WebsiteCategorizationAPI
Home
Demo Tools - Categorization
Website Categorization Text Classification URL Database Taxonomy Mapper
Demo Tools - Website Intel
Technology Detector Quality Score Competitor Finder
Demo Tools - Brand Safety
Brand Safety Checker Brand Suitability Quality Checker
Demo Tools - Content
Sentiment Analyzer Context Aware Ads
Resources
API Documentation Pricing Login
Try Categorization

Compliance Monitoring at Portfolio Scale

Ad platforms, agencies, affiliate networks and fintechs are accountable for thousands of partner and publisher sites they do not control. Replace point-in-time manual audits with continuous, automated scanning: COPPA risk scoring for children's-privacy exposure, category-based detection of gambling, alcohol and pharma placements, and MFA screening for media-spend compliance — re-scored on a schedule, with diffs.

5
COPPA sub-scores behind every risk verdict
0–100
risk score across four audit-ready tiers
102M
domains for portfolio-wide screening
1
nightly job replaces the annual audit
Try the COPPA Demo Request a Sample Audit API Documentation

The problem: your regulatory surface is other people's websites

A compliance team can control its own privacy policy. It cannot control the 5,000 publishers in the network, the affiliates bidding on its brand terms, or the sites a DSP quietly added to a deal last week. Yet COPPA liability, restricted-vertical placement rules and client media policies all attach to exactly those third-party pages — and the pages change without notice.

COPPA exposure hides in the mid-tail

Serving behavioral ads or dropping tracking identifiers on a child-directed site is a federal violation with per-violation penalties. The risky inventory is rarely the obvious kids' brand — it is the games portal nobody flagged as child-directed.

Restricted verticals leak in

Gambling, alcohol and pharmaceutical content carry jurisdiction-specific placement rules. A publisher that pivots to casino affiliate content mid-contract puts every advertiser on the page out of policy — and nobody re-reviewed the site since onboarding.

Point-in-time audits go stale

The annual manual review documents what a site looked like on one afternoon. Trackers get added, privacy policies get replaced, ownership changes. A finding that is eleven months old is not evidence of compliance — it is evidence you were not looking.

Media spend has its own rules

Client contracts and internal standards increasingly ban Made-for-Advertising inventory outright. Proving spend stayed off MFA — continuously, not just in the RFP deck — requires scoring placements, not trusting labels.

The solution: continuous scanning on four automated checks

Each check is an API call against a URL you are accountable for. Together they turn the partner list into a monitored portfolio with a defensible paper trail.

COPPA risk scoring

COPPA compliance scoring renders the live site and returns a 0–100 risk score built from five sub-scores: child-directed content, personal data collection, tracking identifiers, absent privacy controls, and content appropriateness — each with named signals you can hand to counsel. POST /api/coppa/score.php.

Restricted-vertical detection

The IAB taxonomy and the web-filtering taxonomy surface gambling, alcohol and pharma content by classification, not keyword guesswork — one POST /api/iab/iab_web_content_filtering.php per URL, with confidence scores that set your escalation threshold.

MFA screening for media spend

MFA detection (POST /api/mfa/score.php) scores placements 0–100 for Made-for-Advertising risk with every signal exposed, so "no MFA inventory" clauses become checkable line items in the placement report rather than assurances.

Scheduled re-scoring & diffing

Because every check is an API call, monitoring is a cron job: re-score the portfolio nightly or weekly, diff against the stored baseline, and alert only on change — a new tracker on a child-directed site, a category flip into Gambling. Pre-screen at onboarding with the 102M-domain database and quality scores.

What a COPPA finding actually looks like

A real (trimmed) response for a children's games site. The headline number matters less than the decomposition: the site is unambiguously child-directed and runs a programmatic ad stack, while its privacy policy never mentions COPPA — a specific, actionable gap.

Response — POST /api/coppa/score.php
{
  "url": "https://www.abcya.com",
  "coppa_risk_score": 47,
  "risk_level": "MEDIUM",
  "sub_scores": {
    "child_directed_content": { "score": 14, "max": 20,
      "signals": ["llm_child_directed_score: 1.00",
                  "vocabulary_level: elementary"] },
    "personal_data_collection": { "score": 2, "max": 20,
      "signals": ["account_creation: signup_cta_detected"] },
    "tracking_identifiers": { "score": 14, "max": 20,
      "signals": ["ad_tracking_scripts: 4 detected (Google Ad
                   Manager / DoubleClick, Google AdSense,
                   Prebid.js, Google Analytics / gtag)",
                  "third_party_tracking_domains: 5"] },
    "privacy_controls_absent": { "score": 17, "max": 20,
      "signals": ["privacy_policy: found_no_coppa_mention",
                  "age_gate: not_detected",
                  "parental_consent: not_detected"] },
    "content_appropriateness": { "score": 0, "max": 20,
      "signals": ["toxic: 0.09", "sexual: 0.00"] }
  },
  "classification": { "is_child_directed": true,
                      "confidence": 1.0 },
  "status": 200
}
The nightly sweep (Python)
BASE = "https://www.websitecategorizationapi.com"
RESTRICTED = {"Gambling", "Alcohol", "Pharmaceuticals"}

for domain in load_portfolio():          # partners, affiliates
    url = f"https://{domain}"

    iab = post(f"{BASE}/api/iab/iab_web_content_filtering.php",
               {"query": url, "api_key": KEY, "data_type": "url"})
    cats = {c["category"] for c in iab["classification"]
            if c["confidence"] >= 0.60}
    if cats & RESTRICTED:
        open_finding(domain, "restricted-vertical", cats)

    coppa = post(f"{BASE}/api/coppa/score.php",
                 {"query": url, "api_key": KEY})
    if coppa["risk_level"] in ("HIGH", "CRITICAL"):
        open_finding(domain, "coppa", coppa["sub_scores"])
    diff_vs_baseline(domain, coppa)      # alert only on change

    mfa = post(f"{BASE}/api/mfa/score.php",
               {"query": url, "api_key": KEY})
    if mfa["mfa_score"] >= 66:           # HIGH tier
        open_finding(domain, "mfa", mfa["mfa_risk"])

The diff step is what makes this monitoring rather than auditing: yesterday's response is the baseline, and a tracking sub-score jumping from 5 to 14 on a child-directed site pages someone today — not at next year's review.

COPPA risk tiers

Thresholds are returned with every response, so the report your regulator or client sees uses the same scale your automation enforces:

ScoreTierReadingTypical action
0–30LOWNo material COPPA risk profileMonitor on schedule
31–55MEDIUMChild-directed with gaps (e.g. tracking, no COPPA policy)Remediation request to partner
56–80HIGHMultiple failing sub-scores on a child-directed sitePause child-directed monetization
81–100CRITICALSevere, compounding violationsSuspend and escalate to counsel

Note how the example above lands: a well-known educational games site scores MEDIUM — not because the content is unsafe, but because four ad-tracking scripts run on a site the classifier marks child-directed with confidence 1.0, and the privacy policy is silent on COPPA. That nuance is what a keyword scan can never produce and what an auditor can act on.

Frequently asked

Is the COPPA score a legal determination?

No — it is evidence, structured the way counsel needs it. Each of the five sub-scores lists the concrete signals behind it (which trackers, which policy language, which form fields), so your legal team decides with facts rather than screenshots. See the COPPA compliance feature for the full methodology.

How often should a portfolio be re-scored?

Nightly for active publisher and affiliate relationships, weekly for the long tail. Because you diff against a baseline and alert only on change, the review workload tracks how much the portfolio actually changed — not its size.

Can we screen a large portfolio before paying for per-URL scans?

Yes. Run the partner list against the 102M-domain database first to segment by category offline, then aim the per-URL COPPA and MFA scans at the segments that matter — children's content, restricted verticals, and monetized publishers.

Related resources

Audit a slice of your portfolio

Send us fifty partner or publisher domains and get back a scored compliance report — COPPA risk with sub-scores, restricted-vertical flags and MFA tiers — in the format your nightly job would produce.

Try the COPPA Demo Request a Sample Read the API Docs
Stay in the loop

You are on the list!

We will send you updates that matter — no spam.