You're reading other people's reviews to make a decision. You deserve to know exactly how we verify them — step by step, in plain English.
On most review platforms, anyone can write anything. There's no check. You could sign up right now and leave a fake 5-star review for a company you've never used.
TruthWall takes a completely different approach. We securely sync with the business's payment system (Stripe). The business owner can only invite customers from this verified list of real, paying users.
When a customer writes their review, they must verify their identity using a secure One-Time Password (OTP) sent to their email. If they can't verify ownership of that email, they cannot submit a review. No exceptions.
Here's exactly what happens behind the scenes, from the moment a review is submitted to the moment you see it published on the wall.
The business owner grants TruthWall a secure, read-only connection to their Stripe account. This acts like a private bank feed—we instantly sync a secure list of their genuine, paying customers into a dashboard.
From their TruthWall dashboard, the business owner selects real customers to invite. TruthWall dispatches secure review invitations exclusively to the email addresses associated with those successful payments.
When a customer clicks the link to write their review, TruthWall sends a secure Personal Code (OTP) to their email. Submitting this code guarantees that the person writing the review securely owns the email address that made the purchase.
We apply SHA-256 cryptographic hashing—the same mathematical standard used by governments—to the reviewer's verified email, Stripe payment ID, and the review text. This locks everything into a unique, immutable digital signature.
Every verified review receives a public certificate containing the verification hash, masked customer email, and payment timestamp. This allows anyone to independently check the proof without exposing private financial data.
Every verified review has a public "Verification Certificate" page anyone can visit. Here is what you can independently confirm from it:
Reviewers are invited from verified payment records
Business owners can only send invitations to emails that appear as successful payments in their Stripe account. There's no way to invite someone who hasn't paid.
Identity is verified via One-Time Password
Reviewers must enter an OTP sent to their verified email at the time of submission, proving they genuinely own the inbox associated with the purchase.
The review content is cryptographically locked
If the review text is mathematically altered after the fact, the cryptographic hash breaks — making tampering physically impossible.
No. Because we verify strictly against the business's Stripe account. Even if the business owner tries to invite a personal email, that email must appear as a paying customer in Stripe — meaning they would have had to process a real payment through their own account to themselves, paying processing fees.
No. Because we require a One-Time Password (OTP) sent securely to the email address on file at the exact moment of submission. A friend would need live access to the true customer's actual inbox to complete the verification flow.
No. The SHA-256 cryptographic hash is computed from the exact review text at verification time. Any change to even a single character would produce a completely different hash, making it instantly detectable that the review was tampered with.
Every certificate references the specific Stripe Account ID of the merchant. This means any certificate without a matching, real Stripe account behind it would be immediately detectable. We also encourage businesses to share their Stripe account identity so skeptical customers can cross-reference it directly with Stripe.
Proving a review is real does not mean exposing the reviewer's identity or finances. Here's what we deliberately keep private:
We never reveal anyone's full email address
We show a masked version like `j***@gmail.com` — enough to confirm it's a real email, not enough to identify the person.
We never reveal the exact amount paid
We verify that a payment happened, but the specific dollar amount is kept private. It's nobody's business but the customer's.
We cannot read your bank account
Stripe's restricted API keys are read-only and scoped only to customer and charge records. There is no pathway for us to move money.
Every verified review on TruthWall has a public certificate you can inspect yourself. Click the “View verification proof” link on any verified review to see the full cryptographic evidence.
Explore TruthWallBuilt with transparency by TruthWall — Questions? hello@truthwall.co