Independent forensic diligence

Trust,
but verify.

We independently verify a target’s revenue, users, web presence, and founders — re-derived from raw signals, not the numbers in the data room.

Read the methodology Book a 20-min call

72-hour turnaround/independent/signed evidence pack

Cross-validation live

Illustrative. Real engagements re-derive every figure from source data.

Signals in:
  • Stripe
  • Reddit
  • SerpAPI
  • Wayback
  • CourtListener
  • OpenSanctions
  • OpenCorporates
  • Email

The problem

The data room is full of claims, not facts.

01

Metric fraud is real, and prosecuted

HeadSpin’s founder went to prison for overstating ARR ~8×. A company marked at $1.16B fire-sold for $28M once the fraud surfaced. Numbers in a deck are assertions until someone re-derives them.

02

Agents are polluting the funnel

Automated browser agents now generate a fast-growing share of "user" traffic. User counts built on bot sessions — and signup lists padded with undeliverable emails — look healthy and mean nothing.

+7,851% agent traffic, YoY1

03

Mid-tier funds have no forensic step

Large funds run six-week quality-of-earnings reviews. Growth-stage funds move faster — and rarely get an independent, forensic read on whether the metrics are real.

The deliverable

A signed verdict, not a vibe.

  • Signed evidence pack

    Every finding ships in an Ed25519-signed pack with a content hash — tamper-evident and independently verifiable.

  • Claimed-vs-verified verdict

    A line-by-line reconciliation of every headline metric, plus a single red-flag score you can drop into an IC memo.

  • 72-hour turnaround

    Forensic depth on a diligence clock. Not a six-week QoE — a fast, independent read before you wire.

Heron · evidence pack v1

Verdict

Material discrepancy RED FLAG

Red-flag score

78/100

  • Revenue8× claimed
  • Real users−66%
  • Founder screen2 flags
Ed25519 · 9f3a…c1d4 signed · verified bytes

How it works

Five stages from raw signal to signed verdict.

  1. 01

    Connect raw signals

    The target installs a one-line snippet and connects Stripe. We pull independent ground-truth they can’t retroactively edit — plus their public web footprint.

  2. 02

    Re-derive revenue

    We reconstruct recognized revenue from raw Stripe events — independent of the ARR on the slide.

  3. 03

    Authenticate the user base

    We classify every session human vs. agent and test signups for deliverability and email-entropy. Bots and fake accounts never count as users.

  4. 04

    Screen presence & founders

    We screen web presence — Reddit, search, backlinks — and run founders against court records and sanctions lists.

  5. 05

    Scan & sign

    We check the data against known tampering signatures, then issue a claimed-vs-verified verdict, a red-flag score, and a signed evidence pack.

Presence & people

We map what’s not in the data room.

Web presence mapping
187 signals crawled2 flags
Founder screen screening
4 sources checked2 flags

Illustrative. Every node resolves to a cited source in the signed evidence pack.

Why independent

We work for you. Not the founder.

Friendly aggregators

Take the company’s own numbers, format them, and hand them back. The target is the customer — so the metrics are never adversarially tested.

Heron

Re-derives the numbers from raw signals the founder can’t retouch, then tells you exactly where claimed and verified diverge. Adversarial by design.

Before you commit

Know what’s real before you wire.

Forensic verification in 72 hours.

Read the methodology Book a 20-minute call