Add grooming detection, cyberbullying prevention, content moderation, age verification, and full KOSA compliance to your platform in minutes — not months.
Tuteliq is a child safety API and content moderation SDK that detects grooming, bullying, self-harm, fraud, and 17+ other harms across text, voice, image, and video. Built on published criminological research, it provides sub-400ms behavioral threat detection with zero data retention on child content.
API Documentation · Dashboard · Trust Center · Pricing · Free Certification
- Why This Exists
- Quick Start
- Detection Capabilities
- Age Verification and Identity Verification
- KOSA Compliance — All 9 Harm Categories Covered
- Regulatory Compliance
- How Behavioral Detection Differs from Content Classification
- API Response Structure
- Context Parameters
- Integration Examples
- Webhooks
- GDPR and Privacy Endpoints
- Supported Languages
- SDKs and Integrations
- Architecture and Security
- Pricing and Credit System
- Free Certification Program
- The Team Behind the Science
- FAQ
- Resources
- License
- Contributing
302 million children are exploited online every year (Childlight, University of Edinburgh).
In March 2026, a CNN/CCDH investigation proved that 8 out of 10 major AI chatbots helped simulated teenagers plan violent attacks. The same month, a New Mexico jury ordered Meta to pay $375 million for misleading users about child safety.
Meanwhile, new regulations are creating legal obligations for every platform where users communicate:
| Regulation | Region | Key Requirement | Penalty |
|---|---|---|---|
| KOSA (Kids Online Safety Act) | USA | Protect minors across 9 harm categories | FTC enforcement |
| COPPA (Children's Online Privacy Protection Act) | USA | Parental consent, data minimization for under-13 | Up to $50,120 per violation |
| DSA (Digital Services Act) | EU | Risk assessment for minors, proactive detection | Up to 6% of global revenue |
| Online Safety Act | UK | Proactive detection of illegal and harmful content | Up to £18M or 10% of revenue |
| Online Safety Act | Australia | Safety by Design, mandatory industry codes | Up to AUD $782K per violation |
| CCPA/CPRA | California | Enhanced protections for minors' data | $7,500 per intentional violation |
Building in-house detection for even one harm category takes months of ML engineering, training data, and ongoing maintenance. Building for all nine KOSA categories, across text, voice, and images, with age-appropriate calibration?
That's a team-year of work.
Or a single API call.
Sign up at tuteliq.ai/dashboard — free tier includes 1,000 credits/month with access to all endpoints.
# Node.js
npm install @tuteliq/sdk
# Python
pip install tuteliq
# Or use any HTTP client — it's a REST API
curl -X POST https://api.tuteliq.ai/api/v1/safety/grooming \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"content": "message to analyze"}'// Detect grooming patterns in a conversation
import Tuteliq from '@tuteliq/sdk';
const tuteliq = new Tuteliq({ apiKey: 'YOUR_API_KEY' });
const result = await tuteliq.detectGrooming({
messages: [
{ role: 'adult', content: "You're so mature for your age. Don't tell your parents we talk." },
{ role: 'child', content: "Okay, I won't tell anyone." },
{ role: 'adult', content: "Good. This is our special secret. Send me a photo?" }
],
childAge: 13
});
if (result.grooming_risk === 'high' || result.grooming_risk === 'critical') {
console.log('Grooming detected!');
console.log('Flags:', result.flags);
console.log('Action:', result.recommended_action);
}
// Returns: risk level, grooming stage, evidence, recommended actionsTwo authentication methods supported:
# Bearer token
Authorization: Bearer YOUR_API_KEY
# API key header
x-api-key: YOUR_API_KEYAPI keys are SHA-256 hashed server-side and shown only once at creation. Keys are environment-scoped: production, staging, and development (sandbox).
Tuteliq covers 17+ harm categories across text, voice, image, video, and documents.
These threats unfold over time across multiple messages. No single message triggers a keyword filter — the danger is the pattern.
| Endpoint | What It Detects | Credits | Why It Matters |
|---|---|---|---|
/safety/grooming |
Trust-building → isolation → boundary-testing → exploitation | 1 per 10 messages | A groomer never sends an "unsafe" message. The danger is the behavioral sequence. |
/safety/coercive-control |
Isolation, financial control, monitoring, emotional manipulation | 1 | Domestic abuse moves online. Detecting it requires understanding relationship dynamics. |
/safety/radicalisation |
Us-vs-them framing, conspiracy narratives, calls to action | 1 | Radicalization is a behavioral process, not a single extremist post. EU Regulation 2021/784 compliance tagging. |
/fraud/romance-scam |
Love-bombing, financial requests, identity deception | 1 | Romance scams cost victims $1.3B in 2023. The pattern is predictable. |
/fraud/mule-recruitment |
Easy-money offers, bank account sharing, laundering facilitation | 1 | Criminals recruit money mules through chat. The approach follows a script. |
| Endpoint | What It Detects | Credits |
|---|---|---|
/safety/unsafe |
Self-harm, suicide, violence, drugs, explicit material, eating disorders, substance use, CONTAGION sub-category | 1 |
/safety/bullying |
Harassment, ridicule, hate speech, doxxing, PII exposure, identity attacks, coordinated harassment | 1 |
/analysis/emotions |
Depression, anxiety, emotional trends, mental health indicators, crisis detection, compulsive usage | 1 per 10 messages |
/safety/gambling-harm |
Chasing losses, concealment, emotional distress from gambling | 1 |
/safety/vulnerability-exploitation |
Targeting elderly, disabled, financially distressed users | 1 |
/fraud/social-engineering |
Pretexting, urgency fabrication, authority impersonation, phishing | 1 |
/fraud/app-fraud |
Fake investment platforms, phishing apps, subscription traps | 1 |
| Endpoint | Capability | Credits |
|---|---|---|
/safety/voice |
Audio transcription + behavioral analysis of voice messages | 5 |
/safety/image |
Visual classification + OCR for embedded text | 3 |
/safety/video |
Frame extraction + audio analysis + behavioral sequencing | 10 |
Real-time streaming available via WebSocket:
wss://api.tuteliq.ai/api/v1/safety/voice/stream
Analyze PDFs up to 50MB and 100 pages, with per-page detection across 8 harm categories:
| Endpoint | Capability | Credits |
|---|---|---|
/safety/document |
PDF upload, per-page safety analysis, multi-category detection | max(3, pages × endpoints) |
Run up to 10 detectors in a single API call for comprehensive screening:
POST /api/v1/analyse/multi
{
"content": "message to analyze",
"endpoints": ["grooming", "bullying", "unsafe", "social-engineering"],
"age_group": "13-15"
}| Endpoint | Capability | Credits |
|---|---|---|
/reports/generate |
Structured incident reports for compliance, law enforcement, school counselors | 3 |
/guidance/action-plan |
Age-appropriate guidance for children, parents, educators, and moderators | 2 |
Verify user age through document analysis or biometric estimation:
| Method | Description |
|---|---|
| Document analysis | Passport, driving license, national ID, residence permit |
| Biometric estimation | AI-powered age estimation from selfie |
| Combined | Document + biometric cross-validation |
Age brackets: under-10, 10-12, 13-15, 14-17 — 5 credits per verification.
| Feature | Description |
|---|---|
| MRZ validation | Machine-readable zone analysis |
| Tamper analysis | Document authenticity verification |
| Face matching | Document photo vs. selfie comparison |
| Liveness detection | Prevents photo-of-photo, screen replay, masks, deepfakes |
10 credits per verification.
The Kids Online Safety Act requires platforms to protect minors from nine specific categories of harm:
| # | KOSA Category | Tuteliq Endpoint | Status |
|---|---|---|---|
| 1 | Bullying | /safety/bullying |
✅ |
| 2 | Online grooming and sexual exploitation | /safety/grooming |
✅ |
| 3 | Eating disorders | /safety/unsafe |
✅ |
| 4 | Substance use | /safety/unsafe |
✅ |
| 5 | Self-harm and suicide | /safety/unsafe + /analysis/emotions |
✅ |
| 6 | Depression and anxiety | /analysis/emotions |
✅ |
| 7 | Compulsive usage patterns | /analysis/emotions |
✅ |
| 8 | Sexual exploitation and abuse | /safety/grooming + /safety/image |
✅ |
| 9 | Exposure to harmful visual content | /safety/image + /safety/video |
✅ |
One integration. Full KOSA compliance. No ML team required.
Tuteliq helps platforms meet child safety obligations under multiple regulatory frameworks:
| Regulation | Region | How Tuteliq Helps |
|---|---|---|
| KOSA | USA | All 9 harm categories covered with auditable detection |
| COPPA | USA | Age verification, data minimization by design |
| DSA (Digital Services Act) | EU | Proactive detection, risk assessment for minors |
| EU Regulation 2021/784 | EU | Terrorist content detection and compliance tagging |
| Online Safety Act | UK | Proactive detection of illegal and harmful content |
| Online Safety Act | Australia | Safety by Design compliance |
| GDPR | EU | Compliant by architecture — zero data retention, full data subject rights |
| CCPA/CPRA | California | Enhanced minor data protections |
Most safety tools analyze each message in isolation — keyword matching, toxicity scoring, hash-matching against known harmful content databases.
That approach misses the most dangerous threats.
A grooming conversation where every individual message looks innocent will pass every content classifier:
| Week | Message | Content Classifier | Behavioral Detection |
|---|---|---|---|
| 1-2 | "What game do you play? We should team up!" | ✅ Safe | |
| 2-4 | "You can tell me anything. I get you better than your parents." | ✅ Safe | |
| 4-6 | "Don't tell anyone about our conversations, okay?" | ✅ Safe | 🔴 Secrecy — high risk |
| 6+ | Escalation to exploitation | ❌ Too late | 🔴 Detected weeks earlier |
Tuteliq analyzes how conversations evolve over time, informed by criminological research on real-world grooming, coercive control, and manipulation sequences. The models are built by Dr. Nicola Harding, a criminologist at Lancaster University who has documented these behavioral patterns in forensic research.
Tuteliq's 5-stage detection architecture:
- Content ingestion — Language detection via trigram analysis + LLM confirmation
- Parallel classification — Multi-model analysis across 17+ harm categories simultaneously
- Context engine — Evaluates linguistic intent, relationship dynamics, multi-turn escalation
- Age-calibrated scoring — Adjusts severity across 4 age brackets (under-10, 10-12, 13-15, 16-17)
- Response generation — Structured output with flags, severity, evidence, and recommended actions
Every detection endpoint returns a consistent, structured response:
{
"detected": true,
"severity": 8,
"confidence": 94.2,
"risk_score": 0.87,
"level": "high",
"categories": [
{ "tag": "isolation_tactics", "confidence": 96.1 },
{ "tag": "secrecy_enforcement", "confidence": 91.3 }
],
"evidence": [
{
"phrase": "Don't tell your parents we talk",
"tactic": "isolation",
"weight": 0.92
}
],
"age_calibration": {
"age_group": "13-15",
"multiplier": 1.3
},
"recommended_action": "escalate_to_moderator",
"rationale": "Multiple grooming indicators detected...",
"credits_used": 1,
"processing_time_ms": 287
}Enrich detection accuracy by passing contextual information:
| Parameter | Type | Description |
|---|---|---|
age_group |
string | "under-10", "10-12", "13-15", "16-17" |
language |
string | ISO 639-1 code (auto-detected if omitted) |
country |
string | ISO 3166-1 code for regional calibration |
platform |
string | Platform type for context-aware analysis |
conversation_history |
array | [{ "role": "...", "text": "..." }] for multi-turn analysis |
sender_trust |
string | Trust level of the sender |
sender_name |
string | Sender identifier |
external_id |
string | Your platform's user/conversation ID |
customer_id |
string | Your platform's customer ID |
import tuteliq
client = tuteliq.Client(api_key="YOUR_API_KEY")
# Analyze every message in real-time
def on_message(message, user_age, conversation_history):
result = client.analyze(
content=message,
endpoints=["bullying", "unsafe", "grooming"],
context={"age_group": get_age_group(user_age)},
messages=conversation_history # Enables behavioral sequence analysis
)
if result.risk_level == "critical":
alert_moderator(result.report)
notify_parent(result.action_plan)
elif result.risk_level == "high":
flag_for_review(result)# Analyze voice messages for behavioral threats
result = client.analyze_voice(
file_path="voice_message.mp3",
analysis_type="all", # bullying + unsafe + grooming + emotions
child_age=14
)
# Returns: transcription + behavioral analysis + emotional indicators// WebSocket connection for live voice analysis
const ws = new WebSocket('wss://api.tuteliq.ai/api/v1/safety/voice/stream');
ws.onopen = () => {
ws.send(JSON.stringify({
type: 'auth',
api_key: 'YOUR_API_KEY',
age_group: '13-15'
}));
};
// Stream audio chunks for real-time analysis
ws.send(audioChunk);
ws.onmessage = (event) => {
const result = JSON.parse(event.data);
if (result.detected) {
handleThreat(result);
}
};# Run multiple detectors in a single API call
result = client.analyse_multi(
content="message to analyze",
endpoints=["grooming", "bullying", "unsafe", "social-engineering",
"romance-scam", "mule-recruitment"],
age_group="13-15"
)
# Each endpoint returns its own detection result
for endpoint, detection in result.results.items():
if detection.detected:
print(f"{endpoint}: {detection.level} risk")# Bulk analysis with webhook callbacks
job = client.analyze_batch(
messages=pending_messages,
endpoints=["bullying", "unsafe", "grooming", "social-engineering"],
webhook_url="https://yourplatform.com/webhooks/tuteliq"
)Receive real-time notifications when threats are detected:
| Event | Description |
|---|---|
safety.critical |
Critical threat detected — immediate action required |
safety.high |
High-risk content detected |
safety.medium |
Medium-risk content flagged |
batch.completed |
Batch analysis job completed |
batch.failed |
Batch analysis job failed |
voice.alert |
Voice analysis detected a threat |
report.ready |
Incident report generated and ready |
All webhook payloads are signed with HMAC-SHA256. Verify the signature before processing:
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Automatic retries at 30 seconds, 5 minutes, and 30 minutes if your endpoint is unavailable.
# Create a webhook
POST /api/v1/webhooks
# List webhooks
GET /api/v1/webhooks
# Update, delete, test, or rotate secrets
PUT /api/v1/webhooks/{id}
DELETE /api/v1/webhooks/{id}
POST /api/v1/webhooks/{id}/test
POST /api/v1/webhooks/{id}/regenerate-secretFull GDPR data subject rights supported on all tiers:
| Right | Endpoint | Description |
|---|---|---|
| Right to erasure | DELETE /account/data |
Complete data deletion within 1 hour |
| Right to portability | GET /account/data/export |
Export all data as JSON or CSV |
| Right to rectification | PATCH /account/data |
Correct stored personal data |
| Consent management | POST /account/consent |
Record consent with purpose and legal basis |
| Consent withdrawal | DELETE /account/consent |
Withdraw previously given consent |
Access DPA documents, sub-processor lists, and data retention policies at the Trust Center.
| Data Type | Retention Period |
|---|---|
| Analysis results | 90 days |
| Audio content | 24 hours |
| API logs | 30 days |
| Child content | Zero retention (analyzed and discarded) |
27 languages with cultural calibration — grooming tactics in Swedish differ from those in Arabic or Hindi. Each language model reflects real-world manipulation patterns documented in that cultural context.
Stable: English
Beta (26 languages): Spanish, Portuguese, Ukrainian, Swedish, Norwegian, Danish, Finnish, German, French, Dutch, Polish, Italian, Turkish, Romanian, Greek, Czech, Hungarian, Bulgarian, Croatian, Slovak, Lithuanian, Latvian, Estonian, Slovenian, Maltese, Irish
Culture-aware analysis handles local slang, coded vocabulary, and filter evasion techniques specific to each language.
Language is auto-detected — no configuration needed.
| Platform | Install | Status |
|---|---|---|
| Node.js | npm install @tuteliq/sdk |
Stable |
| Python | pip install tuteliq |
Stable |
| Swift | Swift Package Manager | Stable |
| Kotlin | Maven/Gradle | Stable |
| Flutter | pub.dev |
Stable |
| React Native | npm install @tuteliq/react-native |
Stable |
| Unity | Unity Package Manager | Stable |
| .NET | NuGet | Stable |
| Go | go get |
Stable |
| Java | Maven | Stable |
| Ruby | gem install tuteliq |
Stable |
| PHP | Composer | Stable |
| CLI | npm install -g @tuteliq/cli |
Stable |
| Platform | Description |
|---|---|
| Discord | Bot for server-wide child safety moderation |
| Slack | Workspace safety monitoring |
| Telegram | Bot for group and direct message protection |
| Roblox | In-game chat safety for young players |
Tuteliq provides an MCP (Model Context Protocol) server for integration with AI assistants like Claude, enabling AI-powered child safety workflows.
Your Platform → Tuteliq API → Detection Response
↓
Zero Data Retention
(nothing stored after processing)
| Attribute | Detail |
|---|---|
| Latency | Sub-400ms per request |
| Uptime | 99.9% SLA |
| Data retention | Zero retention on child content |
| Encryption in transit | TLS 1.3 |
| Encryption at rest | AES-256 |
| Data residency | US and EU regions available |
| GDPR | Compliant by architecture |
| SOC 2 Type II | Certified |
| ISO 27001 | Certified |
| Access control | Role-based access (RBAC) |
| Audit logging | Full audit trail of all API activity |
| Data training | Never trains on user data |
Every API call consumes credits based on the endpoint complexity:
| Endpoint Type | Credits per Call |
|---|---|
| Text detection (bullying, unsafe, grooming, etc.) | 1 |
| Emotion analysis | 1 per 10 messages |
| Action plan generation | 2 |
| Image analysis | 3 |
| Report generation | 3 |
| Age verification | 5 |
| Voice analysis | 5 |
| Identity verification | 10 |
| Video analysis | 10 |
| Document analysis | max(3, pages × endpoints) |
| Plan | Price | Credits/Month | Rate Limit | Support |
|---|---|---|---|---|
| Starter (Free) | $0 | 1,000 | 60 req/min | Community |
| Indie | $29/mo | 10,000 | 300 req/min | |
| Pro | $99/mo | 50,000 | 1,000 req/min | Priority |
| Business | $349/mo | 200,000 | 5,000 req/min | Dedicated + SLA |
| Enterprise | Custom | Custom | 10,000 req/min | 24/7 |
Sandbox environment available for development — 10 req/min, 50 req/day, no credit consumption.
Start free at tuteliq.ai/dashboard.
Tuteliq offers a free online safety certification at tuteliq.ai/certify with three tracks:
| Track | Audience | Duration | Assessment |
|---|---|---|---|
| Parents & Caregivers | Adults responsible for children's online safety | ~90 min (6 modules) | 20-question quiz |
| Young People | Ages 10-16 | ~60 min (5 modules) | 15-question quiz |
| Companies & Platforms | Developers, compliance teams, platform operators | ~120 min (6 modules) | 25-question quiz (covers KOSA, DSA, OSA) |
Tuteliq's detection models are not generic ML classifiers. They are informed by published criminological research:
- Dr. Nicola Harding — Criminologist, Lancaster University. Research on grooming, coercive control, and behavioral manipulation in digital communications.
- Prof. Sarah Kingston — Professor of Criminology, University of Central Lancashire. Seconded as Research Lead to Lancashire Constabulary. Research on fraud, money mules, sexual offences, and child exploitation.
The technology encodes real forensic patterns — not keyword lists.
A child safety API is a programmatic interface that allows platform developers to integrate automated detection of online threats to children — including grooming, cyberbullying, self-harm, and predatory behavior — directly into their applications. Tuteliq's child safety API analyzes text, voice, image, and video content using behavioral detection models informed by criminological research.
Unlike content classifiers that analyze individual messages, Tuteliq's grooming detection analyzes conversation patterns over time. It identifies the behavioral stages of grooming — contact initiation, trust-building, isolation, desensitization, and exploitation — based on forensic research into real-world predatory behavior. No single message needs to contain explicit content for the system to detect the pattern.
Yes. Tuteliq covers all 9 harm categories required by the Kids Online Safety Act: bullying, grooming, eating disorders, substance use, self-harm/suicide, depression/anxiety, compulsive usage, sexual exploitation, and harmful visual content. Each category maps to specific API endpoints that can be integrated in a single implementation.
No. Tuteliq operates on a zero data retention architecture for child content. Messages are analyzed in real-time and discarded immediately after processing. Analysis results are retained for 90 days for platform reporting purposes, and audio content is retained for only 24 hours. Tuteliq never trains on user data.
Tuteliq supports 27 languages with culture-aware analysis. Language is auto-detected with no configuration needed. Each language model accounts for local slang, coded vocabulary, and culturally-specific manipulation tactics.
Tuteliq delivers detection results in sub-400ms per request, making it suitable for real-time chat moderation. Real-time voice analysis is available via WebSocket streaming.
Yes. Tuteliq offers age verification (document analysis and biometric estimation) and identity verification (MRZ validation, face matching, liveness detection) in beta. Age verification is available on Pro tier and above.
Tuteliq uses a credit-based pricing model. Each API call consumes credits based on endpoint complexity (1 credit for text analysis, 5 for voice, 10 for video, etc.). The free Starter tier includes 1,000 credits/month with access to all endpoints. A sandbox environment is available for development with no credit consumption.
Tuteliq helps platforms comply with KOSA, COPPA, EU Digital Services Act, EU Regulation 2021/784 (terrorist content), UK Online Safety Act, Australian Online Safety Act, GDPR, and CCPA/CPRA. The API includes built-in GDPR data subject rights endpoints.
Yes. The /analyse/multi endpoint lets you run up to 10 detectors in a single API call, covering behavioral threats, content safety, and fraud detection simultaneously.
- API Documentation: docs.tuteliq.ai
- Trust Center: trust.tuteliq.ai
- Dashboard: tuteliq.ai/dashboard
- Pricing: tuteliq.ai/pricing
- Certification: tuteliq.ai/certify
- Website: tuteliq.ai
- SDKs: Node.js, Python, Go, Java, Ruby, PHP, Swift, Kotlin, Flutter, React Native, Unity, .NET, CLI
- Integrations: Discord, Slack, Telegram, Roblox, MCP Server
- Status: status.tuteliq.ai
This guide is MIT licensed. The Tuteliq API is a commercial product — see tuteliq.ai/pricing for details.
Found an issue with this guide? Want to add an integration example? PRs welcome.
If you're building a platform where children interact online and want to discuss implementation, reach out: gabriel.sabadin@tuteliq.ai
Every child deserves to just be a child. Happy and safe.
tuteliq.ai · Sweden