Trust score methodology
The inputs, weights, and limits behind the score shown on every service record.
What the score is
Every service record carries a trust score displayed out of 100. The score summarizes recorded privacy exposure: what a service requires at signup, how its sources check out, which jurisdiction it answers to, and how recently the record was reviewed. It is computed from the same fields shown on each provider page, so any score can be traced back to its record. A score is an editorial signal, not a guarantee.
Inputs and weights
The score is computed in one pass from six recorded fields. The exact arithmetic:
- Baseline. Every service starts at 82 points.
- KYC level. Minus 10 points per recorded KYC level, from level 0 (no identity requirement) to level 4 (identity checks on every account). Threshold-based and optional checks sit between.
- KYC tier. A light-KYC posture subtracts a further 2 points; a full-KYC posture subtracts a further 10. A zero-KYC posture subtracts nothing.
- Source verification. A record whose sources are verified adds 5 points. A record marked caution subtracts 15, an unvetted record subtracts 25, and a record with a material warning subtracts 50.
- Audits. A recorded independent audit adds 5 points, regardless of how many audits are on record.
- Jurisdiction. Incorporation in a Five Eyes country (United States, United Kingdom, Canada, Australia, New Zealand) subtracts 20 points.
- Review freshness. A record checked within the last 14 days adds 5 points; within the last 60 days, 2 points. Older reviews add nothing.
- Limits. The result is clamped between 10 and 99. No service displays 0 or 100.
What the score does not mean
- Not an endorsement. A listing is a record, and a high score is a summary of that record, not a recommendation.
- Not a security audit. Cunicula does not test cryptography, infrastructure, or operational security.
- Not a legality or solvency assessment. The score says nothing about whether a service is lawful to use in a given country or whether funds held with it are safe.
- Not an accusation. A low score usually reflects recorded identity requirements, weak transparency, or jurisdiction risk, not proven misconduct. Material warnings, where they exist, appear separately on the record.
Inputs not currently scored
Some properties are recorded or discussed on service pages but do not change the score today: open-source status, audit scope and recency, payment anonymity, data retention detail, fees, and operational track record. If the formula changes, the change and its date will be recorded on this page.
Where the inputs come from
Each field is set during editorial review of provider documentation: signup and KYC requirements from the provider's own terms and verification pages, jurisdiction from incorporation records with a recorded confidence level, audits from published audit reports, and source verification from checking the record's citations. Review dates are shown on every provider page as last checked and last reviewed. The checklist behind these reviews is described in How to Vet Any Privacy Tool Before You Trust It.
Corrections
A factual error in a service record is corrected on the record itself, and the review date updates with it. Reports are accepted through the channels linked in the site footer. When a correction changes a score input, the score changes with it. The formula itself changes only with a dated note on this page.