Your code reaches millions of kids. Is it designed to protect them?

Children spend more time inside software than they do in classrooms. The apps they use are built by teams who rarely see the regulatory landscape they're building into. Halo changes that.

Start for free arrow_forward See how it works
check_circle Set up in 60 seconds check_circle GitHub sign-in check_circle Open source
halo scan output
$ npx runhalo scan .
halo v1.2.5 scanning 847 files...
CRITICAL coppa-tracking-003 src/analytics/init.js:42
Tracking SDK Active for Under-18 Users
Penalty: $53,088/violation/day
HIGH aadc-defaults-002 src/config/telemetry.ts:15
Opt-Out Instead of Opt-In for Telemetry
MEDIUM coppa-cookies-016 src/lib/cookies.js:8
Missing Cookie Consent Banner
───────────────────────────────────
3 violations found across 847 files
1 critical · 1 high · 1 medium
Results uploaded to dashboard →

Three steps. Under two minutes.

No complicated setup. Sign up, connect your code, and every update is scanned automatically.

Step 1

Sign up with GitHub

One click. Your account is created and your compliance dashboard is ready.

radar
Step 2

Run your first scan

One command scans your entire project. Results appear in your dashboard.

$ npx runhalo scan .
verified_user
Step 3

Fix and stay compliant

Each violation shows what's wrong and how to fix it. Add Halo to your workflow and every future update gets checked automatically.

Found in production. Enforced by regulators.

What Halo catches in your code

These patterns exist in live apps right now. Regulators are actively enforcing against them.

CRITICAL coppa-tracking-003

Tracking SDK Active for Under-18 Users

Analytics tracking children without verifiable parental consent.

COPPA — $53,088/violation/day

HIGH aadc-defaults-002

Opt-Out Instead of Opt-In for Telemetry

Features must be off by default and require active user consent.

UK AADC — up to £17.5M

MEDIUM au-sbd-006

Location Data Without Explicit Consent

Geolocation collection requires informed opt-in, especially for minors.

AU Privacy Act — data exposure penalty

See all 180 rules across 13 jurisdictions arrow_forward
100+ Repos Scanned
3,500+ Violations Found
180 Compliance Rules
13 Jurisdictions

Independent research

We scanned the top 100 children's apps.

3,569 violations found
Data collection 31% Dark patterns 24% Age verification 18% Tracking 15%

Across open-source and public mobile codebases targeting children.

Enforcement deadline

COPPA 2.0 takes effect April 22, 2026.

The updated rule extends protections to children under 17 and introduces new requirements around biometric data, push notifications, and ed-tech data use.

$53,088

per violation, per day. FTC maximum civil penalty.

Built for compliance.
Designed for engineers.

Halo finds problems, helps you fix them, tracks your progress, and documents everything along the way.

Compliance

category

Grouped by rule

See all instances of the same problem across your projects. One pattern to fix. Progress bars show how close you are.

history

Full audit trail

Every resolution is recorded. Who decided, when, and why. Change a decision later and the full history is preserved.

psychology

AI-powered review

Each finding is assessed by Halo's AI that filters false positives and provides fix suggestions with regulatory context.

workspace_premium

Compliance scoring

A-F grading for your projects. Track your score over time. Generate reports for stakeholders and board presentations.

Developer tools

terminal

Command-line scanner

One command scans your entire project. Works with JavaScript, TypeScript, Python, Ruby, Go, Java, and Swift. Results in seconds.

account_tree

Automated checks in your workflow

Add Halo to your GitHub workflow. Code updates get checked automatically. Problems get flagged before they go live.

code

Editor plugin

See violations highlighted as you write code. Available for VS Code. Fix problems before you even save.

tune

Customizable rules

Choose which regulations apply to you. Set severity levels. Exclude test files. One configuration file controls everything.

Global coverage. One scan.

180 rules across 13 jurisdictions. Updated regularly as regulations evolve.

COPPA 2.0 USA
AADC UK
GDPR-K EU
DSA EU
LGPD Brazil
PIPEDA Canada
Safety by Design Australia
AADCA California
AI Act EU
+ 4 more Global

New regulations added regularly. View full rule library

Why we built Halo

We built Halo because the gap between what the law requires and what engineering teams actually know is the single biggest risk to children online. Not malice. Blind spots.

COPPA was written in 1998. The 2.0 update extends protections to kids under 17, with penalties up to $53,088 per violation per day. Most engineering teams have never read it. Most codebases have never been audited against it.

Halo scans source code the way a regulator would, looking for dark patterns, unauthorized data collection, missing consent flows, and age verification gaps. Teams fix issues before they go live, not after an enforcement action.

Built by Mindful Media in Santa Monica, California 🌴😎

Protecting millions of kids online. For less than movie night.

Start scanning for free. Upgrade when you need more.

Free

Scan and fix

$0

For individual developers who want to ship compliant code.

  • check GitHub sign-in + scan on push
  • check Up to 5 repos
  • check COPPA rules (US)
  • check Basic violations view
  • check CLI + VS Code extension
Start Free
Most Popular

Pro

Full protection

$29/mo

For teams building products children use. Full compliance depth.

  • check Everything in Free, plus:
  • check Unlimited repos
  • check All 180 rules, 13 jurisdictions
  • check Resolution audit trail
  • check AI Review Board
  • check Compliance scoring + reports
  • check Violations grouped by rule

Business

Compliance command center

$99/mo

For compliance teams that need attestation and audit readiness.

  • check Everything in Pro, plus:
  • check Compliance attestation certificates
  • check Recurring scans with drift alerts
  • check Multi-repo workspace
  • check Immutable audit trail
  • check Team collaboration

All plans include the open-source CLI and GitHub Action. Cancel anytime.

Frequently Asked Questions

When does COPPA 2.0 take effect?

expand_more
April 22, 2026. The updated rule extends protections to children under 17 and introduces new requirements around biometric data, push notifications, and ed-tech data use. Penalties are up to $53,088 per violation per day.

Is Halo free?

expand_more
Yes. The free plan includes children's privacy rules for the US, AI false positive filtering, the CLI, and the VS Code extension. Pro ($29/mo) unlocks all 180+ rules across 13 jurisdictions, full reports, and CI/CD integration. Business ($99/mo) adds compliance attestation, recurring scans, and team collaboration.

What does Halo scan for?

expand_more
Children's privacy violations: unauthorized data collection, missing consent flows, tracking SDKs without child-directed flags, age verification gaps, dark patterns, and data retention issues. Halo covers regulations across the US, UK, EU, Australia, and more.

How is Halo different from other code scanning tools?

expand_more
Most code scanning tools look for security vulnerabilities like SQL injection, XSS, and dependency CVEs. Important, but not the same problem. Halo is the only tool that scans source code for children's regulatory compliance: dark patterns, unauthorized data collection, missing consent flows, and age verification gaps. It reads your code the way a regulator would. Complementary to your existing security toolchain, not a replacement.

What languages does Halo support?

expand_more
JavaScript, TypeScript, Python, Ruby, Go, Java, Swift, and more. Halo analyzes code patterns that appear across frameworks and languages, so it works with most modern tech stacks.

Is my source code uploaded to your servers?

expand_more
No. Halo scans run locally on your machine. Only scan results (violation counts, rule IDs, compliance scores) are sent to the dashboard when you choose to upload. Your source code never leaves your environment.

Can I use Halo in my CI/CD pipeline?

expand_more
Yes. The Halo GitHub Action runs compliance checks on every pull request. One YAML block in your workflow file. Non-compliant code gets flagged before it merges. Available on Pro and Business plans.

Ready to protect kids?

Two minutes. Free. Before the FTC finds out for you.

$ npx runhalo scan .
Get Started Free
Talk to an Expert