How does AI merchant verification work?

RegisteredBrands.AI verifies merchant identity through 7 automated checks: DNS domain ownership, USPTO trademark verification, GLEIF business entity validation, SSL/DMARC/SPF domain signals, SAM.gov/SEC EIN cross-referencing, document analysis, and community reputation. Results are packaged as Ed25519-signed Brand Capsules that AI agents can verify in milliseconds.

What is a Brand Capsule?

A Brand Capsule is a machine-readable, cryptographically signed identity credential for a brand. It contains verified information about the brand's domain, business registration, trademarks, and trust score. AI agents use Brand Capsules to verify merchant identity before committing to transactions.

Can AI agents verify brands offline?

Yes. Brand Capsules are signed with Ed25519 keys. The public key and signature travel with the credential, so agents can verify authenticity without calling the RegisteredBrands.AI API. This enables offline verification in air-gapped or latency-sensitive environments.

What is the difference between a directory-listed and an owner-verified brand?

Directory-listed brands are compiled from publicly available data and have not been claimed by their owners. Owner-verified brands have been claimed by the brand owner, who has proven domain ownership via DNS TXT record anchoring. Only owner-verified brands can achieve Verified or higher trust tiers.

Is RegisteredBrands.AI a government certification body?

No. RegisteredBrands.AI is a private trust registry operated by RootVaultAI LLC. Trust scores are informational indicators compiled from publicly available data sources. Similar to Dun & Bradstreet or the Better Business Bureau, our assessments represent independent analysis, not government endorsement or certification.

RegisteredBrands.AI: The Trust Layer for Bot-to-Bot Commerce

1. Scope and Agreement

These API Terms of Service ("API Terms") govern your access to and use of the RegisteredBrands.AI application programming interfaces, SDKs, machine-readable endpoints, and developer tools (collectively, the "API"). These API Terms supplement the general Terms of Service and Acceptable Use Policy. In the event of a conflict between these API Terms and the general Terms of Service, these API Terms control with respect to API usage. By accessing or using the API, you agree to be bound by these API Terms.

2. API Access and Authentication

Access to the API requires a valid account and API key issued through the RegisteredBrands.AI dashboard. Each API key is bound to a specific account and subscription plan. You are responsible for maintaining the confidentiality of your API keys and must not share, publish, or embed them in client-side code, public repositories, or any location accessible to unauthorized parties.

If you suspect your API key has been compromised, you must rotate it immediately through the dashboard and notify us at [email protected]. We reserve the right to revoke API keys that are found to be compromised, shared, or used in violation of these API Terms.

3. Rate Limits and Usage Quotas

API usage is subject to rate limits and credit quotas determined by your subscription plan. Current rate limits and quotas are published on our Pricing page and returned in API response headers.

Plan	Rate Limit	Monthly Credits	Burst Allowance
Starter	60 req/min	1,000	10 req/sec
Pro	300 req/min	25,000	50 req/sec
Enterprise	Custom	Custom	Custom

Exceeding rate limits will result in HTTP 429 responses. Persistent or intentional rate limit violations may result in temporary API key suspension. We reserve the right to modify rate limits with 30 days' notice.

4. Permitted Use

The API is provided for the following purposes: verifying brand identity and trust scores for commerce transactions; integrating brand verification into AI agent workflows; validating cryptographic capsules, entitlements, and receipts; building applications that consume trust verification data; and accessing your own account data, capsules, and transaction history.

You may cache API responses for reasonable periods (up to 1 hour for verification data, up to 24 hours for capsule metadata) to reduce API calls and improve performance. Cached data must be refreshed within these windows, and you must not serve stale verification data as current.

5. Prohibited Use

In addition to the restrictions in our Acceptable Use Policy, the following API-specific uses are prohibited: bulk downloading or mirroring the entire registry or trust score database; building a competing trust verification service using our API data; reselling, sublicensing, or redistributing API access or API data to third parties without authorization; using the API to train machine learning models on our proprietary trust scoring data; modifying, adapting, or creating derivative works of the API or its documentation except as expressly permitted; and using the API in a manner that degrades service quality for other users.

6. Data Handling and Privacy

When you access data through the API, you become a data controller (or equivalent under applicable law) for any personal data you receive. You must handle all data obtained through the API in compliance with applicable data protection laws, including CCPA, GDPR, and their equivalents.

Specifically, you must: provide clear privacy notices to end users about how you use verification data; implement appropriate technical and organizational security measures to protect API data; delete personal data when it is no longer needed for the purpose for which it was obtained; not use API data for purposes beyond those disclosed to end users; and promptly notify us of any data breach involving data obtained through our API.

7. AI Agent Integration Requirements

If you integrate the API into autonomous AI agent systems, the following additional requirements apply:

Agent Identification. AI agents accessing the API must identify themselves using a valid Agent Capsule or include an identifying User-Agent header. Anonymous or unidentified agent access may be rate-limited or blocked.

Verification Freshness. AI agents must not rely on verification data older than the caching windows specified in Section 4. Stale verification data must not be presented to consumers or transaction partners as current.

Error Handling. AI agents must implement graceful degradation when the API is unavailable. Agents must not proceed with transactions that require verification when the verification service is unreachable.

Audit Trail. You must maintain logs of all verification requests and responses for a minimum of 90 days. These logs may be required for dispute resolution.

8. Service Level and Availability

We target 99.9% API uptime for Pro and Enterprise plans, measured on a monthly basis. Scheduled maintenance windows are announced at least 48 hours in advance via our Status page and developer mailing list.

The API is provided "as is" without uptime guarantees for Starter plans. For Pro and Enterprise plans, SLA credits are available as described in our Refund Policy. We are not liable for downtime caused by factors outside our reasonable control, including internet connectivity issues, third-party service outages, or force majeure events.

9. Versioning and Deprecation

We version the API to allow for backward-compatible improvements. When breaking changes are necessary, we will release a new API version and provide at least 90 days' notice before deprecating the previous version. During the deprecation period, both versions will be available. After deprecation, requests to the old version may return errors. We recommend subscribing to our developer mailing list for version announcements.

10. Intellectual Property

The API, its documentation, SDKs, and all related intellectual property are owned by the Company. You are granted a limited, non-exclusive, non-transferable, revocable license to use the API in accordance with these API Terms and your subscription plan. This license does not grant you any ownership rights in the API or its underlying technology. You may not use the RegisteredBrands.AI name, logo, or trademarks without prior written permission, except as necessary to accurately describe your integration (e.g., "Verified by RegisteredBrands.AI").

11. Indemnification

You agree to indemnify and hold harmless the Company from any claims, damages, losses, or expenses arising from: your use of the API; your violation of these API Terms; any application or service you build using the API; actions taken by AI agents you deploy that access the API; and any third-party claims related to data you obtain through the API.

12. Termination

We may suspend or revoke your API access at any time for violation of these API Terms, the general Terms of Service, or the Acceptable Use Policy. Upon termination, you must immediately cease all use of the API, delete any cached API data (except as required for legal compliance), and remove any integrations that depend on the API. Provisions that by their nature should survive termination will remain in effect.

13. Changes to These Terms

We may update these API Terms from time to time. Material changes will be communicated via email to the address associated with your developer account and via prominent notice on the developer documentation. Changes take effect 30 days after notice. Your continued use of the API after changes constitutes acceptance.

14. Contact

For questions about these API Terms, contact us at [email protected] or through our Contact page.