COPPA 2.0 takes effect April 22, 2026. Penalties up to $53,088 per violation per day.

Your code reaches millions of kids. Is it designed to protect them?

bash — 80x24
$ npx runhalo scan .
Copied!
halo v1.2.1 COPPA Risk Scanner
Scanning 847 files...
 
HIGH coppa-audio-007 src/lib/audio-recorder.js:26
Unauthorized Audio Recording: getUserMedia({audio: true})
Penalty: $53,088 per violation per child
MED coppa-ext-017 src/components/header.jsx:70
Unwarned External Links: Missing "You are leaving..." modal
MED coppa-ui-008 src/pages/signup.tsx:42
Missing Privacy Policy on Registration Form
-------------------------------------------
3 potential issues found across 847 files
1 high · 2 medium · 0 low

Free & Open Source | 25 COPPA rules | View on GitHub

100+ Repos Scanned
3,500+ Violations Found
180 Compliance Rules
17 Regulatory Packs

We scanned the top 100 child-directed apps. The results are alarming.

3,569

Direct violations of existing and upcoming COPPA 2.0 standards found across open-source and public mobile codebases.

$189M per day

Potential statutory penalties based on the FTC's maximum per-violation rate applied to active user cohorts.

Data collection 31%
Dark patterns 24%
Age verification 18%
Tracking 15%
Retention 8%
Parental controls 4%

How It Works

1

Run the scan

npx runhalo scan . — No signup. No config. Results in under two minutes.

2

Review findings

Every finding includes the regulation cited, severity level, developmental context, and a fix suggestion.

3

Ship with confidence

Add Halo to your CI/CD pipeline. GitHub Action runs on every PR.

Built for Engineers, Not Lawyers

Static analysis, AI-powered review, and compliance tracking. One CLI.

terminal

CLI Engine

Lightweight, fast, and local-first compliance scanning. AST-aware intelligence with Next.js, Django, and Rails profiles built in.

account_tree

GitHub Action

Automate compliance checks on every Pull Request. Block non-compliant code before it ships.

data_object

VS Code Extension

Real-time linting for privacy. See violations as you type code.

psychology

AI Review Board

Each violation assessed by an AI review agent with clinical evidence from peer-reviewed developmental psychology research. True positives confirmed. False positives suppressed.

settings

.halorc.json

Configure your jurisdiction, exclusion list, and custom company rules. Full control over scan behavior.

description

Compliance Reports

Clean, board-ready PDFs to demonstrate due diligence. A+ to F compliance scoring. SARIF + HTML + JSON output.

17 packs. 180 rules. The regulations that matter.

Updated weekly by our legal engineering team. One scan, global certainty.

USA
COPPA 2.0

25 rules

UK
AADC (Code)

15 rules

EU
EU DSA

10 rules

California
AADCA

15 rules

Australia
Online Safety

12 rules

Australia
Safety by Design

6 rules

Canada
PIPEDA

8 rules

Brazil
LGPD Child

6 rules

USA
Utah SB142

5 rules

EU
EU AI Act

15 rules

EU
GDPR-K

10 rules

INT'L
AI Code Audit

6 rules

INT'L
Ethical Design

5 rules

INT'L
Dark Patterns

12 rules

INT'L
Consent Flows

10 rules

INT'L
Data Retention

8 rules

Global
Age Verification

12 rules

New packs ship regularly. Custom rule development available for Enterprise.

Why we built Halo

For too long, there has been a profound gap between the law and engineering. Legal teams write 50-page privacy policies, while engineers write code to ship features. Neither side fully speaks the other's language.

When COPPA 2.0 was announced, we realized that the manual "auditing" process was broken. You can't audit compliance with a spreadsheet in a world of continuous deployment. You need code that understands the law.

Halo was built to be that bridge — a translation layer that turns legal mandates into executable linting rules. We believe that privacy shouldn't be a hurdle to innovation, but a fundamental property of the build process.

Simple, transparent pricing

Start scanning for free. Upgrade when your team needs more.

Free

$0

For individual developers and open source projects.

  • check 5 scans per day
  • check 25 COPPA 2.0 rules
  • check CLI + VS Code extension
  • check GitHub Action
  • check Text + JSON output
Get Started
Popular

Pro

$29/mo

For teams building products children use.

  • check Unlimited scans
  • check All 180 rules, 17 packs
  • check AI Review Board
  • check AST structural analysis
  • check A+ to F compliance scoring
  • check PDF + SARIF + HTML output

Business

$99/mo

For teams that need compliance attestation and audit readiness.

  • check Everything in Pro
  • check Compliance attestation
  • check Recurring scans + drift alerts
  • check Multi-repo workspace (10 repos)
  • check Immutable audit trail

Enterprise

Custom

For regulated industries, government, and large teams.

  • check Everything in Business
  • check Custom rule development
  • check Unlimited repos + seats
  • check SLA + dedicated support
  • check API access
Contact Sales

All plans include the open-source CLI. Cancel anytime.

Frequently Asked Questions

When does COPPA 2.0 take effect?

expand_more
April 22, 2026. The age threshold is extended to under 17. Penalties up to $53,088 per violation per day.

Is Halo free?

expand_more
Yes. 5 scans per day with 25 COPPA rules, completely free. Pro ($29/mo) unlocks all 180 rules, AI Review Board, and compliance scoring. Business ($99/mo) adds compliance attestation PDFs, recurring scans, drift alerts, and audit trail.

What does Halo scan for?

expand_more
COPPA violations, dark patterns, data collection risks, missing consent flows, tracking, age verification gaps, retention issues, and ethical design concerns. Covers 10 regulatory frameworks across US, UK, EU, and Australian law.

How is Halo different from other code scanning tools?

expand_more
Most code scanning tools look for security vulnerabilities like SQL injection, XSS, and dependency CVEs. Halo is the only tool that scans source code for children's regulatory compliance: dark patterns, unauthorized data collection, missing consent flows, and age verification gaps. Complementary to your existing security toolchain, not a replacement.

What frameworks does Halo support?

expand_more
JS, TS, Python, Ruby, Go, Java, Swift. Built-in profiles for Next.js, Django, and Rails.

What is the AI Review Board?

expand_more
A Pro feature. Each violation is assessed by an AI review agent with clinical evidence from peer-reviewed developmental psychology research. Confirms true positives. Suppresses false positives.

Ready to protect kids?

Two minutes. Free. Before the FTC finds out for you.

$ npx runhalo scan .
Get Started Free
Talk to an Expert