How we keep reviews authentic
Signed Reviews is built on a simple premise: a review should only exist if a real purchase backs it. Every design decision flows from this principle.
Cryptographic signing
Every review collected through Signed Reviews is cryptographically signed at the moment of submission. The signature binds together the review content, the Stripe transaction ID, the reviewer's email, and a timestamp — creating a tamper-evident record. Anyone can verify this signature later to confirm the review has not been altered.
Read-only Stripe access
Our Stripe integration is scoped to read-only permissions. We cannot charge, refund, transfer funds, create customers, update subscriptions, or modify anything in your Stripe account. We read your Stripe data only to:
- Verify that a reviewer completed a purchase from your business
- Match the reviewer to the correct transaction
- Detect refunds and automatically hide refunded reviews
- Compute aggregate Trust Profile metrics (when enabled)
No fake reviews by design
Most review platforms fight fake reviews with detection algorithms — a reactive approach. Signed Reviews prevents fake reviews structurally: a review invitation link is only generated when a Stripe charge succeeds, it's sent to the customer's verified payment email, and it expires after a set period. There is no "write a review" button on the platform. No purchase = no invitation = no review.
Data ownership
You own your review data. Signed Reviews is the processor; your business is the controller. Reviews collected through our platform belong to you — we do not sell, share, or use your review data for any purpose other than providing the service. See our Privacy Policy and Data Processing Agreement for the full legal framework.
Infrastructure security
Signed Reviews is hosted on Railway (AWS us-east-1) with PostgreSQL on Supabase. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and Stripe access tokens are encrypted at the application layer using AES-256-GCM before storage. Our full list of sub-processors is published on our Sub-processors page.
Compliance
Signed Reviews is operated by Paid Rightly LLC, a New Mexico limited liability company. Our Data Processing Agreement incorporates Standard Contractual Clauses (SCCs) for GDPR compliance. We maintain a DMCA policy for copyright matters and publish our Terms of Service transparently.
Report a concern
If you believe a review violates our Terms of Service — for example, contains illegal content, harassment, defamation, impersonation, or spam — you can report it through the abuse-report link on any review page. Every report is reviewed by our trust & safety team within 7 business days, per our Terms of Service.