Trustpage

Stop doing risk assessment the old way. Join the ranks of leading software companies establishing trust at scale.
  • Website
    https://trust.page
  • Compliance
  • Product Security
  • Data Security
  • Privacy
  • Incident Management
  • Availability & Reliability
  • Organizational Security
  • Business Continuity
  • Infrastructure
  • Threat Management
  • Subprocessors
  • Compliance

    • CCPA

      Trustpage is fully committed to the California Consumer Privacy Act (CCPA). The CCPA is a law that allows any California consumer to request all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. If you wish to request your information that Trustpage has collected from you, please submit your request to support@trustpage.com.

    • GDPR

      Trustpage is in full support of the General Data Protection Regulation (GDPR). GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The regulation allows EU citizens to request all the information a company has saved on them, in addition to requesting that all personal information is removed from a company's systems and any subprocessors who have handled their data. If you wish to request your information that Trustpage, and its subprocessors, have collected from you, please submit your request to support@trustpage.com.

  • Product Security

    • Audit Logs

      Trustpage audit logs capture all changes made to trust center content including topics, roadmap items, FAQs, and resources. The log tracks the type of change, the time it happened, the member who made the change, and when applicable, the version history of the change. This includes all comments and member activity such as invitations and joins.

    • Google SSO

      Google SSO enables Gmail and G Suite users to sign in to other applications such as Trustpage using their Google account. SSO simplifies the management of passwords and identity, helping improve security by reducing the potential for stolen passwords among other attacks.

  • Data Security

    • Data Encrypted At-Rest

      Trustpage data is hosted at Heroku, a Salesforce Company. All data is encrypted at rest with AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume. You can find more detail about EBS encryption here.

    • Data Encrypted In-Transit

      Trustpage uses HTTPS for all applications and SSL for all database connections to protect sensitive data transmitted to and from applications.

  • Privacy

    • Privacy Policy
      Privacy Policy

      Your privacy is important to us. It is Trustpage's policy to respect your privacy regarding any information we may collect from you across our website. Trustpage only collects data that we need and only retains it for as long as necessary.

      Trustpage does not share any personally identifying information publicly or with third-parties, except when required to by law.

  • Incident Management

    • Data Breach Notification

      In the event of unauthorized access to data, Trustpage will notify its customers and other affected parties about the breach within 24 hours, or as required by law, as well as take specific steps to remedy the situation to prevent future incidents.

  • Availability & Reliability

    • Status Page
      Status Page

      Trustpage's system availability can be viewed in real-time.

  • Organizational Security

    • Employee Workstations Automatically Locked

      Trustpage uses Fleetsmith for device management. Employee devices automatically lock after a period of inactivity and immediately requires a password to unlock.

    • Employee Workstations Encrypted
  • Business Continuity

    • Business Continuity Plan
    • Data Backups

      Trustpage has automated data backups that run daily to protect against data loss.

  • Infrastructure

    • FISMA - Moderate - Data Center
    • ISO 27001 - Data Center
    • PCI-DSS - Level 1 - Data Center
    • SOC 2 Type II - Data Center
    • Sarbanes-Oxley (SOX) - Data Center
  • Threat Management

    • Bug Bounty
      View Program

      Trustpage takes the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

      We require that all researchers:

      • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing
      • Perform research only within the scope set out below
      • Use the identified communication channels to report vulnerability information to us
      • Keep information about any vulnerabilities you’ve discovered confidential between yourself and Trustpage until we’ve had 90 days to resolve the issue.

      If you follow these guidelines when reporting an issue to us, we commit to:

      • Not pursue or support any legal action related to your research
      • Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission)
      • Recognize your contribution on our Security Researcher Hall of Fame, if you are the first to report the issue and we make a code or configuration change based on the issue
      • Consider paying a cash reward if the vulnerability is determined to be of high impact and probability

      The impact assessment is based on the attack’s potential for causing privacy violations, financial loss, and other user harm, as well as the user-base reached.

      The probability assessment takes into account the technical skill set needed to conduct the attack, the potential motivators of such an attack, and the likelihood of the vulnerability being discovered by an attacker.

      If you believe you’ve found a security vulnerability in one of our products or platforms please send it to us by emailing security@trustpage.com. Please include the following details with your report:

      • Description of the location and potential impact of the vulnerability;
      • A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us); and
      • Your name/handle and a link for recognition in our Hall of Fame.

      To learn more about the qualifying vulnerabilities that apply to our program, please read our full Vulnerability Disclosure Policy.

  • Subprocessors

    • Name
      Purpose
      Location
      Authentication and authorization
      USA
      Logging and monitoring
      USA
      DNS and Hosting provider
      USA
      Data service provider
      USA
      Hosting
      USA
      Email service provider
      USA