§ method · v2.7

How we grade — the rubric.

/* one rubric · five pillars · public diff */
every grade re-derived whenever the truth changes.

The rubric, in one paragraph

Every service is scored against five pillars. The pillars are weighted and combined into a single numeric grade (0–10), which maps to a letter code (A+ through F). A separate, orthogonal trust level (LEGIT · TRUSTED · CAUTION · RISKY · SCAM) reflects the operator's reputation and conduct — a service can be technically excellent but still untrusted, and vice versa. A KYC tier (L0 trustless → L5 mandatory) captures what the service asks of a user at sign-up. The three axes are independent on purpose: a high grade alone isn't a recommendation.

The five pillars

  • Privacy (weight 35%) — what the service refuses to ask for, what it stores, what leaks in transit. Scored 0–100.
  • Custody (20%) — whether the user holds funds / keys / sessions, or the operator does. Scored 0–10.
  • Transparency (15%) — open-source backend, published audits, incident reports, change logs. Scored 0–10.
  • Track record (15%) — uptime, incident history, how the operator handled past breaches. Scored 0–10.
  • Operational (15%) — does the thing actually work? Support responsiveness, refund behaviour, edge cases. Scored 0–10.

Grade scale

Numeric scores above 9.2 earn an A+ · 8.5–9.2 earn A · 7.8–8.5 earn A- · 7.0–7.8 earn B+ · 6.2–7.0 earn B, and so on down to F. Grades below 5 typically come paired with a RISKY or SCAM trust level.

Trust levels

  • LEGIT — verified, audited, clean track record, operating for at least two years under the same identity.
  • TRUSTED — reliable, minor caveats documented, under two years public history or closed-source but no incidents.
  • CAUTION — works, but specific risks documented in the review body (e.g., custody model, jurisdiction, dependency).
  • RISKY — notable red flags — proceed only after reading the review in full.
  • SCAM — confirmed fraudulent behaviour, seizure, exit, or sustained misrepresentation. Do not use.

KYC tiers

A separate scale captures what the service asks a user to present at sign-up:

  • L0 · trustless — no account, no identifier beyond a seed / key / session token generated client-side.
  • L1 · anonymous — pseudonymous account (email-or-username, no verification).
  • L2 · discreet — email only, no KYC unless thresholds are crossed.
  • L3 · tiered — progressive: basic use without KYC, elevated use (fiat, high volume) triggers it.
  • L4 · soft — KYC required but light (name + address, no ID upload).
  • L5 · mandatory — full KYC required at sign-up (ID + selfie + proof of address).

Disclosures

No service pays for placement. Affiliate links, when they exist, are disclosed on the review page and never above the fold. Editorial independence is the entire product — inclusion as a reviewed service is never conditional on an affiliate relationship, and placement is never sold.

Corrections policy

Corrections are public, dated, and attached to the review they modify. Grade changes are recorded: old grade → new grade, with the reason in plaintext. Reviews are never silently rewritten — changes live in the corrections log on each page. Operators can request right-of-reply; the response is published in full, labelled as such.

Rubric versioning

The rubric itself is versioned. The current version is v2.7. Breaking changes (pillar weights, new mandatory signals) trigger a version bump and a re-grading pass across affected reviews. Prior versions remain linked on each affected page.