COPPA 2.0 takes effect April 22, 2026 — penalties up to $53,088 per violation per day.

Your code reaches millions of kids.
Is it designed to protect them?

Halo scans your codebase for dark patterns, data collection risks, and COPPA 2.0 violations — so you can ship products that protect kids by design.

Security tools find vulnerabilities. Halo finds harm. 160 rules across 16 regulatory frameworks. AST-aware. AI-powered.

terminal
Copied!
Free & Open Source | 25 COPPA rules | View on GitHub
npx runhalo scan .
halo v0.6.0 — COPPA Risk Scanner
Scanning 847 files...
 
HIGH coppa-audio-007 src/lib/audio-recorder.js:26
Unauthorized Audio Recording: getUserMedia({audio: true})
Penalty: $53,088 per violation per child
MED coppa-ext-017 src/components/header.jsx:70
Unwarned External Links: Missing "You are leaving..." modal
MED coppa-ui-008 src/pages/signup.tsx:42
Missing Privacy Policy on Registration Form
───────────────────────────────────────────
3 potential issues found across 847 files
1 high · 2 medium · 0 low
100
Repos scanned
3,569
Violations found
160
Compliance rules
16
Regulatory packs

What Halo Does

Static analysis, AI-powered review, and compliance tracking — in one CLI.

Scan

Static analysis with AST-aware intelligence. Halo understands your code's context, traces data flows, and recognizes framework-specific patterns. Next.js, Django, and Rails profiles built in.

Review

AI-powered compliance review by the Halo Review Board. Every violation is assessed with clinical evidence from peer-reviewed developmental psychology research. True positives confirmed. False positives suppressed.

Track

Compliance posture scoring from A+ to F. Track your grade over time. Get regression alerts when new violations appear. Generate PDF compliance reports for audits and board presentations.

16 packs. 160 rules. The regulations that matter.

Pack Rules Jurisdiction
COPPA 2.0 25 US Federal
UK Age Appropriate Design Code 15 United Kingdom
EU Digital Services Act 10 European Union
California AADCA 15 US State
Australia Online Safety Act 12 AU Federal
Australia Safety by Design 6 AU Federal
Utah SB142 5 US State
AI-Generated Code Audit 6 International
Ethical Design Standards 5 International
EU AI Act (Children) 15 European Union

New packs ship regularly. Custom rule development available for Enterprise.

We scanned 100 repos. Here's what we found.

100 public repositories. 1.5M+ combined GitHub stars. Apps and platforms that children use every day.

3,569 violations. Average: 35+ per repo.

Top violation categories

Data collection without consent 31%
Dark patterns & manipulative design 24%
Missing age verification 18%
Behavioral tracking 15%
Retention & deletion gaps 8%
Missing parental controls 4%

Theoretical penalty exposure across all 100 repos: $189M per day.

How It Works

Three steps. No signup. No config.

1

Run the scan

npx runhalo scan .

No signup. No config. Results in under two minutes.

2

Review findings

Every finding includes the regulation cited, severity level, developmental context, and a fix suggestion. AST-aware analysis suppresses false positives automatically.

3

Ship with confidence

Add Halo to your CI/CD pipeline. GitHub Action runs on every PR. VS Code extension flags issues in real time. Compliance tracking keeps your grade current.

Built for engineers, not lawyers.

CLI

npx runhalo scan . in any directory. Supports JS, TS, Python, Ruby, Go, Java, Swift.

GitHub Action

One YAML block. Compliance checks on every PR before merge.

VS Code Extension

Real-time scanning with AST intelligence. Version 0.4.2 on the marketplace.

AI Review Board

--review-board flag for AI-powered violation assessment with clinical evidence citations.

.halorc.json

Configure framework profiles, pack selection, severity thresholds, and ignore paths.

Reports

JSON, SARIF, HTML, and PDF output. Enterprise-grade compliance documentation.

Simple, Transparent Pricing

Start scanning for free. Upgrade when your team needs more.

Free

$0 /forever

For individual developers and open source projects.

  • 5 scans per day
  • 25 COPPA 2.0 rules
  • CLI + VS Code extension
  • GitHub Action
  • Text + JSON output
  • Summary PDF report
Get Started

Pro

$29 /month

For teams building products children use.

  • Unlimited scans
  • All 160 rules, 16 packs
  • AI Review Board
  • AST structural analysis
  • A+ to F compliance scoring
  • PDF + SARIF + HTML output
  • Regression alerts
Most Popular

Business

$99 /month

For teams that need compliance attestation and audit readiness.

  • Everything in Pro
  • Compliance attestation PDF
  • Recurring scans + drift alerts
  • Multi-repo workspace, up to 10 repos
  • Immutable audit trail
  • Enforcement intelligence feed
  • Role-based views

Enterprise

Custom

For regulated industries, government, and large teams.

  • Everything in Business
  • Custom rule development
  • Unlimited repos + seats
  • SLA + dedicated support
  • Dedicated onboarding
  • API access
  • Custom output formats
Contact Us

All plans include the open-source CLI. Cancel anytime.

Why We Built Halo

Children spend more time inside software than they do in classrooms. The apps they use every day — learning platforms, games, social feeds — are built by engineers who rarely see the regulatory landscape they're shipping into.

We built Halo because we believe the gap between what the law requires and what engineering teams actually know is the single biggest risk to children online. Not malice. Blind spots.

COPPA was written in 1998. The 2.0 update extends protections to kids under 17, with penalties up to $53,088 per violation per day. Most engineering teams have never read it. Most codebases have never been audited against it.

Halo is preventive mental health infrastructure at the code level. We scan source code the way a regulator would — looking for dark patterns, unauthorized data collection, missing consent flows, and age verification gaps — so teams can fix issues before they ship, not after an enforcement action.

Built by Mindful Media in Santa Monica, California. Open source core. Mission-driven.

FAQ

When does COPPA 2.0 take effect?
April 22, 2026. The age threshold is extended to under 17. Penalties up to $53,088 per violation per day.
Is Halo free?
Yes. 5 scans per day with 25 COPPA rules, completely free. Pro ($29/mo) unlocks all 160 rules, AI Review Board, and compliance scoring. Business ($99/mo) adds compliance attestation PDFs, recurring scans, drift alerts, and audit trail.
What does Halo scan for?
COPPA violations, dark patterns, data collection risks, missing consent flows, tracking, age verification gaps, retention issues, and ethical design concerns — across 10 regulatory frameworks covering US, UK, EU, and Australian law.
How is Halo different from other code scanning tools?
Most code scanning tools look for security vulnerabilities — SQL injection, XSS, dependency CVEs. Important, but not the same problem. Halo is the only tool that scans source code for children's regulatory compliance: dark patterns, unauthorized data collection, missing consent flows, age verification gaps. It reads your code the way a regulator would. Complementary to your existing security toolchain, not a replacement.
What frameworks does Halo support?
JS, TS, Python, Ruby, Go, Java, Swift. Built-in profiles for Next.js, Django, and Rails.
What is the AI Review Board?
A Pro feature. Each violation is assessed by an AI review agent with clinical evidence from peer-reviewed developmental psychology research. Confirms true positives. Suppresses false positives.

Find out where you stand.

Two minutes. Free. Before the FTC finds out for you.

Stay updated on new rule packs, regulatory frameworks, and product updates.