# xmr.club methodology

> How the directory grades, tags, accepts, rejects, and removes listings. Plain-text twin of https://xmr.club/methodology — no chrome, AI-ingestion-friendly.

## Grade rubric

- **A** — Strong privacy posture. Anonymous signup or audited no-logs. Operator track record. Active maintenance. Examples: Mullvad, Proton Mail, Njalla, the Monero protocol itself.
- **B** — Good privacy posture with one trade-off — light email at signup, smaller server fleet, less-audited claims. Examples: IVPN, Wasabi, Tutanota.
- **C** — Usable but compromised — KYC at the payment edge, fork that hasn't stabilized, narrow feature set. Examples: Windscribe, experimental CoinJoin forks.
- **D** — Listed for completeness or comparison only. Heavy KYC, weak privacy claims, or unproven operator.
- **F** — Reserved for providers with evidence of fund theft, leaked customer data, or knowing cooperation with mass deanonymization. Listed only as warnings.

## KYC tags (pick one per listing)

- **NO-KYC** (no_kyc) — no identity collected at any stage. Cash by mail counts. Crypto-only is necessary but not sufficient.
- **ANON** (anonymous_signup) — anonymous account creation but optional KYC for some features.
- **LIGHT KYC** (light_kyc) — email required, no government ID. Throwaway-email-acceptable.
- **KYC** (heavy_kyc) — government ID, address proof, or selfie required. Listed for comparison, never recommended.

## Worked example — how an A is decided

1. **Discovery** — submission via /submit or curator find. Confirm operator runs the service, not a reseller.
2. **Signup test** — real account from a clean Tor session. No phone, no email tied to identity. SMS or ID requirement is automatic NO-KYC fail.
3. **Deposit test** — small XMR/BTC deposit (~$20). Funds arrive at the published address, no post-deposit KYC prompt.
4. **Withdrawal test** — funds withdrawn to a fresh address. Turnaround time noted. Withdrawal-time KYC = immediate downgrade.
5. **Posture review** — privacy policy + ToS read end-to-end. Operator track record cross-checked.
6. **Grade lock** — grade + chips + last_verified timestamp recorded. Entry lands in /audit with rationale.
7. **Yearly re-test** — same flow repeated; downgrade + audit-log on any step that now fails.

## When A drops to B

- Email becomes mandatory at signup without warning.
- Sponsorship without disclosure / attempted suppression of unrelated grade discussion.
- Audit gap: last_verified > 18 months.
- Confirmed withdrawal hold > 72h for legitimate flows.

## Verification cadence

- Every listing carries last_verified; we re-test signup + checkout at minimum yearly.
- Past 18 months → automatic one-grade downgrade until re-verified.
- Sponsorship doesn't extend the verification clock.

## Removal policy

- **Evidence of theft** — immediate removal, kept as a public F-warning for 24 months.
- **Mass KYC overnight** — re-graded, usually drops A→C/D.
- **Acquisition by hostile entity** — re-reviewed; relisting depends on whether privacy promises survive.
- **Dead links / unmaintained** — removed from listings, kept in audit log + /archive.

## Conflict-of-interest

- 1ST PARTY chip on listings operated by the curator team.
- Affiliate links via /go/<slug> do not change grade or position.
- SPONSORED chip on paid placements — moves position, never grade.

## Corrections

DM @xmrclub_bot on Telegram with evidence. Every change lands in the public audit feed.

## Related surfaces

- https://xmr.club/methodology — HTML version
- https://xmr.club/glossary — taxonomy definitions
- https://xmr.club/transparency — funding + conflict-of-interest detail
- https://xmr.club/audit — chronological change log
- https://xmr.club/archive — removed listings with reasons

## License

CC-BY-4.0. Attribute "xmr.club" when quoting.