Trust Center
Security at Trustpage
Security, privacy, and reliability are at the core of our DNA. We’re leading the way in creating a new era of trust in software.
Compliance
Trustpage hosts its data and applications at Heroku, a Salesforce company. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 18/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Privacy
Trustpage collects limited personal data. What personal data is collected depends on how a user utilizes the product.
Trustpage may collect the following personal data:
- Name
- Company and position
- Photo
- IP address
- Any other personal data that is voluntarily provided by the data subject
Trustpage is in compliance with GDPR and CCPA and promptly processes data subject requests.
The Google Chrome Extenstion Store doesn't offer a lot of granularity in describing browser extension privacy practices. Here's what happens in practice:
User activity
Our extension handles network and HTTP request failures and keeps track of the URL you use it on in order to accurately manage questionnaires in the app. That is why network monitoring is listed under Privacy Practices, but we do not "monitor your network." The rest of this section is only used to facilitate the selection of questions, the search for answers, and the copy and pasting of answers.
Website content
We do not look at the contents of webpages that you do not load the extension on. Even then, we only look at the contents that you expressly add to the extension, i.e. the questions that you highlight on the page.
Also, we never sell your data.
For users who submit a resource request, we collect first name, last name, company name email address, and IP address.
Security
Trustpage takes the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.
If you believe you’ve found a security vulnerability in one of our products or platforms please send it to us by emailing security@trustpage.com. Please include the following details with your report:
- Description of the location and potential impact of the vulnerability;
- A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us); and
- Your name/handle and a link for recognition in our Hall of Fame.
To learn more about the qualifying vulnerabilities that apply to our program, please read our full Vulnerability Disclosure Policy.
When customers upload resources to their Trust Center, the document is stored securely by encrypting it before it's stored on disk. This keeps the contents of the document from being viewed by anyone without first possessing the encryption key. The encryption key is stored separately from documents and access to the key is limited by the principle of least privilege.
Documents are encrypted in-transit whenever they are uploaded or downloaded, further ensuring only the intended parties can view the contents of the resource.
Yes. Trustpage encrypts all data at-rest and in-transit. All data is encrypted at rest with AES-256, block-level storage encryption. Trustpage uses HTTPS for all applications and SSL for all database connections to protect sensitive data transmitted to and from applications.
Trustpage hosts its data and application at Heroku, a Salesforce company. Heroku utilizes the following safeguards:
Fire Detection and Suppression
Automatic fire detection and suppression equipment have been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms, and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.
Power
The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility.
Climate and Temperature Control
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Monitoring systems and data center personnel ensure temperature and humidity are at the appropriate levels.
Management
Data center staff monitor electrical, mechanical, and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.
For additional information see: https://aws.amazon.com/security
Trustpage hosts its data and application at Heroku, a Salesforce company. Heroku utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
For additional information see: https://aws.amazon.com/security.
General
Trustpage's Directory service aggregates security-related topics about companies using first-party data from Trustpage users and public third-party information gathered from around the web. The directory presents this data in a standard format so users can evaluate a company's security posture and compare it to other competitive products. You can claim your Trust Center to add more information about how your company is managing security and customers' data.
Trustpage sources leads from various sales tools such as Apollo, HubSpot, LinkedIn, and ZoomInfo where public personal data is available. If we contacted you, it means that we believe that given the nature of your work, it’s worth having a conversation on how to communicate trust and security for your brands. If you no longer want to hear from us, please let us know by clicking the link in the footer of the email you received or sending a request to dpo@trustpage.com
The following file types are currently supported for upload: csv, doc, docx, gif, jpg, pdf, png, svg, txt, xls, xlsx. There is a 15 MB file size limit.
Learn more about adding resources in Trustpage's Help Center.
We've outlined our approach in our Privacy Policy.