Informational only. Not medical advice.INFORMATIONAL PLATFORM ONLY — NOT MEDICAL ADVICE, DIAGNOSIS, OR TREATMENT
Informational only. Not medical advice.INFORMATIONAL PLATFORM ONLY — NOT MEDICAL ADVICE, DIAGNOSIS, OR TREATMENT
How we build trust scores, source pricing, analyze compliance, and keep editorial content independent from affiliate revenue.
Disclosed Labs exists because the peptide industry has an information problem. Most “review” sites are vendor-funded affiliate marketing. Most vendor COAs are unverifiable. Most compounding pharmacy directories are pay-to-play listings. We built this platform on the opposite premise:
Every vendor trust score is computed deterministically from the vendor’s published COAs. Four sub-scores, fixed weights, no manual overrides, no paid placement. Same COA fed in twice always produces the same score.
| Component | Weight | Signal |
|---|---|---|
| Avg purity | 30% | HPLC purity across published COAs, normalized through a piecewise curve (99% → 95, 95% → 60, 90% → 30). Honest about how peptide purity actually behaves. |
| Safety panel coverage | 40% | Fraction of the required panels reported across each peptide. The required panel set is form-aware (v12) — sterile injectable powders are scored against a different panel than oral capsules. Identity is graded (mass-spec/FTIR full credit, HPLC retention- time half credit). Aggregated per (peptide, form) so vendors who split tests across multiple single-panel reports get credit for full coverage. |
| Lab corroboration | 15% | Lab + vendor mirror upload → 100. Lab-confirmed → 90. Named lab identified but unverified → 75. Lab unresolvable from the COA → 50. Lab-disputed → 0. |
| Forgery signals | 15% | Inverse of CoaFlag count: cross-vendor lot collisions, cross-peptide lot collisions(same lot # spans 2+ different peptides at the same vendor — pharmaceutically impossible since a lot is one batch of one compound), perceptual-hash collisions, suspiciously narrow lab variance, claim-not-tested mismatches. |
Each sub-score is 0–100. Composite is rounded to an integer and then multiplied by the identity-verification multiplier described below. Letter grade by fixed thresholds on the final applied score: A (90+), B (80–89), C (70–79), D (60–69), F (below 60).
Why most vendors score low. Most peptide vendors’ COAs don’t include the full safety panel — HPLC purity is common, but USP <61> microbial, heavy-metals testing, and net peptide content (mg per vial) often aren’t ordered from the lab or disclosed on the report. Without lab-confirmed authorship, corroboration tops out at 75/100. The score reflects what’s actually on file, not how good the vendor is in the abstract.
The required safety panel depends on the product’s dosage form. Endotoxin (USP <85>) and sterility (USP <71>) are critical for parenteral products (lyophilized injectable powders, pre-mixed injectables) because lipopolysaccharides cause pyrogenic reactions when introduced directly into bloodstream. They’re not applicableto oral capsules, tablets, or troches — the GI tract handles endotoxin without systemic exposure, and USP explicitly applies these chapters only to parenteral preparations.
Conversely, residual solvents (USP <467>, ICH Q3C) matter for solid oral dosage forms where ethanol, methanol, acetonitrile, IPA and similar manufacturing solvents need to be quantified, but don’t apply to lyophilized injectables where the reconstitution diluent is added separately at the point of use.
| Product form | Required safety panel (in addition to identity) |
|---|---|
| Lyophilized injectable (default) Liquid injectable | Endotoxin (USP <85>), microbial/sterility (USP <61>/<71>), heavy metals (USP <232>/<233>), net content |
| Capsule / Tablet | Microbial (USP <61>/<62>), heavy metals (USP <232>/<233>), residual solvents (USP <467>), net content |
| Troche / sublingual | Microbial, heavy metals, residual solvents |
| Liquid oral | Microbial, heavy metals, net content |
| Topical | Microbial, heavy metals |
| Bulk API powder | Microbial, heavy metals, residual solvents |
Form is set by the vendor at upload time (Manage → Upload COAs → Product form). Default for unspecified is LYOPHILIZED, which matches the dominant peptide vendor product.
Why this matters. A vendor who runs the full pharmacopoeia-appropriate panel for a capsule (microbial + heavy metals + residual solvents + identity + net content) shouldn’t be penalized for “missing” endotoxin testing that the USP itself says doesn’t apply. The v12 rewrite was prompted by vendor feedback from OROS Research and validated against their analytical partner’s ISO/IEC 17025 testing program.
The trust score above answers “do their COAs hold up?” A separate question is “are they actually a real business?”— those are different things and a vendor with strong COAs but a paper identity shouldn’t be conflated with a vendor that has both.
Every vendor in the index is independently crawled for identity signals — WHOIS domain registration, phone-line classification via Twilio Lookup, and address verification via Google Places. The result composes into a multiplier (range 0.21×–1.00×) applied to the composite. Identity is a filter, not a bonus (v2.4, 2026-05-23): a vendor with clean identity gets to keep their full raw composite — never a boost above it. Fly-by-night patterns dock the score; entirely self-attested document corpora hit the floor.
| Signal | Δ | What we check |
|---|---|---|
| Veteran domain | +0.04 | Domain registered 5+ years ago (RDAP). Real businesses rarely have brand-new domains; 5 years is a meaningful track record. |
| Full identity on file | +0.03 | Phone, physical address, and legal business entity all published. |
| Clean presence | +0.03 | No Private Mailbox address AND no non-fixed VoIP phone. |
| Lab-confirmed | +0.02 | ≥50% of COAs are formally lab-confirmed via the issuing lab’s verification flow or admin-confirmed out-of-band. |
| PMB address | −0.08 | Registered address resolves to a UPS Store, PostNet, iPostal, Anytime Mailbox, Regus, executive-suites building, registered-agent service, or another known Private Mailbox provider via Google Places. |
| Non-fixed VoIP phone | −0.04 | Phone classifies as Google Voice / Skype / Twilio- purchased per Twilio Lookup. Small businesses legitimately use these for SMS support so the penalty is light. |
| New domain | −0.06 to −0.12 | Domain < 12 months old (−0.06) or < 6 months (−0.12). |
| Phone country mismatch | −0.05 | Phone country (from Twilio) doesn’t match the declared address country. |
| Missing core identity | −0.03 each | No phone, no physical address, or no legal business entity published. |
| Lab killshot | ×0.30 | Fewer than 10% of COAs reference any recognized lab in our Lab table. Triggers when the document corpus is entirely self-attested or attributed to unknown organizations — the Cenexa-class signal. |
The identity factor floors at 0.70 and ceilings at 1.00 from individual signals. The lab factor is a separate multiplier (0.30 to ~1.02). Final = identity_factor × lab_factor, clamped to [0, 1.00]. Bonus signals (veteran domain, full identity, clean presence, lab-confirmed) still exist — they offset penalties, but cannot push the multiplier above 1.00. Composite trust score is multiplied by this before grade assignment.
Admin overrides. For two specific signals where the detector is known to false-positive on real-business edge cases — PMB classification on dense commercial buildings, and lab-confirmation on COAs from labs that use real third-party labs but haven’t enrolled in our formal verification flow — admin overrides exist with full audit trail. Every override carries a written reason on the vendor row; the override and reason are visible on the vendor profile.
Scoring methodology v13 (2026-05-23): fixed a per-COA composite reconstruction bug in the vendor rollup that was threading critical flag counts through as warning counts, so CROSS_PEPTIDE_LOT_COLLISION (and other critical flags) now penalize at full weight in the vendor-level rollup rather than being silently downgraded.
v12 (2026-05-23): added form-aware safety panel scoring and the cross-peptide lot collision flag (CRITICAL). Capsules, troches and liquid orals are now evaluated against USP <61> / <467> / <232> instead of the parenteral panel; same lot # across multiple peptides at a single vendor is a critical fraud-pattern flag. Identity-verification multiplier hard-capped at 1.00× (v2.4 in the same release) so clean identity gets full credit but never an upside bonus — testing quality has to do the lifting at the top of the board.
v11 (2026-05-21): rebalanced weights to put safety panel coverage in the lead position — bumped Safety Panel Coverage from 35% → 40% and dropped Forgery Signals from 20% → 15%. Avg Purity stays 30%, Lab Corroboration stays 15%. Safety coverage is the most decision-relevant signal for buyers (matches the explicit testing-bar standard we preach publicly); forgery flags still pack a real punch (each one deducts, vendors with multiple still hit floor), but the upside for “never been caught” shrinks.
v10 (2026-05-20): identity panel is now graded instead of binary. Mass spec / FTIR remains the rigorous standard (full credit). HPLC retention-time matched against a reference standard is credited at half weight — it confirms the molecule elutes at the same RT as a known sample but doesn’t confirm molecular weight. This update recognizes a real lower-rigor identity tier (used by many Janoshik purity reports that include RT-against-reference checks without a separate mass-spec order) without collapsing the hierarchy that rewards full MS confirmation. Only the identity panel is graded; the other four panels (endotoxin / microbial safety / heavy metals / net content) remain binary.
v9 (2026-05-19): per-peptide safety-coverage rollup now excludes COAs whose peptide identity our extractor failed to pull (about 10.8% of the corpus). Previously each unidentified-peptide row became its own 1-COA group and dragged the average down — punishing vendors for our extraction misses rather than actual testing gaps. The composite/grade math is unchanged (per-COA scores already used their own panels); only the displayed safety-coverage percentage moves. Most affected vendors: Skye Peptides (28%→61%), Verified Peptides (20%→50%), Glacier Aminos (79%→95%), Hydro Research (36%→50%).
v8 (2026-05-18): added net peptide content (mg per vial) as a 5th gate inside safety-panel coverage. Each panel now weighs 20% (down from 25%) so the top-line safety coverage weight stays at 35% of composite. Net Content was extracted on every COA from the start but never scored — this aligns the scorer with the public “testing bar” copy and the customer- facing methodology. Vendors who already disclose netPeptideContentMg pick up a 1/5 panel point; vendors who skip it lose 20% of their safety-panel coverage.
v5 (2026-05-15): rebalanced composite weights from 30 / 30 / 25 / 15 to 30 / 35 / 15 / 20. Lab corroboration dropped because the 25% weight was effectively measuring whether we could resolve the lab name from the COA (a property of our extraction, not vendor trust); safety coverage and forgery signals — both directly attributable to the vendor's testing choices — absorb the redistributed weight. The “named lab indexed but unverified” corroboration tier also rose from 65 to 75: a COA from a known indexed lab like Janoshik or Vanguard is closer to credible-by-default than a missing signal, so vendors stop getting penalized for the lab-claim funnel not yet converting. v4 (2026-05-14): merged USP <61> microbial enumeration and USP <71> sterility into a single “microbial safety” panel — they test different things (microbial limits for non-sterile powders, sterility for inject-ready solutions) but for the trust score either represents the same commitment. Penalizing research-grade vendors for not running sterility when their product form doesn't need it was a category error. v3: safety coverage aggregates by peptide so vendors who split panels across multiple single-test reports get credit for full per-product coverage. v2: merged mass-spec + FTIR into a single identity panel; added a named-lab tier (65) for scraped COAs where we resolved the issuing lab. Earlier scores tagged historically on each ComputedCoaScore.
How to score higher honestly: claim your profile + upload COAs (lab corroboration goes up), order panels with safety testing (endotoxin + sterility), and ask your testing lab to claim their profile so mirror uploads can auto-confirm.
Our price comparison merges pricing from two sources: verified compounding pharmacies (503A and 503B) and research peptide vendors. Both sources are displayed in a unified table sorted by price per milligram — not by total vial cost, which varies by vial size and misleads buyers.
Pharmacy pricing is collected directly from pharmacy websites, pharmacist-provided price sheets, and (in some cases) pharmacy partnerships. Research vendor pricing is maintained in a static configuration file that is updated manually when vendors change their pricing. Prices are re-verified on a rolling basis and the table displays the last-updated date.
Affiliate status does not affect table placement. Every source we have pricing for is shown, whether or not we earn a commission from it.
The compliance scanner is an automated pattern-matching tool. It crawls public pages, extract text, and match it against violation patterns derived from real FDA warning letters and enforcement actions. The patterns are updated continuously as new warning letters are published.
Results are automated editorial opinions, not legal determinations. The scanner can produce false positives (flagged phrases that a lawyer would pass) and false negatives (violations that the patterns don’t yet catch). We publish the full list of matched phrases on every scan so you can evaluate the evidence yourself, and we recommend consulting qualified counsel before acting on any compliance result.
Scan results for a given domain are only viewable after the domain’s owner has completed DNS-based ownership verification. We do not publish scan results for domains we don’t own or control the reporting rights for.
The COA scanner accepts a Certificate of Analysis (PDF or image), extracts the relevant fields using a vision model, and runs them against fraud indicators: recycled batch numbers, manipulated data, mismatched lab names, missing signatures, inconsistent formatting, and implausible purity/identity combinations.
Like the compliance scanner, COA results are automated editorial opinions. A green result is not an endorsement of the vendor, and a red flag is not proof of fraud. Use the scanner as one input among several — including lab verification through the partner portal, mirror-upload corroboration, vendor reputation, and your own independent batch testing where appropriate.
Every claimed and verified lab on the labs index carries a credibility score (0–100) and letter grade. The composite is recomputed nightly from the COA corpus and is never manually edited — the rubric below is the entire scoring function.
| Component | Effect | Why |
|---|---|---|
| Baseline | +50 | Every lab with ≥ 1 COA starts neutral; points are earned, not assumed. |
| COA volume (tiered) | +5 / +5 / +5 | At 25, 100, and 500 COAs respectively. Established labs accumulate volume over time; new labs build credit as the corpus grows. |
| Vendor diversity | +5 / +10 | +5 for 3+ vendor customers, +10 for 10+. A lab serving many vendors is market-trusted; a single-vendor lab looks captive. |
| Public verify portal | +10 | Lab publishes a public COA verification mechanism we can hit programmatically (Janoshik, TrustPointe, BioRegen, Kovera, MDx, Freedom Diagnostics, Chromate, ILS). Strongest transparency signal — every report they issue is cross-checkable in real time. |
| Verification engagement | +5 | Any lab-confirmed COA or mirror upload (lab + vendor independently published the same file). |
| Lab-confirmed rate | +10 | > 50% of this lab’s COAs in our corpus round-trip through their own verify portal (requires ≥ 10 COAs so a 1-of-1 doesn’t inflate). |
| Methodology breadth | +5 each (4 panels) | Mass-spec/FTIR identity, endotoxin (USP <85>), sterility (USP <71> / PCR), and heavy metals each > 25% of COAs. Measures whether the lab demonstrably offers the test, not whether customers always order it. |
| Narrow variance flag | −25 | Purity stdDev < 0.15% AND vendor count < 5 AND 30+ COAs — truly anomalous tight clustering without breadth to explain it. Exempted for labs with a published reporting cap (e.g. Vanguard caps at 99.80%). v7 tightened from v6’s 0.5% trigger: real peptide testing legitimately clusters near 99-99.9% because vendors reject batches under 95%. |
The composite clamps to 0–100 and converts to a letter grade with the same thresholds as vendor scores: A (90+), B (80–89), C (70–79), D (60–69), F (below 60).
Methodology v7 (2026-05-16): added explicit bonuses for labs publishing public verify portals (+10) and labs whose COAs round-trip cleanly through their own infrastructure (+10). Relaxed the narrow-variance penalty from stdDev < 0.5 to stdDev < 0.15 plus a vendor-count gate — v6 was penalizing every legitimate lab for the fact that peptide purity legitimately clusters near 99%. Removed the cluster-too-tight penalty (double-counted variance) and removed the disputed-COA penalty against labs (when a lab says “not my report,” that’s transparency, not lab fault — the vendor’s score takes the hit).
Grades are onlypublished for labs that have completed DNS-based ownership verification. For un-claimed labs we still compute the factual rollups (COA count, average purity, standard deviation, endotoxin and sterility reporting rates) so the partnership pitch can reference real data, but the public grade and score read as null. We’d rather show no grade than shame a lab into a corner before they’ve had a chance to onboard.
Independent of the score, two structural flags can attach to individual COAs and surface on the Forgery Map:
Aggregate purity values published on lab and peptide pages exclude any underlying value outside the [50%, 100%] band, and the displayed mean is clamped to 100%. Purity above 100% is physically impossible — a single legacy out-of-range row once pushed a customer-facing average to 101.44%. The three-layer defense (extraction validator, manifest write guard, aggregate filter) is documented in src/lib/coa/purity.ts.
Eight labs in our corpus publish a public COA verification mechanism — a /verify URL, lookup API, or QR-code portal. For every COA we have from these labs, we hit the lab’s own infrastructure and store the round-trip result against the row. When the lab confirms the report exists, the COA is marked LAB_CONFIRMED. When the lab says no record — the strongest forgery signal we can publish — the COA is marked LAB_DISPUTED and surfaces on the Forgery Map.
Real-time cross-checkable beats “trust us” on a badge. The verification scripts live in the open repo:
| Lab | Mechanism |
|---|---|
| Janoshik Analytical | GET janoshik.com/verification/?task=&key= |
| TrustPointe Analytics | POST trustpointelims.com/TrustPointe/@@verify-report (SENAITE LIMS) |
| BioRegen | GET bioregen.com/report?coa_number=&secret_key= |
| Kovera Labs | GET supabase REST /coas?coa_number=eq.<id> |
| MDx BioAnalytical | GET sheetdb.io/api/v1/<id>/search?Search Code= |
| Freedom Diagnostics | GET coa-list cloudflare worker ?file=<code>.pdf |
| Chromate | POST chromate.org/client (jn + id) |
| ILS Labs | GET portal.ils-lab.com/api/trpc/publicCoa.getByQrCode |
Verification stats live on every lab page (under “Verification activity”) and every per-COA page (the “Verifiable directly with <lab>” CTA when applicable). The Forgery Map’s LAB_DISPUTED section lists every dispute with the timestamp + the specific failure reason returned by the lab’s API. Anyone can re-run the same lookups themselves.
Re-ran every verify endpoint after the v10 extractor rebackfill. Across 8 lab portals we checked 2,252 COAs and the labs themselves confirmed 2,092 — 92.9% authentic. The remaining 160 are the rows that drive the Forgery Map: report numbers the issuing lab says don’t exist, or accession codes the portal can’t find. Per lab: Janoshik 727/727, Freedom 660/686, TrustPointe 195/224, BioRegen 175/184, Kovera 125/139, MDx 150/154, Chromate 60/60. Vanguard 0/78 is the outlier — their public portal exposes only ~8 reports so most of our indexed Vanguard rows return no-match without that being a forgery signal.
Labs without a public portal that we’ve surveyed (MZ Biolabs, BTLabs, Biogenica Labs, SafeCert, Shimadzu LabSolutions, Bioviridian, Vanguard Laboratory) still get their factual rollups computed — just no portal bonus on the credibility score until they ship one.
The regulatory feed aggregates primary-source regulatory actions across the compounding and peptide industry: FDA warning letters, FDA guidance, DEA scheduling, state pharmacy board actions, federal and state legislation, USP standard updates, and federal court decisions.
Each alert is scored on a 0–100 relevance scale by an AI classifier trained on historical enforcement patterns, and tagged with its impact level (critical, high, medium, low) and the industry segments affected (503A, 503B, telehealth, prescriber, etc.). Summaries are AI-generated from the source document and reviewed before publication for factual accuracy.
Every alert links to the primary source so you can verify the underlying document directly.
An independent blind-purchase testing program is on the roadmap, not live yet. The plan: order samples through an ordinary consumer account at a shipping address not publicly associated with Disclosed Labs — so the sample received is the sample the vendor ships to a normal customer, not a cherry-picked demo — and route to an accredited analytical lab for purity, identity, and quantity verification. Open methodology, full results published (passes and failures). See /testing for the waitlist and timeline.
Until that program is live, the trust signals on this site come from the public COA corpus: COAs vendors publish themselves and COAs labs publish through the partner portal. See the verified batches and disputes and flagged COAs pages, vendor trust scores are computed entirely from the COA corpus — vendor uploads + lab-confirmed authorship + mirror uploads + forgery flags. No editorial scoring, no internal test results in the math (because there are none yet).
When the testing program does launch, results will be published the same day they arrive — passes and failures both, with lab name, method, raw data, and pass/fail reasoning. Vendors will not be given advance notice, allowed to reimburse Disclosed Labs for failed samples, or allowed to re-test until a preferred result arrives. Samples and tests will be paid for by Disclosed Labs, not by vendors.
If you are a reader who wants to be notified when the first results publish, the testing waitlist is open. If you are a lab or compounding pharmacy interested in partnering on the program, email [email protected].
Disclosed Labs earns revenue from five sources. Notably absent: payments from peptide vendors or testing labs themselves — the Disclosed Trust Index is free forever for labs.
We do not accept:
Full details are in our affiliate disclosure.
If we get something wrong, we want to hear about it. Email [email protected] with the URL, the claim, and the evidence. We correct material factual errors by updating the page and noting the correction at the bottom of the affected section.
Vendors who dispute a trust score can submit a data challenge via the same address. Providing new evidence (additional COAs, updated lab data, verifiable certifications) may result in a rescore. Threatening legal action will not.
This platform provides informational tools only, not medical advice. Consult a licensed provider.
Disclosed Labs