A money model with only one side.
Stackbroker is paid by the demand side — agents and operators subscribe. Providers can't pay us, so they can't tilt us. That is the whole structure: Consumer Reports economics, not Yellow Pages economics. This page is the policy in plain language; the same two rules ship machine-readable in GET /v1/methodology and are enforced by CI tests that fail the build if code ever crosses them.
Providers never pay.
Stackbroker accepts no money from providers. No listing fees. No verification fees. No expedited tiers. No paid placement. No advertising. Probing, claim validation, security scanning, and attestation progression are free — for every provider, at every tier, always.
The only requirements for full verification benefits are two things money can't replace:
- 01
Claim your card
Prove you control the service's domain (well-known file or DNS TXT — the existing claim flow). Your listing then carries your corrections, not our guesses.
- 02
Keep a working connection point
A verified contact channel at your domain (or a registered security contact / webhook) that we can use for re-verification notices, security findings, schema-change confirmations, and incident contact. A card with a stale or bounced connection point can hold
verified, but cannot reach or holdattested— the top tier requires a maintained evidence window and a live channel.
free probing · free claim validation · free security scanning · free attestation progression
Subscriptions buy access, never outcomes.
Agent subscriptions gate request volume, throughput, console features, and support. They never affect scores, rankings, verdicts, attestation tiers, or risk flags. Two different subscribers issuing the identical request get identical decisions — and a CI test issues exactly that pair of requests on every build to prove it.
Outcome-report credits reward telemetry honesty and reduce the reporter's own bill. They do not buy influence: reports are de-duplicated, quality-weighted, and feed evidence the same way regardless of who reports.
How the rules are kept
| Invariant | Enforcement |
|---|---|
providers_never_pay | No provider-billing tables or foreign keys exist in the schema; CI runs a static isolation check and a behavioral test asserting provider records carry no billing linkage. |
subscriptions_buy_access_not_outcomes | Scoring/attestation/scanning modules have no import path or query access to billing tables; CI runs a static import check plus a behavioral test comparing decisions across subscription tiers. |
Neutrality you can verify: a published methodology, signed audit anchors, and a money model with only one side. The scoring, attestation, and scanning code has no import path to billing data — the build fails if anyone adds one.