Trust Center

A publicly accessible page that communicates your compliance posture to prospects, customers, and partners — without requiring them to create an account or sign an NDA.

What is a Trust Center?

A Trust Center is a public-facing webpage that shows your organisation's compliance certifications, active security policies, and overall control readiness score. It serves as a self-service resource for:

  • Prospects evaluating your product during security reviews
  • Customers who want to verify ongoing compliance status between formal audits
  • Enterprise buyers who require vendor security documentation before procurement
  • Partners assessing third-party risk for their own compliance programs

Rather than repeatedly sending static PDFs or answering the same security questionnaire questions, you can share a single Trust Center URL that always reflects your current compliance state.

Enabling the Trust Center

The Trust Center is disabled by default. Only an ADMIN user can enable it.

  1. Navigate to Trust Center Settings

    In the sidebar, click Trust Center. You'll see the settings page (accessible to ADMIN users only).

  2. Choose a slug

    Enter a URL-friendly identifier for your organisation (e.g., acme-corp). This becomes the last segment of your public URL:

    Public URL format
    https://app.zgovern.com/trust/acme-corp

    The slug must be lowercase, contain only letters, numbers, and hyphens, and be unique across all zGovern organisations.

  3. Toggle "Make Public"

    Flip the isPublic toggle to on. The Trust Center page is now live and accessible to anyone with the URL — no login required.

  4. Add a custom message (optional)

    You can add a custom introductory message that appears at the top of your Trust Center. This is a good place to include:

    • A brief description of your security program
    • Contact information for your security team
    • Links to your full privacy policy or DPA
  5. Share the URL

    Copy the public URL and share it with prospects, customers, or include it in your questionnaire responses and marketing materials.

What Visitors See

The public Trust Center page (/trust/:slug) displays the following information — no authentication required:

Section Content
Organisation Header Company name, custom message (if set)
Compliance Frameworks List of active frameworks (SOC 2, ISO 27001, etc.) with status badges
Control Readiness Score Overall percentage of controls in COMPLETE status
Active Security Policies Titles and publish dates of all ACTIVE policies. Policy content can optionally be shown or hidden.
Last Updated Timestamp of the most recent compliance scan or evidence update
What is NOT shown publicly Individual control details, risk register contents, evidence files, audit logs, integration credentials, and user information are never exposed via the Trust Center. The public page shows only aggregate, summary-level data.

Settings Reference

Setting Type Description
slug string URL-safe identifier, e.g. acme-corp. Changing this breaks existing shared links.
isPublic boolean When false, the public URL returns 404. Toggle to enable/disable without losing configuration.
customMessage string (nullable) Optional introductory text displayed at the top of the Trust Center page.

API Endpoints

GET /api/trust-center/settings Get Trust Center settings (ADMIN only)
Response
{
  "success": true,
  "data": {
    "slug": "acme-corp",
    "isPublic": true,
    "customMessage": "We take security seriously. Contact security@acme.com for questions."
  }
}
PATCH /api/trust-center/settings Update Trust Center settings (ADMIN only)
Request Body
{
  "slug": "acme-corp",
  "isPublic": true,
  "customMessage": "We take security seriously..."
}
GET /api/trust-center/public/:slug Public endpoint — no authentication required
Response
{
  "success": true,
  "data": {
    "orgName": "Acme Corp",
    "customMessage": "We take security seriously.",
    "frameworks": [
      { "name": "SOC 2 Type II", "controlCount": 63, "completeCount": 58 }
    ],
    "controlReadinessScore": 92,
    "activePolicies": [
      { "title": "Access Control Policy", "publishedAt": "2026-03-01T09:00:00.000Z" }
    ],
    "lastUpdated": "2026-03-08T06:00:00.000Z"
  }
}

Use Cases

📧

Security Questionnaire Responses

When a prospect sends you a security questionnaire, include your Trust Center URL in the cover note: "For our current compliance status and framework certifications, please visit trust.acme.com."

🌐

Website Security Page

Embed your Trust Center URL on your product website's Security page or in your privacy policy footer. Visitors can verify your compliance posture without contacting sales.

🤝

Partner Due Diligence

Share your Trust Center link during partner onboarding so their security team can complete vendor due diligence without requiring a dedicated security review call.

📋

Customer Evidence Requests

When existing customers request annual compliance evidence, direct them to your Trust Center for a summary and follow up with the specific framework report they need.