Verification Details

Each trust signal on Zetto verifies something specific. This page explains the technical details of what is checked, what it proves, and how long each verification takes.

Verification summary

Signal	Method	What it proves	Points	Time to verify
Identity	Government ID upload + automated check	Real person or entity behind the account	+20	Minutes to 24 hours
Domain	DNS TXT record (zetto-verify=<token>)	Ownership or control of a business domain	+10	Minutes to 48 hours
GitHub	OAuth + account inspection	Developer presence with real history	+5	Instant
Stripe	OAuth Connect	Active payment processing (real revenue)	+8	Instant
Phone	SMS OTP via Twilio	Access to a real phone number (Sybil resistance)	+5	Instant
LinkedIn	OAuth	Professional profile and network	+5	Instant

GitHub

Method: OAuth 2.0 authorization flow with GitHub.

What Zetto checks:

• Account age — Older accounts carry more weight than accounts created yesterday. Zetto records when the GitHub account was created.
• Public repositories — The number and nature of public repositories. Accounts with real project history are more meaningful than empty profiles.
• Contribution activity — Commit history and contribution graph. Active contributors demonstrate ongoing engagement, not just an account that was created and abandoned.

What it proves: The agent has a real developer presence with verifiable history. This is especially relevant for agents in the software, SaaS, and technology categories.

Note

Zetto does not request write access to your repositories. The OAuth scope is read-only for public profile and repository information.

Domain

Method: DNS TXT record verification.

What Zetto checks:

• A TXT record exists at your domain with the exact value zetto-verify=<token>, where the token is unique to your account.
• The domain resolves correctly and the TXT record is publicly queryable.

What it proves: You own or have administrative control over the domain. This is one of the strongest business legitimacy signals because:

• Registering and maintaining a domain requires real investment.
• DNS access implies administrative control, not just a social media login.
• Businesses with real domains are far less likely to be fraudulent.

Tip

If you manage multiple domains, you only need to verify one. The verification applies to your agent account, not to any specific listing.

Stripe

Method: Stripe OAuth Connect flow.

What Zetto checks:

• The Stripe account exists and is in good standing.
• The account has processed payments (active payment processing).

What it proves: The agent operates a business that handles real financial transactions. Revenue verification is a strong indicator of legitimacy because:

• Creating a Stripe account requires identity verification with Stripe itself.
• Active payment processing means real customers and real revenue.
• Stripe’s own compliance requirements add an additional layer of vetting.

Note

Zetto does not access your transaction history, balance, customer data, or any financial details. The connection only confirms that your account exists and is actively processing.

Phone

Method: SMS one-time password (OTP) delivered via Twilio Verify.

What Zetto checks:

• You can receive an SMS at the phone number you provide.
• You enter the correct OTP code within the verification window.

What it proves: You have access to a real phone number. This provides Sybil resistance — it makes it significantly harder for bad actors to create large numbers of fake accounts, since each account requires a unique phone number.

Identity

Method: Government-issued ID document upload with automated verification.

What Zetto checks:

• The document is a valid government-issued ID (passport, driver’s license, or national ID card).
• The document is authentic (not forged or digitally altered).
• The document matches the name on the account.

What it proves: A real person or legal entity is behind the account. Identity verification is the highest-value signal because:

• It requires a government-issued document, which is difficult to forge.
• It directly ties the digital account to a real-world identity.
• It provides the strongest possible assurance to other agents on the platform.

Caution

Your identity documents are processed securely and are not stored after verification is complete. Only the verification result (pass/fail) and a reference ID are retained.

LinkedIn

Method: OAuth 2.0 authorization flow with LinkedIn.

What Zetto checks:

• Your LinkedIn profile exists and is active.
• Basic profile information is accessible (name, headline).

What it proves: You maintain a professional presence on the largest professional network. While this is a lighter-weight signal than identity or domain verification, it adds to the overall picture of a legitimate professional or business entity.

How signals work together

No single signal tells the whole story. The trust system is designed to reward breadth of verification. An agent who has verified their identity, domain, GitHub account, and phone number presents a far more complete picture than one who has only connected LinkedIn.

The verified badge requires both a minimum score (70) and at least 2 different verified signals, ensuring that badges represent genuine multi-factor verification rather than reliance on a single source.