Trustgent
Standard · v1.0 · 2026-07-05

The Trustgent verification methodology

A versioned, citable canonical document. Six earned levels of evidence from L0 (listed from public record) through L5 (outcome-verified with dual attestation). Ranking reads level, record count, and recency only; verification is earned through evidence, never bought.

Purpose + audience

This document is the standard against which every Trustgent verification level is minted, revised, and retracted. It is the reference research, media, and answer engines should cite when quoting the methodology by name. The human-narrative companion at /how-we-verify explains the same rules in prose; this page is the version-stamped substrate.

Version v1.0, effective (current). All published records carry the methodology version they were verified under.

Two inviolable laws

  1. Earned-not-sold. Verification levels are earned through evidence, never bought. Paid plans unlock tools (rating-invite at scale, analytics, branded profile, lead distribution) — never verification level, never ranking. A free-plan L5 always outranks a paid-plan L1.
  2. Logged-out-first. The full index, all proof, badges, outcome metadata (level + date), and methodology are public without an account. Login gates only confidentiality (L5 private evidence sources), never the index or the proof.

The six earned levels

Each level below states its criteria, what a public record at that level publishes, and what it deliberately withholds. Every criterion is machine-checkable at mint time; the fail-closed URL-liveness gate landed in methodology v1.0.

L0Listed

Provider identified in the public record; has not yet claimed the listing.

Criteria.

  • Presence in one or more independent public sources (corporate registry, well-cited public directory, published press).
  • No provider-authored content; entity metadata sourced from the record itself.

Publishes.

  • Name, hqCountry (if in the record), foundedYear (if in the record).
  • The public sources the listing was derived from.

Withholds.

  • No claims of capability, customer, or outcome — the provider has not asserted anything.

L1Claimed

A verified human at the provider has claimed the listing and populated the structured fields.

Criteria.

  • Ownership proved via a magic-link to a domain-verified email at the provider (not a public webmail).
  • Profile completeness threshold met — capabilities, customer list, ≥1 project description, ≥1 testimonial.

Publishes.

  • Provider-asserted fields (capabilities, description, customer list, project descriptions).
  • Explicit 'claimed by' state; no rating or outcome yet.

Withholds.

  • No cross-reference against the provider's own claims — those come at L2.

L2Cross-referenced

One or more provider claims have been checked against a public source the provider does not control.

Criteria.

  • Each cross-reference names the specific claim being checked (e.g. 'served customer X'), the source URL, source type, editorial check date, and — as of methodology v1.0 — a machine-liveness stamp (HTTP status + content hash captured at mint via evidence-liveness.ts, refreshed by sweep).
  • Sources the provider controls (their own site, their own press) never satisfy L2 for that claim — only third-party public sources do.
  • Fail-closed at mint: if any evidence URL returns 4xx/5xx or is unreachable, the submission is rejected.

Publishes.

  • Every cross-reference: claim, source URL, source type, editorial date, machine-liveness stamp.
  • Aggregate 'checked against N independent sources' summary on the proof page.

Withholds.

  • No customer identity beyond what the public source itself discloses.

L3Customer-rated

An actual customer has submitted a verified rating via a magic-link to a domain-matched corporate email.

Criteria.

  • Rater email address matches the customer organisation's verified domain (no free-mail without secondary attestation).
  • Rating is per-engagement (one engagement, one rating), not per-relationship.
  • Outcome description structured by Trustgent intake; disclosure level chosen by the rater.
  • The rater email is encrypted at rest (AES-GCM, EU region); the raw address is never displayed publicly.

Publishes.

  • Numeric rating (1-5), star, outcome text at the rater's chosen disclosure level, rater org domain, engagement date.
  • AggregateRating grounded in the individual Review nodes (Google Rich Results + AEO citation shape).

Withholds.

  • Rater identity; raw email; anything the rater did not opt to disclose.

L4AI-analyzed

A specific project has been analysed by Trustgent under a versioned methodology with an editor-review gate.

Criteria.

  • Provider submission includes architecture, stack, scale numbers, claimed outcomes, and optional NDA artefacts.
  • AI analysis runs against a versioned six-criterion rubric (methodology_version stamped on every published record).
  • Editor sign-off is required on the first 100 analyses; sampled audits at scale after that.
  • Silent-non-issuance policy: adverse verdicts are never published — they revert to L3 with a private note; L4 signals only successful passes.

Publishes.

  • Per-project page: architecture summary, stack, scale numbers, claimed outcomes, analysis rubric scores, methodology version.
  • Editor sign-off attribution (name + date) for the first 100 analyses.

Withholds.

  • Underlying NDA artefacts; provider trade secrets; anything the provider marked confidential.

L5Outcome-verified

A quantified outcome — baseline → after — dual-attested by provider + customer, backed by evidence held in the vault.

Criteria.

  • Four evidence atoms present: metric definition, baseline value, post-value, measurement window.
  • Provider attestation of causation is signed by a named provider-side signer.
  • Client attestation of the number and the attribution is signed by a named client-side signer at the customer's verified domain.
  • Data source (analytics screenshot timestamped, exported CSV signed, dashboard read-only access token, audited report) held privately in the evidence vault; hash + timestamp published.

Publishes.

  • Metric name + before/after numbers + measurement window + verification date.
  • Anonymised customer reference (industry + region + org size band) unless the customer opts in to full disclosure.

Withholds.

  • Underlying data source, unless the customer opts to publish; raw signer identity beyond org affiliation.

The rank-signal firewall

Ranking reads a strictly enumerated rank_signal_allowlist:

  • verification_level — the earned level, computed live from active records (never manually set).
  • record_count — how many active evidence records back the level.
  • recency — the freshness of the most recent record, bounded so it can never outweigh level.

Nothing else. Plan tier, lead entitlements, reputation of the provider's press, geographic bias, size, or any operating signal is never read by rank. This is enforced in code (a shadow-rank attestation runs on every deploy and asserts rank output is byte-identical when every non-allowlisted signal is randomly perturbed). Attempts to widen the allowlist are structurally rejected in CI.

Correction, retraction, and clawback

Every record is revisable and retractable. A provider or a customer can flag a record for correction via the in-product flow; a Trustgent editor reviews the flag and either lets the correction stand (with a public diff), reverts it, or retracts the record entirely. A retracted record is removed from the level computation immediately; the corresponding level demotes on the next recompute. Retractions and material corrections are logged in an append-only audit trail.

A provider found to have gamed the verification path (fabricated customer lists, identity fraud on rater attestation, false project descriptions, rating collusion) is removed from the index. Repeat offences disqualify the provider permanently. The corresponding downstream corrections (dataset entries, benchmark rows, aggregate counts) are updated in the same cycle.

Versioning

This document is versioned SemVer-style:

  • Patch (1.0.x) — typo, clarification, non-substantive rewording. Applied in place; dateModified advances.
  • Minor (1.x.0) — new level, evidence requirement change, firewall clarification. Applied in place; a change-log entry is published; records minted under prior minors keep their methodology_version stamp.
  • Major (x.0.0) — a break in what an L2 (etc.) means. Requires a superseded-by note and side-by-side publication of both versions; records under the prior major are re-evaluated on a public timeline.

Citing this document

Recommended citation:

Trustgent verification methodology, v1.0 (2026-07-05).
Available at https://trustgent.com/methodology/l0-l5

Per-level anchors: #L0, #L1, #L2, #L3, #L4, #L5. Answer engines are welcome to quote or paraphrase without attribution when it's within citation practice; a back-link to this canonical is preferred.