When we say a lead is exclusive, we can prove it.
You've been burned before. You bought an “exclusive” lead, then watched the merchant tell you four other shops already called. That happens because the seller controls the truth — there's no way for you to check. We changed that. With MerchantSourced, every exclusive lead comes with proof. Real proof. The kind that holds up if you ever sue us.
Think of it like a notary stamp on every lead
When a notary stamps a document, the stamp itself proves the document is real and unchanged. It can't be faked. It can't be quietly redone. Anyone can check the stamp and confirm what it says.
That's what we do for every exclusive lead we sell you. The moment a merchant's application matches your filter and we route it to your inbox, we generate a one-of-a-kind digital stamp — a signed receipt — that says: “This specific lead was sold to this specific buyer at this specific time, exclusively.”
The receipt sits on your delivery alongside the merchant's contact info. You keep it. We keep a copy. Anyone in the world can call our public verification line and confirm that yes, that exact stamp matches the exact lead — or it doesn't.
Four things you can do that you've never been able to do before
“Was this lead actually sold to me exclusively?”
Open your delivery, copy the receipt, paste it into our verifier (one click). You get back “Valid & matches ledger” or you don't. No phone call to support, no “let me check on that.” The math either checks out or it doesn't.
“Did MerchantSourced sell this same lead to anyone else?”
Every lead has a public scoreboard at /audit/<lead-id>. It shows how many buyers received it, when, and whether it was sold as exclusive or shared. If you bought it as exclusive and the count is greater than 1, that's our problem and we eat the cost.
“What happens if you do break exclusivity?”
You get the full purchase price refunded plus another matching exclusive at our cost. No phone calls. No “account credit only.” One click in your dashboard. It's in writing in the buyer agreement and the audit trail makes it impossible for us to dodge.
“Someone leaked my bulk data. Where did it come from?”
Every bulk CSV download has invisible per-row watermarks. If a list of merchants you bought from us shows up on a competitor's call sheet, send us one row and we can name the buyer who leaked it. That's a brick-wall deterrent for the brokers buying our data — they know they're fingerprinted.
Try the verifier right now.
A real signed receipt is pre-loaded below. Click Verify and you'll get back the verification result in real time. Then click Try tampering to flip one character of the signature and watch it fail. This is the same check you'll run on every lead you ever buy from us.
A freshly-signed sample receipt is pre-loaded. Click Verify to confirm the HMAC against our ledger.
The signing secret never leaves our server. The verifier proves a record without needing it: an HMAC mismatch is mathematically impossible to fake without the key, and a record match confirms the row is in our delivery ledger.
Want to see a live audit record from the public side? View the seed lead's scoreboard →
For your engineering team
Brokers can stop reading here. The next part is for the tech people on your end who want to validate it themselves.
How the receipt is actually signed+
On every exclusive sale we compute an HMAC-SHA256 over lead_id | buyer_id | delivered_at | exclusivity using a signing secret that never leaves our server. The signature is sent to you alongside the lead and stored in our delivery ledger.
import crypto from "crypto";
function signReceipt({ lead_id, buyer_id, delivered_at, exclusivity }) {
const msg = lead_id + "|" + buyer_id + "|" + delivered_at + "|" + exclusivity;
return crypto.createHmac("sha256", LEAD_RECEIPT_SECRET)
.update(msg).digest("hex");
}Public audit endpoint+
Hit GET /api/audit/[lead_id] from any backend. The buyer ID is hashed with a separate audit-only secret so the public never doxes who got the lead — buyers can derive the same hash from their own ID and confirm a match.
GET /api/audit/ms_lead_8f3a2c
{
"lead_id": "ms_lead_8f3a2c",
"exclusivity": "exclusive",
"delivered_to_count": 1,
"deliveries": [{
"buyer_hash": "9f41c6d2a0b87e1c",
"delivered_at": "2026-04-29T14:02:11Z",
"bid_won_cents": 12500,
"signature": "ad42f1c8..."
}]
}Server-side verification (no SDK required)+
POST the receipt back to our verify endpoint. We do a constant-time HMAC comparison and check the row against our delivery ledger.
POST /api/audit/verify
{
"lead_id": "ms_lead_8f3a2c",
"buyer_id": "ms_buyer_demo01",
"delivered_at": "2026-04-29T14:02:11Z",
"exclusivity": "exclusive",
"signature": "ad42f1c8..."
}
200 { "valid": true, "matches_record": true }CSV provenance watermarks+
Bulk CSV downloads include a column _ms_provenance with an HMAC of buyer-id + lead-id per row. If one row of a leaked file ever surfaces, we can identify the buyer in seconds.
No more “trust me, it's exclusive.”
Create a buyer account in 60 seconds. Set your filters. Fund your balance. Every lead you ever buy is verifiable from day one.