Tool

Dating Compliance Checklist

Filter by jurisdiction, tick what you have in place, and see what is left. This is operator-grade orientation, not legal advice. Verify with counsel before launch and at every material change.

0 of 26 complete (0%)

Do these next

Highest-risk items still outstanding for UK.

  • Highly effective age assurance for under-18 access (UK Online Safety Act)
  • Protections for minors on online platforms (EU DSA)
  • Block under-13 sign-ups (US COPPA)
  • Privacy policy that meets UK and EU GDPR Article 13/14
  • In-product report and block on every profile and message

Age assurance and child safety

Dating products are squarely in scope of child-safety regimes. This is the highest-risk area to get wrong.

  • Highly effective age assurance for under-18 access (UK Online Safety Act)

    High riskUKMultiple

    Ofcom requires highly effective age assurance for services likely to be accessed by children, including dating services hosting adult content.

    Online Safety Act for dating
  • Protections for minors on online platforms (EU DSA)

    High riskEUMultiple

    Article 28 of the Digital Services Act requires platforms accessible to minors to put privacy, safety and security measures in place.

    DSA compliance for dating
  • Block under-13 sign-ups (US COPPA)

    High riskUSMultiple

    COPPA prohibits collecting personal data from US children under 13 without verifiable parental consent. Dating products should hard-block.

  • Independent age verification provider in place

    MediumUKEUUSMultiple

    Self-declared age does not meet UK or EU standards for adult-content services. Use a regulated verification provider.

    Identity verification guide

Data protection

Profile, photo, message and location data make dating high-risk under every modern privacy regime.

  • Privacy policy that meets UK and EU GDPR Article 13/14

    High riskUKEUMultiple

    Members must know what you collect, why, the legal basis, who you share with, and how long you keep it.

    Privacy policy starter
  • Lawful basis documented for every processing activity

    MediumUKEUMultiple

    Contract, legitimate interests, consent or legal obligation. Marketing email needs consent; profile matching is contract.

    GDPR for dating sites
  • Signed DPAs with every processor that touches member data

    MediumUKEUMultiple

    Hosting, email, analytics, payments and moderation vendors are all processors. No DPA, no GDPR compliance.

    DPA starter
  • Safeguards in place for data leaving the UK or EEA

    MediumUKEUMultiple

    SCCs, IDTA or an adequacy decision must be in place for any transfer to a third country, with supplementary measures documented.

  • US state privacy compliance (CCPA, VCDPA, CPA, CTDPA, UCPA and friends)

    MediumUSMultiple

    If you sell or share data, run targeted ads or hit state thresholds, you need a Do Not Sell link, opt-out signals and consumer rights workflows.

    US dating regulations
  • Data retention schedule defined and enforced

    LowUKEUUSMultiple

    Members can request deletion, regulators ask how long you keep what. Default to delete unless you can justify keeping it.

    Data retention for dating
  • Breach response plan with 72-hour notification path

    MediumUKEUUSMultiple

    Most regimes require notification of a personal data breach within 72 hours. Rehearse before you need it.

    Dating breach response

Content moderation and reporting

Members must be able to report, you must be able to act, and you must be able to prove both to regulators.

  • In-product report and block on every profile and message

    High riskUKEUUSMultiple

    Non-negotiable across every regime. Friction here turns into churn and complaints.

    Safety features checklist
  • Documented illegal-content takedown process

    High riskUKEUUSMultiple

    UK OSA, EU DSA and US notice-and-takedown regimes all require a clear path for reporting and removing illegal content.

    Illegal content procedures
  • Public moderation policy and community guidelines

    LowUKEUUSMultiple

    Members need to know the rules. Regulators check you publish them.

    Moderation policy starter
  • Transparency report on a regular schedule

    MediumEUUKMultiple

    EU DSA Article 15 mandates them for in-scope platforms. UK OSA and US states are headed the same way.

    Transparency report template
  • Law-enforcement requests process and contact

    MediumUKEUUSMultiple

    You need a defined channel, a way to verify the request, and a log. Otherwise you risk over- or under-disclosing.

    Law enforcement requests

Payments and AML

Dating is a high-risk MCC. Processor and chargeback exposure can close the business overnight.

  • High-risk payment processor approved for dating MCC

    High riskUKEUUSMultiple

    Standard processors quietly off-board dating businesses. Use a specialist who has underwritten you up front.

    Dating payment processors
  • Chargeback rate kept under 1 percent with a written prevention program

    High riskUKEUUSMultiple

    Visa and Mastercard place dating in a monitored category. Sustained excessive chargebacks trigger fines and termination.

    Reducing chargebacks
  • Auto-renewal pre-purchase and pre-renewal disclosures

    MediumUKEUUSMultiple

    California ARL, FTC ROSCA, EU UCPD and UK CPRs all require clear up-front and pre-renewal notice plus easy cancellation.

  • KYC and AML controls for any premium or paid-for-introduction tier

    LowUKEUUSMultiple

    Romance fraud and AML risk rises with paid features. Document your screening for higher-tier accounts.

    AML for dating platforms

Advertising and consumer law

Your ads and your billing pages are the most visible regulatory surface. Mistakes here trigger complaints, refunds and fines.

  • Ad creative reviewed against ASA and CAP code

    MediumUKMultiple

    UK ad standards are strict on dating, especially around body image, sexual implication and unrealistic outcomes.

    Dating advertising compliance
  • FTC Act and state UDAP compliance for US ads

    MediumUSMultiple

    Earnings claims, testimonial use and "free" framing have all triggered enforcement actions in dating.

  • Cookie and tracking consent compliant with PECR or ePrivacy

    MediumUKEUMultiple

    Pre-consent tracking pixels are the single most common GDPR fine for ad-funded sites.

    Cookie and consent starter

Terms and policies

The contract layer between you and members. Cheap to get right, expensive to retrofit.

  • Terms of Service that cover dating-specific risks

    MediumUKEUUSMultiple

    Account termination, fake profile rules, off-platform contact, IP licence, refund position. Generic SaaS templates leave you exposed.

    ToS template
  • Public community guidelines

    LowUKEUUSMultiple

    Members need to know what is allowed before they post, not after you ban them.

    Profile and photo guidelines
  • Refund and cancellation policy aligned with consumer law

    MediumUKEUUSMultiple

    EU and UK distance-selling rules grant statutory cancellation windows. Subscription dark patterns trigger regulator action.

Need the supporting documents? See the template library for the privacy policy, DPA, ToS, moderation policy and transparency report starters.