Skip to main content

v1.5.0 — March 2026

Document Analysis

  • POST /v1/safety/document — Upload a PDF (max 50 MB, 100 pages) for multi-endpoint safety analysis with per-page detection results
  • Supports 8 detection endpoints: unsafe, bullying, grooming, social-engineering, coercive-control, radicalisation, romance-scam, mule-recruitment
  • SHA-256 document hashing for chain-of-custody verification in compliance audits
  • Zero-retention processing — no document data stored after response
  • Bounded concurrency (3 pages at a time) with text chunking for long pages

Dynamic Credit Pricing for Documents

  • Document analysis uses per-page, per-endpoint pricing: max(3, pages_analyzed × endpoint_count)
  • Each page-endpoint combination costs 1 credit, matching text detection endpoint costs
  • Minimum charge of 3 credits covers extraction overhead
  • Examples: 5 pages × 3 endpoints = 15 credits; 20 pages × 8 endpoints = 160 credits

Model Refinements

  • TCO Regulation classification — Radicalisation responses now include EU Regulation 2021/784 Art. 2(7) content classification
  • Self-harm CONTAGION sub-category — Detects suicide pacts, method sharing, cluster effects, and gateway escalation
  • PII/Doxxing detection — New PII_DOXXING category for doxxing threats and digital footprint weaponisation
  • Legacy response normalization — Bullying, grooming, and unsafe endpoints now include a normalized block with a unified response shape matching newer endpoints

v1.4.4 — March 2026

New Features

  • country context field — Pass an ISO 3166-1 alpha-2 country code (e.g., "GB", "US", "SE") in the context object to receive geo-localised crisis helpline data in detection responses. Falls back to user profile country if omitted.
  • Improved action escalation for minors — All detection endpoints now enforce a minimum flag_for_review action when harm is detected and the subject is a minor. Criminal indicators (SEXTORTION, TRAFFICKING, CSAM, DEBT_BONDAGE, FORCED_CRIMINALITY, HONOUR_ESCALATION) targeting minors automatically escalate to immediate_intervention.
  • Graduated risk scoring — Risk scores now use the full 0.0–1.0 range with graduated bands instead of clustering around a single value.
  • Evidence tactic normalization — Evidence tactic fields are now always returned in SCREAMING_SNAKE_CASE format (e.g., "EMOTIONAL_MANIPULATION" instead of "Emotional Manipulation").

SDK Releases

  • @tuteliq/sdk v2.5.0 — adds country context field, graduated risk scoring, tactic normalization
  • @tuteliq/mcp v3.7.0 — adds country context field, minor action escalation, tactic normalization

v1.4.3 — March 2026

Bug Fixes & Improvements

  • support_threshold now works correctly across all 11 detection endpoints — setting "critical" correctly suppresses crisis helplines for High severity results. Previously the parameter was accepted without error but had no effect on the response.
  • sender_trust: "verified" fully suppresses AUTH_IMPERSONATION — verified senders no longer trigger impersonation detection. Routine urgency (schedules, deadlines, appointments) is also suppressed. Only genuinely malicious elements (credential theft, phishing links, financial demands) will flag a verified sender.
  • Empty categories field in detect_unsafe fixed — stronger prompt enforcement and code-level fallback extraction ensure the categories array is populated when the rationale references specific harms.
  • MCP session recovery — stale MCP sessions (after Cloud Run deployment or instance recycling) now recover transparently without requiring the client to reconnect.

Documentation

  • Added support_threshold behaviour reference to API docs, Node SDK, and MCP README
  • Added sender_trust effect on scoring to all documentation
  • Added analyse_multi accepted endpoint values to MCP README and API docs
  • Added complete context field reference across all packages

SDK Releases

  • @tuteliq/sdk v2.4.0 — adds confidence to AnalyzeResult, optional risk_level to UnsafeResult
  • @tuteliq/mcp v3.5.0 — wires support_threshold through all detection MCP tools, shows confidence and support in analyze tool

v1.4.2 — March 2026

Full EU Language Coverage

  • Added 13 new languages: Romanian (ro), Greek (el), Czech (cs), Hungarian (hu), Bulgarian (bg), Croatian (hr), Slovak (sk), Lithuanian (lt), Latvian (lv), Estonian (et), Slovenian (sl), Maltese (mt), Irish (ga)
  • Tuteliq now supports 27 languages — all 24 EU official languages + Ukrainian, Norwegian, and Turkish
  • Enhanced all language entries with grooming indicators, self-harm coded vocabulary, filter evasion techniques, and youth slang coverage
  • All new languages are in Beta status

v1.4.1 — March 2026

Language Support Expansion

  • Added 4 new languages: Dutch (nl), Polish (pl), Italian (it), Turkish (tr)
  • Tuteliq now supports 14 languages with auto-detection and culture-aware analysis
  • Each language includes culturally-specific safety guidelines, slur databases, and prompt calibration
  • All new languages are in Beta status

v1.4.0 — March 2026

Age Verification (Beta)

  • POST /v1/verification/age — verify user age through document analysis and biometric age estimation
  • Supports government-issued ID documents (passport, driving licence, national ID)
  • Biometric age estimation from selfie photo
  • Returns verified, estimated_age, age_range, confidence, and document_type
  • 5 credits per verification
  • Available on Pro tier and above

Identity Verification (Beta)

  • POST /v1/verification/identity — confirm user identity with document verification and liveness detection
  • Document authenticity checks (MRZ validation, hologram detection, tamper analysis)
  • Liveness detection to prevent spoofing (photo-of-photo, screen replay, mask attacks)
  • Face matching between document photo and selfie
  • Returns verified, match_score, liveness_passed, document_authenticated, and flags
  • 10 credits per verification
  • Available on Business tier and above

Tier Access

  • Age Verification requires Pro tier ($99/mo) or above
  • Identity Verification requires Business tier ($349/mo) or above
  • Both features are in Beta — endpoints and response schemas may evolve

v1.3.0 — February 2026

Fraud Detection Endpoints

  • POST /v1/fraud/social-engineering — detect social engineering tactics: pretexting, impersonation, urgency manipulation, authority exploitation
  • POST /v1/fraud/app-fraud — identify fraudulent app promotion, fake reviews, malicious download links, and clone app distribution
  • POST /v1/fraud/romance-scam — detect romance scam patterns: love-bombing, financial requests, identity fabrication, isolation tactics
  • POST /v1/fraud/mule-recruitment — flag money mule recruitment: easy money offers, account sharing requests, laundering language

Safety Extended Endpoints

  • POST /v1/safety/gambling-harm — detect gambling harm: underage gambling promotion, addiction patterns, predatory odds, bet pressure
  • POST /v1/safety/coercive-control — identify coercive control: isolation tactics, financial control, monitoring/surveillance, threat patterns
  • POST /v1/safety/vulnerability-exploitation — detect exploitation of vulnerable individuals with cross-endpoint vulnerability modifier and vulnerability profile scoring
  • POST /v1/safety/radicalisation — flag radicalisation indicators: extremist rhetoric, us-vs-them framing, recruitment patterns, dehumanisation

Multi-Endpoint Analysis

  • POST /v1/analyse/multi — fan-out a single text to up to 10 detection endpoints in parallel
  • Automatic vulnerability modifier: when vulnerability-exploitation is included, its cross-endpoint modifier adjusts severity scores across all other results
  • Aggregated response with summary.highest_severity, summary.total_credits_used, and per-endpoint breakdown
  • Supports both legacy (bullying, grooming, unsafe) and new detection endpoints

SDK & Tool Support

  • All new endpoints available across all SDKs: Node.js, Python, Swift, Kotlin, Flutter, React Native, .NET, Unity
  • CLI — new detect social-engineering, detect app-fraud, detect romance-scam, detect mule-recruitment, detect gambling-harm, detect coercive-control, detect vulnerability-exploitation, detect radicalisation, and detect multi commands
  • MCP Server — 10 new tools for fraud, extended safety, multi-endpoint analysis, and video analysis

Tier Access

  • New endpoints require Indie tier or above (Starter tier retains access to bullying, grooming, and unsafe only)
  • All new endpoints cost 1 credit per call; multi-endpoint costs the sum of individual endpoints

v1.2.0 — February 2026

Video Analysis

  • POST /v1/safety/video — upload a video file (mp4, webm, quicktime, avi — max 100MB, 10 min) and receive per-frame vision analysis with flagged timestamps
  • Frame extraction powered by ffmpeg with configurable max_frames (default 10, max 20)
  • Aggregated overall_risk_score and overall_severity across all frames
  • Automatic incident recording and webhook alerts for flagged videos
  • 10 credits per video analysis

Video Streaming

  • WebSocket voice streaming now supports video frames alongside audio
  • Send video frames as binary with a 0x01 prefix byte; audio uses 0x00 or no prefix (backward compatible)
  • New frame_analysis server event with per-frame vision results
  • New config options: enable_video, frame_interval_seconds (min 3s, default 5s)
  • session_summary event now includes video_frames_analyzed count
  • 3 credits per video frame analysis

Voice Streaming Enhancements

  • Updated authentication: ?api_key= query param or Authorization: Bearer header
  • Tier-based connection limits (1 for Starter, up to unlimited for Enterprise)
  • Subscription-aware credit tracking per flush
  • Heartbeat ping/pong every 30 seconds for stale connection detection

v1.1.0 — February 2026

Multilingual Support

  • 27 languages supported — English (stable), all 24 EU official languages + Ukrainian, Norwegian, Turkish (beta)
  • Layered auto-detection — Trigram analysis (franc) confirmed by LLM-based detection for maximum reliability
  • Culture-aware analysis — Language-specific guidelines for local slang, idioms, and harmful terms injected into classification prompts
  • All safety endpoints now return language, language_status, and detected_language fields in responses
  • No explicit language parameter required — detection is fully automatic

v1.0.0 — February 2026

Initial public release of the Tuteliq API.

Safety Endpoints

  • POST /v1/safety/unsafe — detect harmful content across all nine KOSA categories
  • POST /v1/safety/bullying — dedicated bullying and harassment detection
  • POST /v1/safety/grooming — conversation-level grooming pattern analysis
  • POST /v1/safety/voice — audio file transcription and safety analysis
  • POST /v1/safety/image — image analysis for visual content risks

Analysis & Guidance Endpoints

  • POST /v1/analysis/emotions — emotional well-being analysis from text and conversations
  • POST /v1/guidance/action-plan — age-appropriate guidance and intervention recommendations
  • POST /v1/reports/incident — structured safety report generation

Voice Streaming

  • WSS /v1/safety/voice/stream — real-time voice moderation via WebSocket with configurable severity thresholds

Webhooks

  • POST /v1/webhooks — register webhook endpoints for safety alerts and batch events
  • HMAC-SHA256 signature verification on all webhook deliveries
  • Automatic retry with exponential backoff (3 attempts)

GDPR Compliance

  • DELETE /v1/account/data — right to erasure (Article 17)
  • GET /v1/account/data/export — right to data portability (Article 20)
  • PATCH /v1/account/data — right to rectification (Article 16)
  • Consent management endpoints for granular data processing consent
  • Public transparency endpoints: DPA, sub-processors, retention policy

SDKs & Tools

Platform

  • Credit-based billing with per-endpoint pricing
  • Tier-based rate limiting (Free, Basic, Premium, Enterprise)
  • API key authentication via Bearer token or x-api-key header
  • Full KOSA harm category coverage with age-calibrated severity scoring