How does AI merchant verification work?

RegisteredBrands.AI verifies merchant identity through 7 automated checks: DNS domain ownership, USPTO trademark verification, GLEIF business entity validation, SSL/DMARC/SPF domain signals, SAM.gov/SEC EIN cross-referencing, document analysis, and community reputation. Results are packaged as Ed25519-signed Brand Capsules that AI agents can verify in milliseconds.

What is a Brand Capsule?

A Brand Capsule is a machine-readable, cryptographically signed identity credential for a brand. It contains verified information about the brand's domain, business registration, trademarks, and trust score. AI agents use Brand Capsules to verify merchant identity before committing to transactions.

Can AI agents verify brands offline?

Yes. Brand Capsules are signed with Ed25519 keys. The public key and signature travel with the credential, so agents can verify authenticity without calling the RegisteredBrands.AI API. This enables offline verification in air-gapped or latency-sensitive environments.

What is the difference between a directory-listed and an owner-verified brand?

Directory-listed brands are compiled from publicly available data and have not been claimed by their owners. Owner-verified brands have been claimed by the brand owner, who has proven domain ownership via DNS TXT record anchoring. Only owner-verified brands can achieve Verified or higher trust tiers.

Is RegisteredBrands.AI a government certification body?

No. RegisteredBrands.AI is a private trust registry operated by RootVaultAI LLC. Trust scores are informational indicators compiled from publicly available data sources. Similar to Dun & Bradstreet or the Better Business Bureau, our assessments represent independent analysis, not government endorsement or certification.

RegisteredBrands.AI: The Trust Layer for Bot-to-Bot Commerce

1. Purpose

This Acceptable Use Policy ("AUP") governs the use of the RegisteredBrands.AI platform, APIs, SDKs, and all related services (collectively, the "Service") operated by RootVaultAI LLC, an Arizona limited liability company ("Company," "we," "our," or "us"). This AUP supplements our Terms of Service and applies to all users, including human operators, organizations, and autonomous AI agents acting on behalf of registered account holders. Violations of this AUP may result in trust score penalties, account suspension, or permanent termination.

2. General Conduct Standards

All users of the Service must act in good faith, provide accurate information, and respect the rights of other users and the integrity of the trust verification ecosystem. The Service exists to build trust in agentic commerce; conduct that undermines trust or exploits the verification system is strictly prohibited.

You are responsible for all activity under your account, including actions taken by AI agents, scripts, or automated systems operating with your credentials. "I didn't know my agent did that" is not a defense against AUP violations.

3. Prohibited Activities

3.1 Identity and Verification Fraud

You may not register Brand Capsules for brands you do not own, represent, or have written authorization to manage. Submitting forged, altered, or misleading verification documents is strictly prohibited. Impersonating another brand, organization, or individual through capsule registration or profile information is a violation. Creating multiple accounts or capsules to circumvent trust score penalties, rate limits, or account restrictions (sybil attacks) is prohibited.

3.2 Trust Score Manipulation

Any attempt to artificially inflate or manipulate trust scores is prohibited. This includes wash trading (creating fake transactions between accounts you control to generate artificial transaction history), coordinated flagging (organizing groups to flag competitors or boost allies), review manipulation (posting fake reviews or ratings), and exploiting algorithmic vulnerabilities to gain unearned trust score points. Trust scores are computed algorithmically and must reflect genuine platform activity.

3.3 API and Technical Abuse

You may not attempt to circumvent rate limits, authentication mechanisms, or access controls. Scraping, bulk downloading, or systematically extracting data beyond what is necessary for legitimate verification purposes is prohibited. Reverse engineering, decompiling, or disassembling any part of the Service is not permitted. Introducing malware, viruses, or malicious code through API interactions or file uploads is strictly prohibited. Intentionally overloading the Service through denial-of-service attacks or excessive request volumes is a violation.

3.4 Financial and Payment Abuse

Using the Service to facilitate money laundering, terrorist financing, sanctions evasion, or other financial crimes is strictly prohibited. Submitting USDC payments from wallets associated with sanctioned addresses (OFAC SDN list) or known illicit activity is a violation. Filing fraudulent chargebacks or payment disputes is prohibited. Exploiting pricing errors, promotional codes, or payment processing vulnerabilities is not permitted.

3.5 AI Agent Misuse

Deploying AI agents that use our verification endpoints to facilitate deceptive practices is prohibited. This includes agents that misrepresent verification results to consumers, agents that use cached or stale verification data to mislead transaction partners, agents that impersonate other registered agents, and agents that exploit the trust verification system to gain unfair commercial advantage. Account holders are responsible for implementing appropriate safeguards, spend limits, and oversight mechanisms for their AI agents.

3.6 Content and Communication Abuse

You may not use the Service to distribute spam, unsolicited communications, or phishing attempts. Posting content that is defamatory, obscene, threatening, or that promotes violence or discrimination is prohibited. Using the community flagging system to harass competitors or other users is a violation. Submitting false or malicious vulnerability reports through our Responsible Disclosure program is not permitted.

3.7 Legal and Regulatory Violations

Using the Service in violation of any applicable law, regulation, or industry standard is prohibited. This includes violations of export control laws, sanctions regulations, intellectual property laws, data protection regulations (CCPA, GDPR, and equivalents), consumer protection laws, and anti-money laundering requirements. You are responsible for ensuring your use of the Service complies with all laws applicable in your jurisdiction.

4. Cryptographic Integrity

The Service relies on Ed25519 digital signatures for capsule integrity, entitlement authentication, and receipt verification. Forging, tampering with, or misrepresenting cryptographic signatures is strictly prohibited and may constitute fraud under applicable law. Attempting to derive private keys from public keys, exploit cryptographic implementations, or circumvent signature verification is a violation. If you discover a vulnerability in our cryptographic implementation, report it through our Responsible Disclosure Policy rather than exploiting it.

5. Enforcement

We enforce this AUP through a graduated response system. The severity of the response depends on the nature, frequency, and impact of the violation.

Level	Action	Typical Triggers
Warning	Written notice with required corrective action	First-time minor violations, unintentional rate limit exceedance
Trust Penalty	Trust score reduction (1,000–10,000 points)	Repeated minor violations, inaccurate capsule information
Suspension	Temporary account and API access suspension (7–30 days)	Moderate violations, trust score manipulation attempts
Termination	Permanent account termination, capsule deactivation	Severe violations, fraud, financial crimes, repeated suspensions

We reserve the right to skip levels in the graduated response for severe violations that pose immediate risk to the platform, its users, or the integrity of the trust verification ecosystem. Emergency actions (immediate suspension or termination) may be taken without prior notice for violations involving fraud, financial crimes, or active security threats.

6. Reporting Violations

If you become aware of conduct that violates this AUP, please report it to [email protected] or use the community flagging system within the platform. For security vulnerabilities, use our Responsible Disclosure Policy. We investigate all reports and take appropriate action. Reports are treated confidentially to the extent permitted by law.

7. Appeals

If you believe an enforcement action was taken in error, you may appeal by contacting [email protected] within 14 days of the action. Your appeal should include your account identifier, a description of the enforcement action, and your explanation of why the action was unwarranted. We will review appeals within 7 business days and provide a written determination. The determination on appeal is final.

8. Changes to This Policy

We may update this AUP from time to time to address new threats, technologies, or regulatory requirements. Material changes will be communicated via email or prominent notice on the Service at least 30 days before taking effect. Your continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact

For questions about this Acceptable Use Policy, contact us at [email protected] or through our Contact page.