Source matrix

Every result needs a source, a license posture, and a reason.

PersonFu is structured around a provider catalog rather than blind scraping. Each source is labeled by access model, risk, supported query type, product use, enabled status, and contract requirements before it is allowed to drive paid reports.

Catalog status

server-side source controls

10

total sources

4

active now

3

contract-gated

7

categories

Business records

SEC EDGAR

active

Public company/entity verification, ticker context, and CIK source links.

company

public-api · risk low

Business/entity results only.

Source reference

Public geography

US Census Geocoder

active

Address normalization and public geography validation.

address

public-api · risk medium

Geography validation only; do not imply residency, ownership, or current occupancy.

Source reference

Technical validation

DNS MX/SPF/DMARC

active

Email domain validation and mail-security context.

email

public-dns · risk low

Validates domain posture, not the identity of the email owner.

Technical validation

NANP Numbering Metadata

active

Phone format, area-code, and region context for preview reports.

phone

public-reference · risk medium

Validates number structure, not subscriber identity.

Professional listings

GitHub Public Profiles

staged

Public developer/profile signal discovery and source links.

usernamecompany

public-api · risk medium

Enable with rate-limit handling and strict source labeling.

Source reference

Web mentions

Wikipedia Search

staged

Public notable-entity web mention discovery.

namecompany

public-api · risk low

Useful for public/notable entities; weak for private-person identity.

Source reference

Business records

State Business Registries

staged

Officer/entity lookup where state terms permit display.

companyname

public-web · risk medium

Implement state by state because data fields and reuse terms differ.

Licensed provider

Licensed People Search API

contract gate

Paid-report provider layer after compliance review, contract, and suppression integration.

namephoneemailaddress

contract-required · risk high

Requires vendor agreement, opt-out handling, auditability, and permitted-use review.

Public records

Public Court Indexes

contract gate

Docket/source-link context where legally displayable.

name

public-web-or-contract · risk high

Do not unlock criminal or eligibility-sensitive data without legal review.

Public records

County Property Records

contract gate

Parcel/source-link context where jurisdiction permits commercial reuse.

addressname

public-web-or-contract · risk high

Jurisdiction-specific terms and sensitive address handling required.

Hard limits

What the product will not unlock

  • No SSNs, bank data, credit reports, protected health data, or breached/stolen datasets.
  • No employment, tenant, credit, insurance, lending, or eligibility decisions.
  • No minor reports, stalking, harassment, real-time tracking, or physical-location targeting.
  • No bypassing authentication, paywalls, CAPTCHAs, robots restrictions, or source terms.
  • No claim that validation identifies a phone/email owner unless a licensed provider explicitly permits that use.

Operator path

How a source becomes paid-report capable

  1. 01. Confirm source terms, license, and display rights.
  2. 02. Build an adapter with rate limits, caching, logging, and suppression handling.
  3. 03. Route fields through the privacy policy engine before preview or unlock.
  4. 04. Require permissible-use attestation and Stripe checkout for full reports.
  5. 05. Audit every search, report preview, unlock, abuse block, and removal request.