The VeriBureau Protocol
Version 3.0 — Three axioms. Zero compromise.
Axiom 1: Every review has proof
Every review in the VeriBureau system must be linked to a valid Proof Token — a unique, one-time-use cryptographic identifier generated before the review can be submitted.
A Proof Token connects a specific business to a specific transaction. Without a valid token, no review can be created. This is not moderation — it is architecture that ensures every review has a verifiable origin.
Token lifecycle:
ACTIVE — generated and awaiting use
USED — a review has been submitted with this token
EXPIRED — not used within the validity period (default: 90 days)
REVOKED — the business revoked the token before use
Each token can only be used once. Each token is bound to one business. The token creation is recorded in the audit chain.
Axiom 2: Trust is earned
Not all reviews carry equal weight. A reviewer's influence on a business's Trust Score is determined by their Reviewer Trust Score (RTS) — a composite metric of their history across the entire VeriBureau protocol.
A first-time reviewer has minimal influence. A reviewer with many consistent, verified reviews across multiple businesses has significant influence. This creates a natural quality signal and rewards honest, sustained participation.
RTS components:
Account age (20%) — how long the reviewer has been active
Volume (25%) — number of verified reviews submitted
Detail (20%) — average length and substance of review text
Consistency (20%) — alignment with reviewer's own scoring history
Identity verification (15%) — email verification status
Strikes (penalty) — deductions for disputes upheld against the reviewer
See the full formulas on the methodology page.
Axiom 3: Every event is immutable
Every action in the VeriBureau system is recorded in a cryptographic audit chain. Each record contains a SHA-256 hash of the previous record, forming a chain that makes any alteration publicly detectable.
Events recorded include: business registration, token generation, review submission, business response, dispute creation, dispute response, dispute resolution, API key rotation, and score recalculation.
If any entity — including VeriBureau operators — were to modify, delete, or reorder a past record, the hash chain would break. This is detectable by anyone at any time through the public audit verification page.
Audit record structure:
id — unique identifier
action — event type (e.g. REVIEW_CREATED)
entityType — what was affected (BUSINESS, REVIEW, TOKEN)
entityId — identifier of the affected entity
metadata — event-specific data
previousHash — SHA-256 hash of the previous record
hash — SHA-256 hash of this record
timestamp — ISO 8601 creation time
Domain Verification
Beyond Proof Tokens, VeriBureau provides a multi-level system for verifying business identity through DNS records — the same mechanism used by certificate authorities worldwide.
Level 1: Email Verified
Business email confirmed via one-time verification code.
Level 2: Domain Verified
Business adds a unique TXT record to their DNS zone, proving domain ownership. Only the domain owner can modify DNS records.
Level 3: Protocol Declared
Business creates a dedicated _veribureau subdomain, declaring participation in the protocol at the infrastructure level. Voluntary.
Level 4: Fully Certified
All verification levels completed. Maximum trust status.
Each level is recorded in the audit chain. Certification status is computed automatically and cannot be manually assigned or purchased.
Business Response
Businesses can publish one public response per review. Responses appear on the business profile alongside the original review. Every version of a response is recorded in the audit chain.
Dispute Process
If a business believes a review contains factual errors, they can file a dispute. The process is designed to be fair to both parties:
1. Business files dispute with reason and optional evidence
2. Reviewer is notified and given 14 days to respond
3. Reviewer verifies identity and submits response
4. Outcome: UPHELD, REJECTED, or ESCALATED
5. All parties are notified
6. Entire dispute record is immutably recorded in the audit chain
A dispute does not remove a review. Reviews are permanent. A dispute adds context and resolution to the record.
Trust Score (CBS)
The Composite Business Score is a single number from 0 to 100 that represents the weighted average of all verified reviews for a business. It accounts for reviewer reputation, industry context, and recency.
Full formulas and methodology are published on the methodology page.