Skip to content
ZygenTrust
Status · checking
01 · Inputs

5

Signals

DNS, HTTPS, pages, contact, security

02 · Output

1 score

Verdict

Risk · action · confidence — explainable

03 · Speed

ms-class

Latency

Cold ≤ 2s · warm cached at the edge

How it works

Signals to verdict,
in one round trip.

The analyze pipeline collects deterministic signals, then resolves to a trust score and a recommended action.

01 · Domain risk

Resolve and verify the domain

DNS over HTTPS for A, AAAA, MX. We confirm the domain is alive and that mail infrastructure exists before anything else.

  • DNS A + AAAA resolves
  • MX records 2 hosts
  • Reverse path consistent
02 · Reachability

Reach the website over HTTPS

We try HTTPS first, fall back to HTTP, and follow at most one redirect with a strict timeout. Cross-domain hops to abuse TLDs are flagged.

  • HTTPS 200 OK
  • HSTS max-age=31536000
  • Redirect chain 1 hop, same host
03 · Trust pages

Look for the pages operating business sites publish

Privacy, terms, contact, and about. Six shallow probes, never recursive, never deeper than one click.

  • /privacy found
  • /terms found
  • /contact found
  • /about found
04 · Verdict

Deterministic score, recommended action

Weighted rules and explainable insights — never a black box. You always see why.

Trust score 0
  • Trust score 82
  • Risk level low
  • Action approve
  • Confidence 0.78

A single endpoint. 28+ signal categories.

ZygenTrust collects deterministic signals across DNS, HTTP, trust pages, contact, security, history, brand abuse, network reputation, and external threat intel — and turns them into an explainable score with evidence.

Domain & network

DNS, HTTPS, ASN

Resolves records via DNS over HTTPS. Verifies HTTPS, checks redirects. Identifies hosting provider, ASN, and network type.

Business signals

Pages, contact, intent

Detects privacy, terms, contact, about, pricing, testimonials, and business category — plus lead quality scoring.

History & abuse

Domain age, brand risk

Checks domain age via RDAP, certificate history via crt.sh, Wayback availability. Detects punycode, typosquat, and suspicious keyword patterns.

Explainable

Evidence, not vibes

Every score comes with an evidence summary, top positive/risk signals, data sources used, confidence explanation, and a recommended action.

Use cases

One call. Predictable JSON. Made to slot into onboarding, lead scoring, and merchant pre-screening pipelines.

SaaS

Onboarding pre-screen

Block obvious junk signups before they hit your trial pipeline.

Marketplace

Seller review

Quickly triage new vendor applications by domain trust.

Lead-gen

Lead scoring

Add a deterministic trust signal next to your firmographic data.

Agencies

Prospect filtering

Skip prospects whose websites lack the trust signals to support a deal.

Free

Free

50 checks / month

For testing the API and validating basic trust signals.

  • Test API keys
  • Trust score, risk level, recommended action
  • Basic evidence and insights
  • Public OpenAPI access
Create free account

Starter

$ 29 /mo

2,500 checks / month

For early onboarding workflows moving beyond free validation.

  • Approved live API keys during beta
  • Standard website trust analysis
  • 24h shared analyze cache
  • Basic usage tracking
  • Email/manual beta support
Start Starter

Pro

$ 299 /mo

100,000 checks / month

For platforms screening domains at higher volume during private beta.

  • Everything in Growth
  • Custom cache TTL up to 7 days
  • Audit log access
  • Advanced reputation adapters
  • Visual evidence when available
  • Higher operational limits
  • Priority launch support
  • Roadmap: SSO, team controls
Request Pro access
Shipping notes

What changed lately.

The last three things we shipped. Each line is one decision the team made — what changed, why, and where to read more.

See full log
feature

Self-serve password reset, shareable demo, and pricing fix

Forgot password is now fully self-serve from the sign-in screen — enter your email, click the link, and set a new password without contacting support. The demo page gained shareable result URLs (try /demo?domain=stripe.com), a Share Result button, and animated score counters with risk-colored indicators. Pricing cards now show correct prices on initial load. The docs page gained JavaScript and Python code examples alongside cURL.

feature

Self-serve polish: password reset, signup confirmation, copyable docs

Password reset is fully self-serve from the sign-in screen. Signup now drops you on a real confirm-your-email card with a working resend button. Docs and the demo gained one-click copy buttons for cURL and the response shape, plus a direct link to the live OpenAPI document. Pricing comparison stops sideways-scrolling on phones, and the demo result page now points you to a free key, a working cURL, or the schema.

fix

Unified self-serve story across the site

The homepage activation path now shows the real flow: sign up, generate a test key, call the API. Hero code samples switched to runnable cURL, fetch, and Python. Pricing Free and Starter route into signup or talk-to-us instead of the demo. Docs, hero, and dashboard now agree on one canonical API base URL.

Engineered for production

Edge-cached worldwide: ms-class warm latency. Postgres-grade durability: ACID transactions. Schema-validated end-to-end: Zod-backed contracts. TS-strict by default: no any, no escape hatches. Deterministic by design: no AI in scoring. Explainable, not magic: every score has evidence. Audit-ready logs: compliance-grade trail. Bot-defended at the edge: request-time verification.

Frequently asked

Eight honest answers.

The questions we hear before sign-up. If yours is not here, hit the waitlist with it — we will reply on the same thread.

  1. Is this KYB or KYC?

    No. ZygenTrust is lightweight pre-screening for business websites — domain risk, trust pages, contact signals, security headers, and business intent. It is not identity verification, sanctions screening, or document-based KYB. It pairs well with a full KYB stack but does not replace one.

    Link to this answer
  2. How is the trust score calculated?

    Deterministic, weighted rules across DNS, HTTP, trust pages, contact, and security. No AI in the scoring path. Every score ships with a confidence value, evidence, and template insights so you can audit why a domain landed where it did. Full weights live in the public scoring rules document.

    Link to this answer
  3. Can I configure cache TTL?

    Yes, on Growth and Pro. Default cache TTL is 24 hours for every plan. Growth can pass a per-request TTL from 1 to 72 hours, and Pro extends that to 168 hours. Cached responses still consume one quota check so billing stays predictable.

    Link to this answer
  4. What about high-volume usage?

    The API is built on an edge runtime with KV cache, so warm latency stays in the millisecond class regardless of volume. Per-key monthly quotas enforce billing, and per-IP rate limits are layered in for abuse defense. If you expect more than 100,000 checks a month, talk to us before signing up so we can scope the right plan.

    Link to this answer
  5. Do you have GDPR or DPA support?

    ZygenTrust is GDPR-aligned in how it handles data. A Data Processing Addendum is available on request — see the DPA page. Note that ZygenTrust intentionally does not store extracted contact details (no email or phone harvesting), so the DPA scope is narrow by design.

    Link to this answer
  6. Is there a self-hosted option?

    Not in the MVP. The API is delivered as a managed edge service. If you have a hard regulatory reason for self-hosting, mention it on the waitlist and we will keep your details for a future evaluation when an enterprise tier ships.

    Link to this answer
  7. What happens when my quota runs out?

    The API returns 429 with the QUOTA_EXCEEDED error code. Response headers include X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset (epoch seconds for the next monthly reset). Cached responses still consume quota — that is a deliberate billing decision so you do not get surprised by burst caching.

    Link to this answer
  8. Is the roadmap public?

    Yes. The product roadmap, frontend roadmap, and backend roadmap are all checked into the repo and updated session by session. The shared memory file logs every meaningful change with dated audit entries. Pricing, scoring rules, and the API design document are public too.

    Link to this answer
Activation path

From signup to first analyze in three steps.

Self-serve for Free and Starter plans. No black box, no surprise pricing wall, no "contact sales" gate before you can see the API in action.

  1. Step 1

    Create a free account

    Sign up with email and password or Google. Confirm your inbox if email signup. No card required, no sales call, no waitlist for the Free plan.

    ≈ 60 seconds

  2. Step 2

    Generate a test API key

    Open the dashboard and create a test key. The secret is shown once and starts with zt_test_. Free includes 50 checks per month with no overage charges.

    Free · 50 checks/mo

  3. Step 3

    First analyze call in five minutes

    One GET request returns a deterministic trust score, risk level, recommended action, confidence, signals, and explainable insights. No SDK to install. No webhook to configure for the first call.

    GET /v1/analyze?domain=…

Growth and Pro plans are issued manually for now — tell us what you are building and we will reply within two business days. ZygenTrust is currently on a preview domain; a custom domain and public status page roll out together with the first paid plans.

Self-serve · 50 free checks/month

Skip the waitlist. Get a test key in 60 seconds.

Create an account, generate a test key from the dashboard, and call /v1/analyze with a real domain. No card, no sales call.

Need a higher plan or batch access? Talk to the team →

Early access

Join the waitlist

Be the first to use ZygenTrust in production. We will email you when API keys are available for your plan.