Trust center

Trustworthy data starts with
honest sourcing.

We document every data source, every validation step, and every place we're uncertain. If our data is going into compliance workflows and warranty decisions, you need to know exactly where it comes from.

Data sources

Every source, listed.

We don't use AI training data for safety-critical fields. Every recall, every serial decode, every manual URL comes from a primary source we can point to.

Government
Verified Government Safety Databases
Primary source for all US appliance recalls. We query the live government safety APIs — not a cache or third-party aggregator. Updated within minutes of a new issuance.
Verified verified government recall APIs
Government
North American Safety Database
Canadian safety recall database. Many appliance recalls are Canada-only and never appear in official safety databases. Essential for any North American coverage claim.
Verified verified government recall APIs
Government
International safety databases
European rapid alert system for dangerous products. Catches recalls that originate in Europe before they reach North American databases.
Verified international recall APIs
OEM
OEM Brand Databases
Official manufacturer spec databases — model names, categories, product images, and configuration data. Direct from the brand, not third-party aggregated.
Per-brand official sources
OEM
OEM Service Manuals
Every manual URL is programmatically tested to confirm the PDF loads before we return it. No dead links, no third-party re-hosts. We retest weekly.
Manufacturer support portals
AI-assisted
Serial Number Decoders
Brand-specific encoding tables built from official spec sheets. AI-assisted for new brands — but validated against known serials before going live. Never pure AI inference.
Internal decoder library
How we validate

Five layers. Not one.

Brand identification — the foundation of every lookup — goes through five independent validation layers before we return a result.

1
Model number pattern matching
Brand-specific model number prefix patterns — e.g., WRF = Whirlpool, RF = Samsung, GTS = GE. First layer, fast, high recall.
2
OEM database lookup
Cross-reference against our 21,000+ record master appliance database. If it's in the DB with a confirmed brand, that's authoritative.
3
Serial number brand prefix decode
Many serials embed the brand — a Samsung serial starting with 0H is from Samsung, not a model that Samsung makes for another brand.
4
safety recall cross-reference
If official safety databases has an active recall for this model number, the brand in that recall record is authoritative. Government source wins.
5
AI disambiguation (LOW confidence)
If the first four layers conflict or fail, AI makes a best-effort attempt and returns LOW confidence. We flag it explicitly. You know not to rely on it for compliance.
Confidence scoring

Every field tells you
how much to trust it.

LevelWhat it meansWhen to act on it
HIGHSourced from an authoritative government or OEM database. Cross-validated by at least 3 independent agents.Safe for compliance, warranty decisions, and audit-required workflows.
MEDIUMSourced from one authoritative source. Validated by 1–2 agents. Minor uncertainty in one or more fields.Appropriate for operational decisions. Review manually for high-stakes compliance use.
LOWInferred or partially matched. May be based on pattern matching or AI disambiguation with limited cross-validation.Flag for human review before using in any compliance or financial context.
nullWe could not determine this field. The sources we checked returned no usable result.Do not infer. Surface to the user for manual entry or alternative lookup.
Security

Built for production
from day one.

🔐
Encryption in transit
All API traffic encrypted over TLS 1.3. HSTS enforced on all endpoints. No plaintext data transmission anywhere in the pipeline.
🗄
Encryption at rest
All stored data encrypted at rest using AES-256. API keys are hashed before storage — we cannot recover your key if you lose it.
🔑
API key security
Per-environment API keys. Separate dev and production keys. Key rotation available at any time from your dashboard. Keys never logged in plaintext.
📋
SOC 2 roadmap
SOC 2 Type II audit in progress. Expected completion Q4 2026. Contact us for a pre-certification security questionnaire response.
📄
DPA available
Data Processing Addendum available for Business and Enterprise customers. Request via the contact page. We process data in the US only.
🐛
Security disclosure
Found a vulnerability? Email security@applianceiq.com. We respond within 24 hours and credit responsible disclosures in our changelog.
All systems operational
99.97% uptime last 90 days · Last incident: none
View status page →

Questions about
data or security?

We're happy to walk through our sourcing methodology, share our security docs, or provide a custom DPA.