Tool
Dating Compliance Checklist
Filter by jurisdiction, tick what you have in place, and see what is left. This is operator-grade orientation, not legal advice. Verify with counsel before launch and at every material change.
Do these next
Highest-risk items still outstanding for UK.
- • Highly effective age assurance for under-18 access (UK Online Safety Act)
- • Protections for minors on online platforms (EU DSA)
- • Block under-13 sign-ups (US COPPA)
- • Privacy policy that meets UK and EU GDPR Article 13/14
- • In-product report and block on every profile and message
Age assurance and child safety
Dating products are squarely in scope of child-safety regimes. This is the highest-risk area to get wrong.
Highly effective age assurance for under-18 access (UK Online Safety Act)
High riskUKMultipleOfcom requires highly effective age assurance for services likely to be accessed by children, including dating services hosting adult content.
Online Safety Act for datingProtections for minors on online platforms (EU DSA)
High riskEUMultipleArticle 28 of the Digital Services Act requires platforms accessible to minors to put privacy, safety and security measures in place.
DSA compliance for datingBlock under-13 sign-ups (US COPPA)
High riskUSMultipleCOPPA prohibits collecting personal data from US children under 13 without verifiable parental consent. Dating products should hard-block.
Independent age verification provider in place
MediumUKEUUSMultipleSelf-declared age does not meet UK or EU standards for adult-content services. Use a regulated verification provider.
Identity verification guide
Data protection
Profile, photo, message and location data make dating high-risk under every modern privacy regime.
Privacy policy that meets UK and EU GDPR Article 13/14
High riskUKEUMultipleMembers must know what you collect, why, the legal basis, who you share with, and how long you keep it.
Privacy policy starterLawful basis documented for every processing activity
MediumUKEUMultipleContract, legitimate interests, consent or legal obligation. Marketing email needs consent; profile matching is contract.
GDPR for dating sitesSigned DPAs with every processor that touches member data
MediumUKEUMultipleHosting, email, analytics, payments and moderation vendors are all processors. No DPA, no GDPR compliance.
DPA starterSafeguards in place for data leaving the UK or EEA
MediumUKEUMultipleSCCs, IDTA or an adequacy decision must be in place for any transfer to a third country, with supplementary measures documented.
US state privacy compliance (CCPA, VCDPA, CPA, CTDPA, UCPA and friends)
MediumUSMultipleIf you sell or share data, run targeted ads or hit state thresholds, you need a Do Not Sell link, opt-out signals and consumer rights workflows.
US dating regulationsData retention schedule defined and enforced
LowUKEUUSMultipleMembers can request deletion, regulators ask how long you keep what. Default to delete unless you can justify keeping it.
Data retention for datingBreach response plan with 72-hour notification path
MediumUKEUUSMultipleMost regimes require notification of a personal data breach within 72 hours. Rehearse before you need it.
Dating breach response
Content moderation and reporting
Members must be able to report, you must be able to act, and you must be able to prove both to regulators.
In-product report and block on every profile and message
High riskUKEUUSMultipleNon-negotiable across every regime. Friction here turns into churn and complaints.
Safety features checklistDocumented illegal-content takedown process
High riskUKEUUSMultipleUK OSA, EU DSA and US notice-and-takedown regimes all require a clear path for reporting and removing illegal content.
Illegal content proceduresPublic moderation policy and community guidelines
LowUKEUUSMultipleMembers need to know the rules. Regulators check you publish them.
Moderation policy starterTransparency report on a regular schedule
MediumEUUKMultipleEU DSA Article 15 mandates them for in-scope platforms. UK OSA and US states are headed the same way.
Transparency report templateLaw-enforcement requests process and contact
MediumUKEUUSMultipleYou need a defined channel, a way to verify the request, and a log. Otherwise you risk over- or under-disclosing.
Law enforcement requests
Payments and AML
Dating is a high-risk MCC. Processor and chargeback exposure can close the business overnight.
High-risk payment processor approved for dating MCC
High riskUKEUUSMultipleStandard processors quietly off-board dating businesses. Use a specialist who has underwritten you up front.
Dating payment processorsChargeback rate kept under 1 percent with a written prevention program
High riskUKEUUSMultipleVisa and Mastercard place dating in a monitored category. Sustained excessive chargebacks trigger fines and termination.
Reducing chargebacksAuto-renewal pre-purchase and pre-renewal disclosures
MediumUKEUUSMultipleCalifornia ARL, FTC ROSCA, EU UCPD and UK CPRs all require clear up-front and pre-renewal notice plus easy cancellation.
KYC and AML controls for any premium or paid-for-introduction tier
LowUKEUUSMultipleRomance fraud and AML risk rises with paid features. Document your screening for higher-tier accounts.
AML for dating platforms
Advertising and consumer law
Your ads and your billing pages are the most visible regulatory surface. Mistakes here trigger complaints, refunds and fines.
Ad creative reviewed against ASA and CAP code
MediumUKMultipleUK ad standards are strict on dating, especially around body image, sexual implication and unrealistic outcomes.
Dating advertising complianceFTC Act and state UDAP compliance for US ads
MediumUSMultipleEarnings claims, testimonial use and "free" framing have all triggered enforcement actions in dating.
Cookie and tracking consent compliant with PECR or ePrivacy
MediumUKEUMultiplePre-consent tracking pixels are the single most common GDPR fine for ad-funded sites.
Cookie and consent starter
Terms and policies
The contract layer between you and members. Cheap to get right, expensive to retrofit.
Terms of Service that cover dating-specific risks
MediumUKEUUSMultipleAccount termination, fake profile rules, off-platform contact, IP licence, refund position. Generic SaaS templates leave you exposed.
ToS templatePublic community guidelines
LowUKEUUSMultipleMembers need to know what is allowed before they post, not after you ban them.
Profile and photo guidelinesRefund and cancellation policy aligned with consumer law
MediumUKEUUSMultipleEU and UK distance-selling rules grant statutory cancellation windows. Subscription dark patterns trigger regulator action.
Need the supporting documents? See the template library for the privacy policy, DPA, ToS, moderation policy and transparency report starters.