Trust Platform
Share your security posture with prospects and customers through a branded public portal with controlled access
The Trust Platform (also called Trust Portal) is a public-facing portal where you can share your organization's security and compliance information with prospects and customers. It provides a professional, branded experience that demonstrates your security posture while maintaining control over sensitive information through access requests.
Outbound Trust Sharing
Share certifications, compliance mappings, security documentation, and more with potential customers to demonstrate your security maturity.
Controlled Access
Control who sees sensitive information. Public sections are visible to all, while sensitive sections require access requests that you approve.
Portal Sections
Overview
High-level security and compliance information
Compliance
Compliance mappings, policies, and contact information
Documents
Detailed documents and reports (typically require access request)
Footer
Additional resources and information
Access Control Modes
Section is visible to all visitors without any access request
Section is locked. Visitors must request access, which requires approval
Section is hidden from the portal entirely
Setting Up Your Trust Portal
Navigate to Trust Portal Settings
Go to Settings → Trust & Vendor Risk →Trust Portal tab (or navigate to Trust Portals from the main menu).
Create or Configure Portal
If you haven't created a portal yet, click "Create Portal". Configure basic settings:
- Portal Name: Display name for your portal
- Subdomain: Custom subdomain (e.g., trust.yourcompany.com)
- Branding: Logo, colors, and custom styling
Enable Sections
In the "Portal Sections" tab, enable the sections you want to display:
- Check the boxes next to sections you want to include
- Sections are organized by category (Overview, Compliance, Documents, Footer)
- Only enabled sections will appear on your public portal
Configure Access Modes
For each section, set the access mode using the dropdown:
Anyone can view without requesting access
Visitors must request access, which you approve
Section is hidden from the portal
Add Content
Fill in content for each enabled section:
- Use the Content Manager to add text, images, documents, and structured data
- Upload certifications, compliance mappings, security documentation
- Configure structured forms (certifications, subprocessors, contacts, etc.)
Publish Portal
Once configured, your portal is live at your custom domain. Share the URL with prospects and customers to demonstrate your security posture.
Access Request Process
Customer Visits Portal
A prospect or customer visits your public trust portal URL. They can see all public sections immediately. Sections with lock icons require access requests.
Request Access
When clicking on a locked section, the customer sees an access request form. They provide:
- Name (required)
- Email (required)
- Company (optional)
- Title (optional)
- Purpose (optional - why they need access)
- Requested Approver (optional - if they know who should approve)
They can select multiple sections to request access to at once.
Request Submitted
The access request is submitted and appears in your Access Requests management page with status "Pending". The requester receives a confirmation email.
Review and Approve
You (or the requested approver) review the request:
- Navigate to Trust Portal → Access Requests
- View requester details and requested sections
- Click "Approve" or "Reject"
- Optionally set expiration dates for the access
Access Granted
When approved:
- A secure access token is generated
- The requester receives an email with the access link
- The link contains the token, allowing them to view the requested sections
- Access is time-limited (default 7 days, configurable)
Customer Accesses Content
The customer clicks the access link in their email. The portal recognizes the token and displays the approved sections. They can now view the previously locked content.
Managing Access Requests
View Access Requests
Navigate to Trust Portal → Access Requests tab. You'll see all requests with their status (Pending, Approved, Rejected, Expired).
Review Request Details
Click on a request to see:
- Requester information (name, email, company, title)
- Requested sections
- Purpose (if provided)
- Request date and status
Approve or Reject
Click "Approve" or "Reject":
Approve:
- Optionally set access expiration date
- Optionally set token expiration (default: 7 days)
- System generates secure access token
- Requester receives email with access link
Reject:
- Provide rejection reason (optional)
- Requester receives rejection notification
- Request status changes to "Rejected"
Best Practices
Keep public sections informative but high-level. Use them to demonstrate security maturity.
Reserve detailed documents (SOC 2 reports, architecture diagrams) for access-requested sections.
Keep content up-to-date. Regularly refresh certifications, compliance mappings, and documentation.
Set appropriate expiration dates for access tokens based on the sensitivity of requested content.
Review access requests promptly. Quick approval improves customer experience.
Use rejection reasons when denying access to provide transparency to requesters.
Next Steps
Need Help?
Our support team is here to help you set up and manage your trust platform.