Every claim we make is verifiable. Every check we run is documented. This page explains exactly what we verify, how we verify it, and how you can confirm our results independently.
No black boxes. No proprietary scores you can't understand. Full transparency.
Each brand capsule is scored across seven independent checks. Each check queries a different authoritative source. No single check determines the outcome — the trust score is a composite of all seven.
Method: TXT record verification
Brand owner adds a unique TXT record to their domain's DNS. We verify the record exists and matches. This is the same method used by Google Workspace, Microsoft 365, and certificate authorities.
Verify it yourself: Run `dig TXT yourdomain.com` to see the verification record.
Method: Certificate chain validation
We verify the domain has a valid SSL certificate issued by a trusted certificate authority, check the certificate chain, and confirm the certificate covers the claimed domain.
Verify it yourself: Click the lock icon in any browser to inspect the certificate.
Method: SAM.gov / GLEIF cross-reference
We check the brand against the U.S. System for Award Management (SAM.gov) and the Global Legal Entity Identifier Foundation (GLEIF) to confirm the business entity exists and is active.
Verify it yourself: Search SAM.gov or GLEIF directly with the entity name.
Method: USPTO TESS database lookup
We search the U.S. Patent and Trademark Office's Trademark Electronic Search System (TESS) for active trademark registrations matching the brand name.
Verify it yourself: Search USPTO TESS at tmsearch.uspto.gov.
Method: Dun & Bradstreet cross-reference
If the brand provides a DUNS number, we verify it against Dun & Bradstreet's database to confirm the business identity and creditworthiness signals.
Verify it yourself: Request a DUNS lookup at dnb.com.
Method: Safe Browsing API check
We check the domain against Google's Safe Browsing database to ensure it's not flagged for malware, phishing, or social engineering.
Verify it yourself: Check any URL at transparencyreport.google.com/safe-browsing.
Method: LLM-powered website analysis
We use AI to analyze the brand's website content for consistency with claimed identity, check for red flags like copied content or suspicious patterns, and assess overall legitimacy signals.
Verify it yourself: Review the analysis summary in the brand's capsule detail page.
Every verified brand capsule is signed with Ed25519 — the same algorithm used by SSH, Signal, and Solana. This means verification can happen offline, without calling our API.
Each brand capsule contains a cryptographic signature that proves the capsule was issued by RegisteredBrands.AI and has not been tampered with. Any party can verify this signature using our public key.
// Verify a capsule signature
const isValid = ed25519.verify(
capsule.signature,
capsule.payload,
REGISTRY_PUBLIC_KEY
);
// Returns true if authenticDomain ownership is proven by adding a DNS TXT record. This is the internet's native proof-of-ownership mechanism — the same method used by Google, Microsoft, and every certificate authority.
# Check DNS verification
$ dig TXT example.com
;; ANSWER SECTION:
example.com. 300 IN TXT
"rb-verify=abc123def456"Transparency means being clear about what we don't do, not just what we do.
A verified brand identity means the entity is who they claim to be. It does not mean their products are good, their prices are fair, or their service is excellent. Verification is about identity, not quality.
Our verification checks are automated and based on public data sources. For high-value transactions, legal contracts, or regulatory compliance, you should conduct your own due diligence.
We never see, store, or process credit card numbers, bank accounts, or payment credentials. Payment processing is handled entirely by Stripe.
Trust scores are computed from objective, verifiable data points. We don't manually adjust scores, accept payment for higher scores, or make editorial judgments about brands.
For security teams, compliance officers, and developers evaluating the platform.
| Signature Algorithm | Ed25519 (RFC 8032) |
| Key Size | 256-bit (32-byte public key) |
| Capsule Format | JSON-LD with embedded signature |
| Discovery Protocol | .well-known/brand-capsule.json |
| API Authentication | Bearer token (API key) or public (read-only) |
| Transport Security | TLS 1.3 minimum |
| Data Residency | United States (AWS us-east-1) |
| Uptime Target | 99.9% (Business tier and above) |
| API Rate Limits | 1,000/month (free), 25,000/month (Professional), 100,000/month (Business) |
| Protocol Compatibility | MCP (Model Context Protocol), A2A (Agent-to-Agent), UCP (Universal Checkout Protocol), TAP (Trust Assurance Protocol) |
| Verification Latency | < 200ms (cached), < 2s (fresh check) |
| Audit Log Retention | 90 days (standard), 1 year (Business+) |
Trust scores range from 0 to 100,000. The tier determines how the brand appears in the registry and to AI agents.
| Tier | Score Range | What It Means | Requirements |
|---|---|---|---|
| Observed Profile | 0 – 9,999 | Public data compiled. Brand has not claimed this profile. | None (auto-generated) |
| Claimed | 10,000 – 29,999 | Brand owner has registered and claimed this profile. | Account registration |
| Verified | 30,000 – 59,999 | Domain ownership confirmed via DNS. Multiple verification checks passed. | DNS TXT record + 3+ checks |
| Trusted | 60,000 – 100,000 | Full verification suite passed. Business entity confirmed. Transaction history established. | DNS + DUNS/GLEIF + 5+ checks |
Unclaimed profiles (Observed Profile tier) are capped at a maximum score of 29,999 regardless of public data signals. Only brand owners who complete DNS verification can reach the Verified or Trusted tiers.
Start with a free account. Verification takes under 5 minutes.