Carry a parent's choice everywhere.
You own the parent relationship. Phosra carries that one choice across every surface — without rebuilding age logic per platform.
Child-safety compliance · one integration
Integrate once. Every age check and rule is honored on every surface a kid touches — and prints a signed receipt that proves it.
In 2027, California's AB 1043 makes operating-system vendors surface every kid's age signal — and the rest of the internet has to consume and enforce it. With 91+ child-safety statutesalready live across jurisdictions, every app and platform is now in scope. That's the deadline. Phosra is how you meet it without building it 300 times.
The instinct is to wire protection into each surface by hand — every app, every streaming service, every game, every router — then re-wire it for every new law. That tangle never holds. An API changes here, a statute lands there, and a seam opens. A kid walks straight through it.
Roughly 50 parental-controls providers × the major platformsis ~300 bilateral integrations — an N×M matrix that grows every quarter. Each one runs about 18.5 engineering-weeksto build, and every wire re-breaks on someone else's schema change.
New child-safety law lands somewhere on the map almost every month. Hand-built compliance is out of date the day it ships.
The one surface you didn't get to is the one a kid finds first. Coverage that isn't everywhere isn't coverage.
So stop wiring gaps. Set protection once— and let it reach every surface, including the ones you haven't built yet.
Send us a kid's age signal. Yourrules apply on every surface — and you get a receipt that proves it.
One API call carries a kid's age signal — from an OS vendor, a parent's setting, or your own check. No raw birthdate leaves your system.
The signal carries your enforcement intent across every protected surface — app, streaming, games, DNS, router — set once and honored the same way on all of them.
Every decision returns a tamper-evident, signed receipt — replayable by a regulator, verifiable by anyone, without exporting a single user record.
Phosra moves the signal and returns the receipt. Your classifier still does the detecting— the protection is yours; we give it reach. OCSS is the transport, not the detection.
A parent's choice, or a platform's policy, shouldn't be re-implemented for every surface and re-argued for every law. Express it one time as a directive; Phosra carries it — unchanged — to every place protection has to reach.
directive— the one instruction you express; we make every surface obey it.
The rail is open. Running the only accredited network on it is the business.
Independent intermediaries — by design. One operator routing every signal alone is exactly what the conformance suite flags. Flip the network red to see it.
How we make moneyUsage-based on the hosted router. $0on the standard, the mark, and governance — written into the spec. See pricing →
A signed signal routes through whichever accredited router is open. Plural federation RATES GREEN — a single-vendor network RATES RED: capture, not trust.
In 2027, California's AB 1043 makes operating-system vendors statutory age-signal issuers— every app and platform will have to consume that signal and prove it acted on it. The seat for the layer that does it is open.
You own the parent relationship. Phosra carries that one choice across every surface — without rebuilding age logic per platform.
In 2027, OS vendors become statutory age-signal issuers. Phosra is the layer that consumes that signal and enforces the rules, so you don't stand up the plumbing yourself.
K-12 is a named lane we're building — district consent, reporting boundaries, and age-appropriate access mapped to statute. On the roadmap, not shipped yet.
Age signal in, signed decision out. Tier vocabulary from the 115-category OCSS registry — instead of building and maintaining the compliance plumbing yourself.
Every decision returns a tamper-evident, ed25519-signed receipt. Each link chains to the hash before it, so the record can't be edited after the fact — a regulator can replay the chain and verify the signature without you exporting a single user record.
receipt— the proof a regulator can replay, not just a log line you wrote.
A receipt proves a decision was made and recorded. It is not a regulatory safe-harboror a due-care showing on its own — it's the evidence, not the verdict.
Conform to OCSS in a few API calls — and keep the door open to the rest of the federation.
illustrative request · the public /v1/checkAPI ships in P2/P3 (succession record + §9.4 attestation CSV are live today)