor's COPPA-specific disclosure (where applicable)
- Any data processing agreements or school-specific terms
- The date of review
Privacy policies are living documents—vendors update them, sometimes without adequate notice. A PDF capture is a timestamped record of what a policy said when you reviewed it.
For EdTech Companies
Your own privacy policy is a legal document. Maintaining version snapshots—especially around compliance deadlines—creates an audit trail. If the FTC or a state AG asks when you updated your retention language, a dated PDF of your published privacy policy is cleaner evidence than a git commit history.
For Parents
Parent-facing documentation has two purposes: understanding what you've consented to, and having a record if something goes wrong. Saving the privacy policies and consent forms for the tools your child's school uses creates a paper trail you control.
How to Save Compliance Pages as PDF
Convert: Web to PDF makes this a one-click operation from Chrome:
- Navigate to the privacy policy, terms of service, or compliance disclosure page
- Click the extension icon
- The page converts to a clean PDF—no ads, no navigation chrome, no cookie banners
- The file downloads to your machine with the current date in the filename
The result is a clean, readable PDF that's also searchable—useful when you need to find specific language (like a data retention clause) months later.
Handling Multi-Page Privacy Policies
Long privacy policies often span multiple pages or require scrolling through expandable sections. The extension handles full-page scroll capture, rendering the complete document rather than only what's visible on screen.
What the PDF Date Captures
The file's creation date (embedded in PDF metadata) records when you generated it. Combined with a clear filename (e.g., ClassDojo_PrivacyPolicy_2026-04-22.pdf), you have a complete reference: what the policy said, on what date.
The Most Important COPPA-Relevant Services to Review
Not every tool your school or organization uses falls under COPPA—the rule applies to operators of websites and online services directed to children under 13, or general-audience services with actual knowledge they're collecting data from children. In practice, the following categories are most relevant:
Classroom management and LMS tools: Google Classroom, Schoology, Canvas, Clever. Most have COPPA compliance programs and school-specific data processing agreements.
Assessment and tutoring platforms: Khan Academy, IXL, Quizlet, Renaissance Learning, Lexia. These have large K-8 user bases and significant data collection for personalization.
Communication and parent-engagement tools: ClassDojo, Seesaw, Remind. These handle communication between teachers, students, and parents, often collecting children's device identifiers and usage data.
Games and enrichment apps: Any app used in a classroom that involves accounts, progress tracking, or personalization is in scope.
For each category, download the current privacy policy and any COPPA-specific disclosure. File them with the date.
Comparison: Documentation Methods
| Method | Timestamped | Searchable | Captures Full Policy | Requires Account |
|---|---|---|---|---|
| Screenshot | Partial (file date) | No | No (viewport only) | No |
| Browser bookmark | No | No | No | No |
| Web Archive (Wayback Machine) | Yes | No | Usually | No |
| Print to PDF (Chrome) | Yes (file date) | Yes | Yes | No |
| Convert: Web to PDF | Yes (file date) | Yes | Yes | No |
| Online PDF converter | Yes | Yes | Yes | Often |
The advantage of a browser extension over Chrome's native print is output quality: Convert: Web to PDF strips cookie banners, navigation menus, and advertising from the output, producing a document that reads as the policy content rather than a screenshot of a busy webpage.
COPPA Compliance in Context: What Else Changed in 2026
COPPA's April 2026 deadline didn't happen in isolation. The broader privacy compliance landscape in 2026 includes:
19 states now have comprehensive privacy laws. Indiana, Kentucky, and Rhode Island joined the list effective January 1, 2026. Each state has somewhat different requirements around children's data, consent, and deletion rights.
California's CCPA DROP platform (Delete Request and Opt-out Platform) became available January 1, 2026, with data brokers required to check it every 45 days starting August 1, 2026. This is separate from COPPA but affects the same data ecosystem.
The EU's AI Act places specific restrictions on AI systems that interact with minors, intersecting with COPPA in edtech tools that use AI-powered personalization.
Compliance teams covering children's services need to document against all of these layers. PDFs are the most portable, durable, and universally readable format for that documentation.
Frequently Asked Questions
Q: Does COPPA apply to schools directly, or only to app vendors?
Both. Operators of services directed to children must comply. Schools that deploy such services on behalf of parents "authorize" the collection on parents' behalf—which means schools take on responsibility for verifying the tools they use are compliant.
Q: What's the penalty for COPPA violations in 2026?
The FTC can seek civil penalties up to $51,744 per violation per day. In multi-state enforcement actions, state-level penalties stack on top. Illuminate Education's 2025 multi-state settlement resulted in significant financial penalties and mandatory compliance programs.
Q: Do I need to save privacy policies in any specific format for compliance purposes?
There's no regulatory requirement specifying PDF. However, PDF is the most durable and universally readable format, maintains formatting and content integrity, and is straightforward to timestamp and store.
Q: What if a vendor doesn't have a COPPA-specific privacy policy?
That's itself a compliance signal. Under the updated rules, any operator with actual knowledge that they're collecting data from children under 13 must have appropriate disclosures. Absence of COPPA-specific language in a tool used with K-8 students is a risk factor worth documenting.
Q: How often should I re-save privacy policies?
At minimum: when you first adopt a tool, at each major update the vendor announces, and on a regular schedule (quarterly or semi-annually). Set a calendar reminder.
The Bottom Line
The COPPA compliance deadline on April 22, 2026 is a starting line, not a finish line. Enforcement is ongoing, and the documentation you build now protects you in future investigations or disputes.
Convert: Web to PDF makes building that documentation library effortless—navigate to a privacy policy, click once, get a clean searchable PDF. No account, no upload, nothing leaving your browser.
For compliance teams also working with local documents—contracts, data processing agreements, signed consent forms—Convert: Anything to PDF handles file-to-PDF conversion with the same zero-upload approach.