Data + cyber, together-first · an evolving philosophy

Bad data is the failure mode
that kills market intelligence.

We are a data-and-cybersecurity-together-first company. Most market intelligence platforms bolt security on after launch; we are building the integrity layer in lockstep with the data layer, on day one. We still will not be perfect — which is why this page also has an idea box for anyone in the community who spots something we should do better.

What we have today · what we are building · what we will not promise · what you can help us see

We do not believe in security as a badge you buy after launch from a third party. We believe in security as a posture you build into the product on day one — and keep building, because the threat model never sits still. This page describes that posture honestly: where we are strong, where we are still wiring things up, and where we will never claim certainty.

Five layers, native to the product

Not bolted on. Not licensed.
Layer 01

Source tiers

Every domain we ingest from is classified — official brand source, industry trade press, aggregator, user-generated, or unknown. Tier determines what a single source is allowed to claim. A forum post never weighs the same as a brand's own press release.

Layer 02

Cross-tier quorum

A datapoint is only marked 'verified' when it is backed by at least two independent sources from at least two different trust tiers, within a rolling window. Sources that share a registrant, host, or template count as one source — not two.

Layer 03

Anti-poisoning detectors

Before any extracted record reaches the database, we screen for prompt injection inside scraped pages, statistical outliers, geographic impossibilities, suspicious confidence-vs-evidence mismatches, and coordinated bursts across low-trust sources. Critical hits block ingestion outright.

Layer 04

Tamper-evident audit

Every promotion, rejection, source-tier change and dispute is written to a hash-chained log: each entry's hash is derived from the previous entry's hash. A daily Merkle root summarises the day. Silent edits become detectable, not invisible.

Layer 05

Right to correct

Any brand or boutique can dispute a fact about themselves. Disputed datapoints are auto-quarantined pending review. We would rather show you nothing than show you something wrong about your own business.

Lineage on every datapoint

Every published number in the terminal is one click away from the raw runs that produced it, the sources that corroborated it, and the audit-chain entries that prove it has not been silently edited since.

The threat model · plain language

Who tries to poison a data layer like this — and how.

Competing brand
Creates fake stockist pages, planted reviews, or astroturfed forum threads to inflate distribution and sentiment.
Black-hat content farm
Spins up dozens of look-alike sites with the same scraped content, hoping to count as multiple 'independent' sources.
Disgruntled actor
Bot-floods reviews of a single boutique to swing the bridal sentiment barometer in one direction.
Prompt-injection attacker
Hides instructions inside a scraped page meant to hijack the LLM extractor into writing false records.
Lazy aggregator
Scrapes other aggregators' guesses and republishes them as fact, creating echo-chamber 'corroboration'.
Honest mistake
A brand updates its site, an old fact becomes wrong, and silently outdated data is just as harmful as poisoned data.
What we will not promise

The honest list.

  • That every datapoint in the map is true. We are running probabilistic systems on adversarial inputs.
  • That detectors catch every poisoning attempt the first time. Adversaries adapt; we adapt back.
  • That a third-party SOC 2 badge means anything we are not also doing in code. Posture is what protects you, not paperwork.
  • That AI extraction is infallible. Models can be tricked. That is exactly why we built the quorum and the audit chain on top.

Anyone selling you certainty in adversarial AI systems is selling you a badge, not a defence. We would rather tell you exactly what we have built, what we have not, and what we are working on next — and let you judge.

Found a fact that is wrong about you?

Brands and boutiques have a standing right to dispute anything we publish about them. Disputed datapoints are quarantined automatically while we review.

Submit a correction
Idea box · community good

Spot something we
should do better?

Security is a community sport. If you see a class of attack we have not described here, a detector you would build differently, or a transparency promise we are missing — drop it in the box. We read every one. We will follow up if you leave an email.

No NDAs · no bug-bounty paperwork · just useful ideas
0 / 4000