You already own the parent relationship. Phosra is the fastest, cheapest way to carry one parental choice across every surface a kid touches — and stay compliant in every jurisdiction behind it. Map to the standard once and inherit the age-signal handling for every statute, instead of rebuilding per-law code paths that drift. The first integration path is roughly 18.5 engineering-weeks of work you simply don't do. Built on OCSS, the Open Child Safety Specification.
Pricing: usage-based on the hosted router — you pay per signal it routes; $0 on the standard or the mark. Families always stay free. See pricing →
You are the enforcement surface. OCSS is the contract above it — the shared vocabulary every other vendor implements against the same way. Conform once and the rest is plumbing you inherit, not plumbing you maintain.
You map your product to the OCSS rule vocabulary one time. The signal plumbing for each statute — how an age signal enters, which gate it trips, what receipt it writes — is already wired behind the standard. New laws extend the same contract instead of forking your codebase.
Every enforcement event your product fires is signed, timestamped, and replayable. That is evidence a regulator can weigh — not a compliance determination. OCSS confers no regulatory approval and is not a COPPA safe harbor.
A mark you earn from the standard by conforming to it — never one Phosra issues, grades, or sells. We are the reference implementer and one accredited network on OCSS, like Yubico on FIDO2. The standard lives at openchildsafety.com.
Phosra's parent-facing directory routes families to conformant products. Conform, earn the mark, and your listing carries the signal that regulators, the press, and the app stores have learned to look for.
The cheapest way onto OCSS is the Alert-only profile: read the child's age signal from your auth flow, fire parent notifications on the channels you already run — push, SMS, email — and sign a receipt for each one. No new enforcement surface required; you wire the signal and the receipt to what you already ship.
From there you opt into tier gates, verifiable parental-consent flows, and hard blocks as your roadmap allows — each one a named section of the standard, conformed to the same contract. You are explicit about what is live and what is still on the roadmap; nothing is implied that you have not earned.
Read the OS / auth age signal — routes the policy stack.
Parent notification + signed receipt on your channels.
Content / AI / privacy bands mapped to statute.
Account creation, time limits, in-app purchase.
Consent + reporting boundaries — named, on the roadmap.
OCSS is a draft standard — currently Draft 4, pre-release, an individual IETF Internet-Draft — not a ratified standards-body output. Conformance is verifiable evidence, not regulatory approval, and never a COPPA safe harbor. Phosra is the reference implementer and one accredited network on OCSS; we do not own the standard, and the anti-capture design is the point — verifiable succession and multi-router federation mean a Phosra-only world is one the conformance code itself rates red. The canon lives at openchildsafety.com.
The fastest path is Alert-only and it starts in the docs — self-serve, no sales call required. When you are ready to shape the standard from the inside, the Charter Adopter cohort is open.