How does TrustSeal verify a domain?

You add a DNS TXT record we generate. Once detected, ownership is confirmed and the first account to verify owns the domain.

Is the badge tamper-resistant?

Yes. The embeddable badge checks live status on every load and is origin-bound to the claimed domain, so a copied badge cannot fake verification.

What do Pro and Free include?

Free gives one verified domain and a public seal page. Pro adds the embeddable badge, the Command Center, analytics and multiple domains.

Can I cancel anytime?

Yes. Cancelling stops renewal — your Pro access continues until the end of the period you already paid for.

Do you support international businesses?

TrustSeal is available in English, Hindi, Spanish and Arabic, with full right-to-left support for Arabic.

Security Center

How TrustSeal protects verification integrity, your data, and the trust signal customers rely on.

Security overview

Security is foundational to TrustSeal: a trust signal is only valuable if it cannot be faked. We design every layer — verification, badges, billing — to be tamper-resistant and server-authoritative.

Infrastructure security

Served over HTTPS on a managed edge platform with automatic TLS.
Authentication via Firebase; account data is access-scoped per user.
Secrets are held server-side and never exposed to the browser.

DNS verification security

Domain ownership is proven with a unique, per-claim DNS TXT token. The first account to verify a domain owns it within TrustSeal. Tokens expire, and verification is re-checked over time.

Trust badge integrity

The embeddable badge checks LIVE status on every load — a copied or static badge cannot fake "verified".
The badge is origin-bound to the claimed domain; an unverified origin renders a warning, not a checkmark.
If verification expires or is revoked, the badge degrades within the cache TTL.

Fraud prevention

Verified, expired, and revoked states are computed server-side. Displaying a verified badge for a domain that is not actually verified is a fraudulent verification claim and is prohibited and enforced.

Abuse detection

We monitor for impersonation, badge misuse, and abnormal verification activity, and act on reports of fraudulent verification claims.

Responsible disclosure

We support coordinated disclosure. Report issues privately and allow a reasonable remediation window before any public disclosure. We will not pursue good-faith research conducted within our policy.

Vulnerability reporting

Email contact@asquaresolution.com with subject "SECURITY — TrustSeal".
Include description, reproduction steps, affected endpoint, and impact.
See the full policy at /legal/security.

Security roadmap

Signed, verifiable badge attestations.
Continuous re-verification and drift alerts.
A published bug-bounty program.

Security contact

For all security matters: contact@asquaresolution.com.