How to Audit and Clean Your Child's Digital Footprint: A Step-by-Step Parent's Guide

My neighbor’s son got his first real job offer rescinded at age 19. The company’s HR department had found a public Instagram post from when he was 14 — a photo with a caption his teenage self thought was funny, his parent thought he’d deleted, and a recruiter thought disqualifying. The post had been up for five years on an account the family had forgotten existed, connected to an email address from middle school that no one checked anymore. Nobody had done anything wrong in the conventional sense. Nobody had audited anything either.

A digital footprint audit sounds like something a corporate IT department does, not something parents do on a Tuesday night. But the reality is that your child’s online presence — created intentionally and accidentally, by them and by you — is accumulating in ways that are entirely searchable, often permanent, and increasingly consequential. The good news: a systematic audit is not technically difficult. It requires organization and persistence, not expertise.

Key Takeaways

• Most families have never searched Google for their child’s name — and would be surprised by what they find.
• Photo sharing by parents (sharenting) often creates a larger early digital footprint than the child’s own activity, and that content can be searched, archived, and used.
• COPPA (Children’s Online Privacy Protection Act) gives parents the right to request deletion of data collected from children under 13, but this right is underused and requires knowing which platforms hold the data.
• Reverse image search is a critical tool for finding where your child’s photos are appearing online without your knowledge.
• Data broker databases — the companies that aggregate and sell personal information — contain children’s data and can be cleared, though the process requires periodic repetition.

Phase 1: Google Search Audit

The first step in any digital footprint audit is the most overlooked: simply searching for your child. Most parents have never done this systematically. Do this across multiple search engines, because Google, Bing, and DuckDuckGo index different content.

Basic name searches to run:

• “[Full legal name]”
• “[Nickname]”
• “[First name] + [last name] + [city]”
• “[First name] + [last name] + [school name]”
• “[Username]” (if your child uses a consistent username across platforms)

Log every result. Don’t click to remove anything yet — catalog first. You need to understand the complete landscape before you start removing things, because removal requests can sometimes trigger Google’s cache to update in ways that surface content you hadn’t noticed.

Google’s results pages to check beyond page 1:

• Images tab: switch to Google Images and search the name separately
• News tab: local news sites sometimes publish children’s names in sports coverage, academic honor rolls, or event coverage without parental permission
• Videos tab: YouTube and short-form video platforms index into Google Video search

For deeper search results, Google allows you to look for cached versions of pages that may have since been removed. Search for cache:[URL] to see if Google has a snapshot of a deleted page. If content has been removed from a website but Google still shows it in results, you can submit a removal request through Google’s “Remove outdated content” tool at search.google.com/search-console/remove-outdated-content — no account required for the basic form.

Phase 2: Reverse Image Search

Reverse image search is the step most parents skip and the one that often surfaces the most concerning results. The goal is to find out where your child’s photos are appearing online — including on sites that scraped them from social media, photo-sharing platforms, or news sites.

How to run a reverse image search:

1. Save a selection of photos of your child (school photos, profile pictures, any commonly used photos).
2. Go to images.google.com, click the camera icon, and upload the photo.
3. Review every result. Google will show you pages that contain visually similar or identical images.
4. Repeat on TinEye (tineye.com), which has a different and complementary database.
5. For Bing: images.bing.com has a camera icon that performs the same function.

Results can include: social media posts (yours or others’), scraped content on third-party sites, forum posts where someone reposted a photo, background-check websites, and in rarer cases, sites you actively do not want your child’s image appearing on.

For each result that concerns you:

• If it’s on a social platform you control: delete the original post and request cache removal through Google.
• If it’s on a site you don’t control: contact the site’s abuse or privacy email (usually found via a WHOIS lookup or the site’s contact page) with a formal removal request citing COPPA if your child was under 13 when the photo was taken.
• If it’s on a data broker or background-check site: see Phase 4.

Phase 3: Forgotten and Dormant Account Audit

Children’s online account history is remarkably messy. An average child between ages 8 and 16 creates accounts on dozens of platforms — some at the parent’s suggestion, many independently — and the vast majority of those accounts are never formally closed. They simply go dormant.

Dormant accounts are a digital footprint risk for several reasons: they may contain information and photos that are now outdated or embarrassing, they may have settings that were never updated and make content public, they may be targets for account takeover if the password is weak, and some platforms periodically make dormant accounts public or change their privacy settings automatically.

How to find forgotten accounts:

The most effective method is to search for your child’s email addresses and usernames across platforms. Have your child (if old enough to help) or do it yourself:

1. Go to HaveIBeenPwned.com and enter each email address your child has used. This tool (run by Troy Hunt, an independent security researcher widely cited by CISA) will show you which platforms experienced data breaches that included that email address — which tells you which platforms have accounts.

2. Search Google for "[username]" site:instagram.com or site:reddit.com or other platforms to find accounts associated with a known username.

3. Check the browser’s saved passwords. Most browsers (Chrome, Safari, Firefox) store a list of sites where passwords have been saved. This is often the most complete record of which sites your child has actually created accounts on.

4. Review your email inbox and your child’s inbox for account confirmation emails. Searching for “confirm your email” or “welcome to” will surface dozens of account creation records.

Account Type	Common Platforms	Deletion Path
Social media	Instagram, TikTok, Snapchat, Twitter/X, BeReal	Settings > Account > Delete Account
Gaming	Roblox, Minecraft, Steam, Discord, Epic Games	Support ticket required for most; some have in-settings deletion
Email	Gmail, Outlook, Yahoo, iCloud	Account settings; may require knowing the recovery method
Shopping	Amazon Kids, Shopify stores, app purchases	Contact support; removal right under COPPA for under-13 accounts
Education	Google Classroom, Khan Academy, Duolingo	School admin tools or account settings
Forums/communities	Reddit, Discord servers, older forums	Per-site; many older platforms don’t have easy deletion

For each dormant account found: decide whether to delete it entirely or reactivate it temporarily to update privacy settings and content, then delete. Full deletion is always preferable if the account isn’t being actively used.

Phase 4: Data Broker and Background-Check Site Removal

This is the most labor-intensive phase of a digital footprint audit but also one of the most impactful for long-term privacy. Data broker companies — entities like Spokeo, Whitepages, PeopleFinder, BeenVerified, MyLife, Intelius, and dozens of smaller aggregators — compile personal information from public records, social media, and other sources and make it searchable or sellable.

Children’s data appears in these databases for several reasons: their names appear in public records when parents buy homes, register for community programs, or appear in local news; their information is sometimes scraped from social platforms; and in some cases, data from school-affiliated surveys or public programs is aggregated by third parties.

The FTC has taken enforcement action against data brokers for violating COPPA, including a 2023 action against Kochava. But regulatory action is slow and individual. In the meantime, parents can request manual removal from individual data broker sites.

Manual removal steps:

1. Search for your child’s name on each major data broker site.
2. Locate the “opt out” or “do not sell my information” link, required under various state privacy laws including California’s CCPA.
3. Submit the removal request with required verification. Most sites require an email address and may require a photo ID copy to verify the person requesting removal.
4. Document the removal request with a screenshot and the date.
5. Return in 3 months to verify removal and re-request if the data has reappeared (it often does, because data brokers re-scrape).

Several services — including DeleteMe and Privacy Bee — automate this process for a subscription fee, submitting removal requests to hundreds of data brokers on your behalf. These services range from $50-$150/year and are worth considering for families who want ongoing protection without doing the manual work repeatedly.

Phase 5: COPPA Data Deletion Rights

If your child is under 13, or if an account was created when your child was under 13, COPPA (Children’s Online Privacy Protection Act) gives you enforceable rights to request deletion of data collected without proper parental consent. The FTC enforces COPPA, and major platforms know they face significant liability for COPPA violations — which means deletion requests citing COPPA are treated seriously.

To exercise COPPA deletion rights:

1. Identify which platforms collected data on your child before age 13.
2. Contact the platform’s privacy/data department. Most major platforms have a specific COPPA contact in their privacy policy.
3. State explicitly: “I am the parent/guardian of [name], born [date]. This account was created when they were under 13 without verifiable parental consent. I am requesting deletion of all data associated with this account under COPPA.”
4. Keep a copy of the request and the response.

For platforms that don’t respond or refuse, a complaint to the FTC at reportfraud.ftc.gov is the appropriate next step. The FTC has levied substantial fines — including a $5.7 million penalty against Musical.ly (now TikTok) in 2019 — for COPPA violations, and complaint volume influences enforcement priorities.

Building Forward: A Cleaner Digital Presence

An audit is a cleanup exercise. Building a cleaner ongoing digital presence requires a few changes to how the family approaches sharing and account creation going forward.

For parents:

• Before sharing any photo of your child publicly online, consider whether that image will feel comfortable to your child at age 16, at age 25, in a job application context.
• Regularly audit your own social media posts that include your child. Most platforms allow you to download an archive of all your posts, review them, and delete selectively.
• Use privacy settings to restrict who can see and download photos of your child on any platform where you share them.

For kids and teens:

• Establish a single email address for account signups so account history can be tracked in one place.
• Before creating any new account, establish a simple question: “What would I be comfortable with this account showing in 10 years?” This is not an abstraction for most teens — it’s a useful filter.
• Understand that deleting a post on most platforms does not guarantee immediate removal from cached search results or from any third party that screenshotted or scraped it before deletion.

For more on how teens can protect their broader privacy online, see our article on understanding digital privacy for middle schoolers.

What to Watch For Over 3 Months

• Re-run the Google name search 90 days after completing the initial audit to check whether removed content has resurfaced or new content has appeared.
• Check HaveIBeenPwned.com again quarterly — new breaches are discovered continuously and old accounts your family forgot about may appear in newly disclosed breach data.
• If you submitted data broker removal requests, return to each site to verify deletion — many data brokers re-populate within 90 days and require repeat requests.
• Watch for unexpected contacts: if your child starts receiving unsolicited communications from strangers, this may indicate that personal information is available in places you haven’t yet found.
• Notice whether your child’s school is generating new public digital content (honor rolls, sports coverage, event photos) and whether that content uses identifying information you’d prefer to keep offline.

Frequently Asked Questions

How do I find all the accounts my child has created online?

Search your email inboxes for “welcome to,” “confirm your email,” and “account created” messages. Check saved passwords in your browser. Search Google for your child’s usernames. Use HaveIBeenPwned.com with each email address your child has used to find platforms that experienced data breaches linked to those emails.

Can I force Google to remove my child’s information from search results?

Google has a specific removal form for content involving minors: the “Removing Content From Google” tool at support.google.com. You can request removal of a minor’s personal information, photos, or content that was created when your child was a minor. Google has a policy of honoring these requests for children’s content more readily than general removal requests.

What is sharenting and why does it matter for my child’s digital footprint?

Sharenting is the practice of parents publicly sharing photos and information about their children online. Research from the University of Michigan found that by age 5, the average American child has over 1,000 images of themselves posted online by parents — primarily on Facebook and Instagram. This creates a digital footprint that predates any choices the child makes about their own privacy.

How long does it take for data broker removals to take effect?

Individual data broker sites typically process removal requests within 30-45 days. However, because these companies re-scrape public data continuously, removed information often reappears within 90-180 days, requiring repeated requests. This is why some families find automated data removal services worth the subscription cost.

Should I tell my child I’m auditing their digital footprint?

For children 10 and older, involving them in the audit is generally more productive than doing it covertly. Explaining what you’re looking for and why teaches the child about their own digital presence and gives them agency in the cleanup. It also avoids the trust damage that can result if a teen discovers a parent was secretly auditing their accounts.

---

About the author

Ricky Flores is the founder of HiWave Makers and an electrical engineer with 15+ years of experience building consumer technology at Apple, Samsung, and Texas Instruments. He writes about how kids learn to build, think, and create in a tech-saturated world. Read more at hiwavemakers.com.

Sources

1. Federal Trade Commission. (2023). COPPA: Children’s Online Privacy Protection Act — Enforcement Actions. https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa
2. Federal Trade Commission v. Musical.ly (TikTok). (2019). FTC Case No. 2019-0089. https://www.ftc.gov/news-events/news/press-releases/2019/02/video-social-networking-app-musically-agrees-settle-ftc-allegations-it-illegally-collected-personal
3. Hunt, T. (2024). Have I Been Pwned: About the site. https://haveibeenpwned.com/About
4. Steinberg, S. B. (2017). Sharenting: Children’s privacy in the age of social media. Emory Law Journal, 66, 839–884.
5. CISA. (2024). Securing Your Digital Footprint: Best Practices for Families. https://www.cisa.gov/resources-tools/resources/cybersecurity-best-practices
6. Privacy Rights Clearinghouse. (2024). Data broker opt-out listings. https://privacyrights.org/data-brokers
7. Livingstone, S., & Blum-Ross, A. (2020). Parenting for a Digital Future: How Hopes and Fears about Technology Shape Children’s Lives. Oxford University Press.