Skip to content
CertScore logoCertScore

Trust & Security

Last updated: February 2026

CertScore exists to make professional credentials provable. That only works if the system itself is trustworthy. This page explains every layer of security, anti-gaming protection, and abuse prevention built into CertScore, from cryptographic verification to AI-powered moderation.

🔒

Cryptographic Credential Verification

SHA-256 Email Hash Verification

When you add a Credly or Accredible credential, we don't just check that it exists. We cryptographically prove it belongs to you. Your account email is hashed with SHA-256 (using the badge assertion's salt) and compared against the recipient hash stored by the credential provider. If the hashes match, ownership is mathematically proven. The email comes from your verified authentication token, not the request body, so it cannot be spoofed.

Fail-Closed on Mismatch

If the hash doesn't match, the credential is saved as self-reported with 0 leaderboard points. There are no exceptions. You cannot earn points from someone else's certification.

Name-Based Verification (Fallback)

For providers without OBI email hashing (such as EC-Council), we perform fuzzy name matching by normalizing and comparing the name on the credential against your profile. A mismatch results in rejection. A match results in self-reported status (0 points), since name matching alone is not cryptographic proof.

🤖

AI-Powered Fraud Detection

When you upload a PDF or photo of a credential, it passes through a 6-layer validation pipeline before anything is added to your profile:

  1. 1File size gate: 5 MB maximum.
  2. 2Document classification: AI determines whether the upload is actually a credential. Selfies, receipts, screenshots, and non-IT documents are rejected outright.
  3. 3Confidence scoring: Below 40% confidence: rejected. Between 40-80%: escalated to a more powerful AI model for a second opinion. Above 80%: accepted.
  4. 4Issuer & domain validation: Checked against 200+ known IT certification issuers and 500+ IT domain keywords. Non-IT credentials are rejected.
  5. 5Tier classification: 5-tier system (Foundational, Associate, Specialty, Professional, Expert) with keyword-based rules. Prevents credential inflation.
  6. 6Identity verification: The name on the extracted credential is compared against your profile. Mismatches are rejected.
🏆

Leaderboard Anti-Gaming

  • Only verified credentials count. Self-reported, pending, and expired credentials award 0 points. No exceptions.
  • Location change cooldown (30 days). You cannot hop between countries or regions to top smaller leaderboards.
  • Alias change cooldown (30 days). Prevents rapid identity switching.
  • Identity lock after verification. Once you have any verified credential, your name is permanently locked. You cannot change identities to claim different people's certifications.
  • Expired credentials auto-excluded. A daily job checks expiry dates and recalculates points. Expired certifications drop to 0 points immediately.
🛑

Duplicate & Fraud Prevention

Every credential submission is checked against 4 layers of duplicate detection:

  1. Exact URL match: checks both badge URL and Credly-specific URL fields
  2. Issuer + credential name match
  3. Abbreviation awareness: "CISSP" matches "Certified Information Systems Security Professional"
  4. Database constraint: a unique index on (user, issuer, credential name) serves as the final safety net

Smart renewal logic: If an existing credential has expired and you submit a new one with a different expiry date, it's treated as a renewal (update), not a duplicate. This prevents gaming via re-adding while supporting legitimate recertification.

Rate Limiting

Every user-facing action is rate-limited with a two-layer defense: client-side pre-checks prevent wasted requests, and server-side enforcement via PostgreSQL is the authority. All limits use rolling windows (not calendar-hour resets).

ActionLimitWindow
PDF / image scans4per hour
Badge verifications15per hour
Credly profile imports3per day
Abuse reports5per day
👁

Content Moderation

Alias & Name Moderation

Every alias and name change is checked by AI for profanity (including creative spellings), hate speech, impersonation of official accounts, sexual content, threats, and PII. Format validation runs first (only alphanumeric characters and underscores are allowed), so obvious violations are caught before the AI call.

Avatar Moderation

Profile images are classified by AI vision. If the primary model is uncertain (50-80% confidence), it escalates to a more powerful model for a second opinion. Below 50% confidence results in an instant rejection. Nudity, violence, hate symbols, and drug imagery are blocked.

Moderation Logging

All moderation decisions are logged with timestamps, confidence scores, and reasons. This data is only accessible to administrators and is never exposed to users.

📑

Audit Trail & Monitoring

  • Complete audit log. Every significant action (credential additions, deletions, renewals, profile updates, verification results, moderation decisions, and reports) is logged with timestamps and metadata.
  • Real-time alerting. Audit events trigger immediate notifications to our operations team for rapid incident response.
  • Error tracking with breadcrumbs. Server-side errors are captured with full context trails showing exactly what happened before a failure, enabling rapid diagnosis without exposing sensitive data.
  • 24/7 uptime monitoring. Our infrastructure is continuously monitored via our status page.
🗃

Infrastructure Security

  • Row Level Security (RLS) on every database table. Audit logs and moderation logs have zero access policies, so only service-level operations can read them. Users cannot access or tamper with audit trails.
  • Server-side JWT validation in every server function, checking token revocation and session validity as defense-in-depth.
  • Error message sanitization. Internal error details (stack traces, database schema, API keys) are never exposed to clients. Only pre-approved safe messages are returned to users.
  • Security headers. HSTS, X-Frame-Options, Content-Security-Policy, Referrer-Policy, and Permissions-Policy are enforced on every response.
  • User ban system. Accounts flagged for abuse are blocked from actions and hidden from public-facing pages.
🕵

Privacy by Design

  • Public profiles are alias-based. Your real name is never shown on public profile pages. Only your alias and verified credentials are visible.
  • Verification pages are not indexed. Recruiter-facing verification links (which include your name) are marked noindex to prevent search engine discovery.
  • PII-safe error tracking. Our monitoring uses boolean flags (e.g., "has email: yes/no") instead of actual personal data. No emails, names, or IP addresses are stored in error tracking systems.
  • No sensitive data storage. CertScore does not collect or store social security numbers, credit card information, government IDs, or any data beyond professional credentials.

For full details, see our Privacy Policy.

🚨

Report Abuse

If you suspect fraudulent credentials, leaderboard manipulation, or any other abuse, you can report it directly from the app. We support 5 report types:

  • Credential inaccuracy
  • Credential fraud
  • Leaderboard abuse
  • Account concern
  • General feedback

Reports are rate-limited (5 per day), deduplicated to prevent spam, and you cannot report your own credentials for fraud. Every report is reviewed by our team.

🏠

Nonprofit & Independent

CertScore is built and maintained by V2C Inc, a 501(c)(3) nonprofit. We have no commercial interest in favoring one credential provider over another. Our verification standards are based solely on what each provider's technology allows us to prove.

Questions about security or verification?

[email protected]