Identity, network, payment, behavior, and content signals — combined into a single 0–100 risk score in under 100ms.
MX/SPF/DMARC validation, disposable & subaddressing detection, role-based mailbox flags, free-provider classification.
Carrier lookup, line-type detection (VoIP, prepaid, virtual), country mismatch, SIM-swap heuristics.
ASN reputation, datacenter/residential proxy detection, Tor exits, hosting-provider blocklists, geo-velocity.
Stable visitorId across incognito, cookie clears, and VPN switches. Canvas, WebGL, audio, fonts, TLS JA4.
BIN intelligence, prepaid/gift-card detection, country mismatch with billing, repeated card hashes across accounts.
Spot freshly-minted Google/GitHub/Apple accounts created minutes before signup — a top trial-abuse signal.
Profanity, gibberish, and disposable-pattern detection in names, workspace slugs, and free-form fields.
Referrer, UTM coherence, language/timezone mismatch, accept-language vs IP geo, suspicious entry paths.
Keystroke dynamics, mouse entropy, copy-paste detection, time-on-form. Catches automation that fingerprints can't.
Account-linking graph: shared device, IP, card, or behavior. Surface the cluster before it converts to abuse.
Ensemble model trained on millions of trial signups. 0–100 score with full signal attribution. No black box.
Step up to email OTP, phone verify, or invisible captcha — only when the score warrants it. No friction for real users.
Track behavior after the trial starts. Catch second-order abuse: trial extension, feature scraping, mass invites.
EU data residency, automatic PII hashing, one-click data export & erasure. SOC 2 Type II and ISO 27001 in flight.
Stream events to Snowflake, BigQuery, S3, or your warehouse. Webhooks for every decision. SQL access to raw signals.
14kb browser SDK, p99 under 100ms globally, SDKs for TS, Go, Python, Ruby, Rust, Java. Sandbox with one CLI command.
Configurable signal weights, shadow mode, A/B testing, versioning, audit log. Tune without redeploying.
Identify the device on the client. Verify on your server before letting a trial start. No form fields. No friction. No false positives.
// Verify the trial signup before creating the account import { TrialShield } from "@trialshield/node"; const ts = new TrialShield(process.env.TS_KEY); export async function signup(req) { const risk = await ts.verify({ visitorId: req.body.visitorId, email: req.body.email, }); if (risk.score > 75) { return deny("trial_abuse"); } return createAccount(req.body); }
“We were leaking $840k a year to trial-cycling. TrialShield caught 94% of it in the first week — and our legitimate signup conversion went up because we removed the captcha.”