Legal pillar · v0.14.0
privacy-classification PrivacyClassification
Privacy classification for a B2C product. Aggregates the regulatory flags and store-compliance signals that drive age-gate logic, ad-targeting policy, and store-listing content ratings. Scope: one per product (or per tenant for single-product shops). Lives at `legal/privacy-classification.yaml`.
$id · https://corpospec.com/schemas/v0.14.0/privacy-classification.schema.json
Fields
| Field | Type | Required | Description |
|---|---|---|---|
| as_of | IsoDate | yes | Effective date of this classification. |
| coppa | boolean | yes | Whether the product is subject to COPPA (Children's Online Privacy Protection Act, US, 15 U.S.C. §§ 6501–6506). True iff the product is directed at children under 13 or has actual knowledge that it collects personal information from children under 13. |
| gdpr_kids | boolean | yes | Whether the product is subject to GDPR-K (Art. 8 GDPR — children's data). Member-state minimum ages range 13–16; see `gdpr_k_minimum_age`. |
| id | PathRef | yes | PathRef of this record (conventionally `legal/privacy-classification`). |
| admob_category_filter | string? | — | Google AdMob content-filter category (e.g. `"G"`, `"PG"`, `"T"`, `"MA"`) or the strictest category when multiple surfaces are served. |
| age_gate | AgeGate? | — | Structured age-gate configuration, when one is applied at sign-up. `None` means no age gate exists (e.g. B2B products where authors explicitly declare the audience is adult-only by contract). |
| app_store_content_rating | string? | — | App Store / Play Store content rating (e.g. `"4+"`, `"12+"`, `"17+"`, `"Everyone"`, `"Teen"`, `"Mature"`). Values depend on the store and rating body (ESRB, PEGI, USK, CERO). |
| gdpr_k_minimum_age | integer? | — | Minimum age used for GDPR-K parental-consent branching. Default is the strictest EU member-state threshold (16). Tenants operating in member states with lower minimums may override. |
| notes | string? | — | Free-form notes (e.g. "COPPA-safe because behavioural targeting disabled at the AdMob account level for the under-13 surface"). |
| policy | PathRef? | — | PathRef to a `legal/policies/*.yaml` privacy / children policy that encodes the public-facing prose. |
| product | PathRef? | — | Product the classification applies to (PathRef to a `product/*.yaml`). Optional for single-product tenants where the mapping is implicit. |
| related_decisions | PathRef[] | — | PathRefs to BDRs that rationalise the classification (e.g. `governance/decisions/0011-coppa-posture`). |
Definitions
Shared types referenced within this schema.
AgeGate
Age-gate rules applied at sign-up or first-use.
type: object
AgeVerificationMethod
Method used to gate users by age at sign-up.
IsoDate
ISO 8601 date (YYYY-MM-DD).
type: string
PathRef
Path-based cross-reference relative to .corpospec/ root.
Pattern: `^[a-z0-9_-]+(/[a-z0-9_.-]+)+$`
pattern: ^[a-z0-9_-]+(/[a-z0-9_.-]+)+$
Reference in your YAML
# yaml-language-server: $schema=https://corpospec.com/schemas/v0.14.0/privacy-classification.schema.json