Built to produce defensible results
Verification is a compliance function. The platform is designed so every result is traceable to a primary source, and every request runs under least privilege.
Data protection
How we handle your data
Encrypted in transit
All traffic is served over HTTPS/TLS with HSTS. The public site is distributed via CloudFront with a managed WAF.
Tenant isolation
API data is scoped per tenant. A verification or batch is only readable with a key belonging to the tenant that created it.
Least-privilege keys
API keys carry explicit scopes (read / verify). Use sandbox keys in development and rotate keys from the operator portal.
Tier isolation
The public API runs as a separate service role from the operator backend — physical separation between public and internal tiers.
Rate & abuse controls
Per-tenant rate limits, a rolling usage cap, and bounded concurrency protect the platform and the upstream registries.
Passwordless operators
The operator portal uses WebAuthn passkeys and email OTP with an access whitelist — no shared passwords.
Evidence & auditability
Every verdict is traceable
Primary-source evidence
Results are rendered from authoritative registries with screenshot evidence captured per verification — not inferred or cached guesses.
Full disambiguation trail
When multiple candidates exist, each kept/dropped decision is recorded with its basis, so any selection can be reviewed later.
Reporting a vulnerability
If you believe you have found a security issue, please contact us before public disclosure so we can investigate and remediate. We appreciate responsible disclosure.
Start verifying credentials with confidence
Run single lookups, bulk batches, or integrate the REST API. Evidence-backed results, attributed costs, no guesswork.
Already onboarded? Sign in to the portal