Child-safety compliance · one integration

Spend less time on integrations. More time protecting kids

Integrate once. Every age check and rule is honored on every surface a kid touches — and prints a signed receipt that proves it.

1
integration replaces the whole tangle
110
rule categories across 91 statutes

In 2027, California's AB 1043 makes operating-system vendors surface every kid's age signal — and the rest of the internet has to consume and enforce it. With 91+ child-safety statutesalready live across jurisdictions, every app and platform is now in scope. That's the deadline. Phosra is how you meet it without building it 300 times.

AB 1043 · 2027the forcing function
91+ statutesalready live across jurisdictions
Every app & platformnow in scope
The problem

Kids find the gaps first. Every platform gap is a protection gap.

The instinct is to wire protection into each surface by hand — every app, every streaming service, every game, every router — then re-wire it for every new law. That tangle never holds. An API changes here, a statute lands there, and a seam opens. A kid walks straight through it.

~300brittle integrations

Roughly 50 parental-controls providers × the major platformsis ~300 bilateral integrations — an N×M matrix that grows every quarter. Each one runs about 18.5 engineering-weeksto build, and every wire re-breaks on someone else's schema change.

Whiplashregulatory

New child-safety law lands somewhere on the map almost every month. Hand-built compliance is out of date the day it ships.

The seama kid's shortcut

The one surface you didn't get to is the one a kid finds first. Coverage that isn't everywhere isn't coverage.

So stop wiring gaps. Set protection once— and let it reach every surface, including the ones you haven't built yet.

How it works

Send us a kid's age signal. Yourrules apply on every surface — and you get a receipt that proves it.

01age ingestedread the age signal02tier gatepick the privacy tier03enforcementapply the rule04signed receiptsha256:7f3a9e················13–15signal into network
  1. 01

    You send a signal

    One API call carries a kid's age signal — from an OS vendor, a parent's setting, or your own check. No raw birthdate leaves your system.

  2. 02

    Your rules apply, everywhere

    The signal carries your enforcement intent across every protected surface — app, streaming, games, DNS, router — set once and honored the same way on all of them.

  3. 03
    The proof

    You get a receipt

    Every decision returns a tamper-evident, signed receipt — replayable by a regulator, verifiable by anyone, without exporting a single user record.

Phosra moves the signal and returns the receipt. Your classifier still does the detecting— the protection is yours; we give it reach. OCSS is the transport, not the detection.

Set once · honored everywhere

Write the rule once. It's honored the same way everywhere.

A parent's choice, or a platform's policy, shouldn't be re-implemented for every surface and re-argued for every law. Express it one time as a directive; Phosra carries it — unchanged — to every place protection has to reach.

directive— the one instruction you express; we make every surface obey it.

The moat

A network no single company can capture.

The rail is open. Running the only accredited network on it is the business.

  • FIDO2Yubico
  • Card railsStripe
  • OCSSPhosra
0≥3

Independent intermediaries — by design. One operator routing every signal alone is exactly what the conformance suite flags. Flip the network red to see it.

How we make moneyUsage-based on the hosted router. $0on the standard, the mark, and governance — written into the spec. See pricing →

Flip the network — green is healthy, red is capture
Federation healthRATES GREEN · PLURAL

A signed signal routes through whichever accredited router is open. Plural federation RATES GREEN — a single-vendor network RATES RED: capture, not trust.

Why now

In 2027, California's AB 1043 makes operating-system vendors statutory age-signal issuers— every app and platform will have to consume that signal and prove it acted on it. The seat for the layer that does it is open.

Parental-control vendors

Carry a parent's choice everywhere.

You own the parent relationship. Phosra carries that one choice across every surface — without rebuilding age logic per platform.

~18.5 eng-weeksthe build you skip
See the vendor path
Platforms & OS vendors

Consume the age signal AB 1043 forces — don't build it.

In 2027, OS vendors become statutory age-signal issuers. Phosra is the layer that consumes that signal and enforces the rules, so you don't stand up the plumbing yourself.

AB 1043 · 2027the statutory clock
See the platform path
Schools & districtsroadmap

District consent and reporting, one boundary.

K-12 is a named lane we're building — district consent, reporting boundaries, and age-appropriate access mapped to statute. On the roadmap, not shipped yet.

Named lanebuilding now
Talk to us about K-12
Developers

Start with one API call.

Age signal in, signed decision out. Tier vocabulary from the 115-category OCSS registry — instead of building and maintaining the compliance plumbing yourself.

1 API callage in · signed decision out
Start building
The proof

Hand a regulator a receipt they can replay.

Every decision returns a tamper-evident, ed25519-signed receipt. Each link chains to the hash before it, so the record can't be edited after the fact — a regulator can replay the chain and verify the signature without you exporting a single user record.

receipt— the proof a regulator can replay, not just a log line you wrote.

A receipt proves a decision was made and recorded. It is not a regulatory safe-harboror a due-care showing on its own — it's the evidence, not the verdict.

Build on the standard. Run it through us.

Conform to OCSS in a few API calls — and keep the door open to the rest of the federation.