VERIBUREAU
SECURITY

Security Principles

How VeriBureau protects data and ensures the integrity of the trust protocol.

No personal data stored

When a reviewer verifies their identity, the email address is converted to a one-way cryptographic hash. The original address is never stored in any database, log, or backup. We cannot access it, sell it, or expose it — because it does not exist in our system.

Encryption

All data in transit is protected with modern TLS encryption. Sensitive data at rest is encrypted using industry-standard algorithms. API keys are hashed before storage — if our infrastructure were compromised, raw credentials could not be extracted.

Immutable audit trail

Every event in the system is recorded in a cryptographic chain. Each record includes a hash of the previous record, forming an unbreakable sequence. Altering any historical record would break the chain from that point forward, making tampering publicly and mathematically detectable. You can verify the chain yourself at any time.

Authentication

Business authentication uses unique, cryptographically generated API keys. Identity verification uses time-limited, single-use codes delivered via authenticated email channels.

Domain ownership verification uses DNS TXT records — the same mechanism trusted by certificate authorities and major technology platforms worldwide.

Domain verification levels

Level 1: Email Verified

Business email confirmed via one-time code.

Level 2: Domain Verified

DNS TXT record proves ownership of the business domain.

Level 3: Protocol Declared

Dedicated DNS subdomain declares participation in the VeriBureau protocol. Voluntary. Increases trust level.

Level 4: Fully Certified

All verification levels completed. Maximum trust status.

Protection measures

The platform implements rate limiting, input validation, anomaly detection, and automated monitoring. Infrastructure is hardened and regularly reviewed. We follow the principle of minimal disclosure — we share our security philosophy, not our implementation details.

Responsible disclosure

If you discover a security vulnerability, we ask that you report it responsibly. Contact us at security@veribureau.com. We will acknowledge receipt within 24 hours.

We do not pursue legal action against security researchers who report vulnerabilities in good faith.