Verbiflow is sequencing infrastructure for growth teams. Run multi-step sequences across email, LinkedIn, and cold calls from one platform, handle sending and deliverability, and land replies in one shared inbox so your whole team stays aligned.

What can I do for free?

Sign up free with no credit card. You get three starter sequences personalized to your company, and you can build sequences, import a CSV, and connect a mailbox to test. Launching real sends requires a paid plan, starting at $50/month.

Can I run it from my AI agent?

Yes. Run npx -y growth-mcp install to add Verbiflow to Claude, Cursor, or Codex. It turns your coding agent into a GTM operator that can research accounts, build lists, draft sequences, and run plays from chat.

Do you support cold calling?

Cold calls are in early access. Today, sequences run across email and LinkedIn. If calling is part of your motion, book a demo and we'll get you access.

Do I need to bring my own mailboxes and domains?

You can do either. Connect your existing Gmail or Microsoft accounts, or buy sending domains and provision outbound-ready mailboxes directly in Verbiflow. We handle warming and run inbox-placement checks so your deliverability stays strong.

Email and LinkedIn replies land in one shared inbox where your team can respond directly. You're alerted by email and Slack the moment a prospect replies, and all send and reply activity syncs to your CRM so the whole team stays aligned.

A play is a complete outbound motion: we retrieve a targeted list of accounts and contacts, qualify and segment them, then sequence them across email and LinkedIn. The examples above are real plays we ran. Build your own with the agent, or have us build a custom one for your accounts.

How does pricing work?

Verbiflow is free to explore, with paid plans from $50/month. Plans are priced on monthly contact credits plus sending seats (mailboxes and LinkedIn accounts). Credits cover sourcing and enrichment. See the pricing page for full details.

All posts

Plays·Jun 1, 2026·5 min read

Trust Atlas: how we read every YC company's trust page to find compliance gaps

By The Verbiflow team

A customer selling SOC 2 / ISO 27001 tooling had the same problem every compliance vendor has: their best buyer is the company that needs the cert but doesn’t have it yet, and that company is invisible until you actually go check. So we built a pipeline that reads the trust and security pages of every company in a YC batch and tells you exactly which ones are still missing what.

~250 / batch

YC companies across the last few summer + winter batches

4 stages

seed → fetch → extract → score

22 cert types

SOC 2, ISO 27001, HIPAA, FedRAMP, PCI DSS, GDPR, and more

Why this play exists

Compliance tooling has a sharp ICP. The buyer is a Series A / Series B startup that recently started selling into enterprise, hit their first SOC 2 question on a procurement questionnaire, and realized they don’t have one. That company is a buying signal with a deadline.

The problem is the data. There’s no list of companies that don’t have SOC 2. Vendor databases don’t track it. The only honest source is the company’s own trust page, which is public. Read enough of them and the answer is right there.

The pipeline

Seed the list. Pull every company in the most recent YC batches (~250 each). Resolve their domain.
Find the trust page. Search for “{company} trust security compliance”, score the results, and pick the best hit. Trust subdomains and /security paths get priority.
Extract certifications. Fetch the page as markdown. Ask Claude (typed structured output) which certs are listed, which are “in progress,” and which evidence backs each claim.
Score the gap. For each company, compute which of the 22 standard certs they have, which they’ve started, and which they’re missing entirely. Rank by “missing-cert priority” for the customer’s ICP.

The honest caveat

Some companies don’t have a trust page. That’s its own signal: the highest- confidence way to know a startup hasn’t prioritized compliance is that they haven’t even told anyone about it. Those companies go to the top of the list.

What the customer actually got

A ranked list of YC companies, by cert gap, refreshed quarterly.
The right person to email (head of engineering, head of security, founder) for each company.
Per-company copy that referenced their actual posture. Not “do you need SOC 2?” but “noticed your trust page lists SOC 2 in-progress as of last quarter and your peers are landing it in 90 days now.”

Reply rate on the gap-ranked segment was multiples of what generic SOC-2 vendor cold email gets. Because the email proved we’d done the work.

The buyer is the company with the gap. If your enrichment can’t see the gap, your sequence will read like every other compliance pitch in their inbox.

What this is a template for

Any “you need this thing and you don’t have it yet” pitch where the absence is detectable on a public page:

Companies without a privacy policy that mentions GDPR.
SaaS companies whose status page shows recent incidents but no public RCA.
Companies hiring a security engineer but no head of security yet.
Companies whose API docs are missing rate-limit guidance.

Same pipeline shape: find the cohort, fetch the public artifact, extract the signal, rank by gap. The play does the qualification. Verbiflow does the sequencing.