A trust center is a public web page for companies that store information to share details about their practices, policies, and procedures on privacy, security, transparency, and compliance with existing and potential customers. It is the one-stop shop for customers that want answers about how their data is stored and safeguarded and is a proactive, interactive way to showcase real-time security posture instead of being merely reactive to requests. 

See Secureframe's Trust Center for a live example. 

How do I unlock the Trust Center features?

The free tier of Trust Center comes standard with all Secureframe Comply Fundamentals plans, while Advanced Trust Center comes with Comply Complete plans. You may purchase Advanced Trust Center as an addon to your Fundamentals plan at any time (reach out to your account manager). Customers who purchased a Secureframe Trust/Essentials/Growth/Enterprise plan before this will receive all new paid features through the end of the current contract period. 

Free tier Trust Center users get the essential features to take the product for a test drive:

• Custom domain
• 15 document requests per year counted from the anniversary of your contract start date
  • Declining a request does not count toward this limit. Only approved (unlocked) requests are counted.
• A beautiful new site layout
• NDA approval workflow and requestable documents
• Notification customization

Advanced Trust Center customers have all of the above but also gain access to:

• Unlimited document requests per year
• API access to Trust Center document requests and provisioning
• Custom HTML sections
• Custom global CSS styles
• Powerful request automation workflows through Zapier partnership
• All future paid features

Talk to your account manager or customer success representative if you would like to upgrade or see a DEMO of our fully-featured Trust Center!

Manage document requests

On the Trust Center page, the Requests tab is where you can see pending document requests and create a new request.

To approve a request:

Find the row with the document you’d like to approve and click the Make decision button.

A pop-up will appear showing all the documents that are a part of the request and 3 steps to complete.

1. Step 1 - Mark the document as Denied orApproved by clicking the corresponding bubble in the document row, then click Next.
2. Step 2 - Select a model to enforce confidentiality. The options will be Require Clickwrap NDA, Waive NDA, or NDA Signed outside of Secureframe, then click Next. 
3. Step 3 - Choose to Send an email response to the requester by checking the box, with an optional email response, then complete.

Send Document Requests

If you’d like to send documentation about your security posture to a prospective customer, you can do so without asking them to submit a request through your trust center site. Creating a request here allows you to send an email with links to the relevant documents, with an NDA if necessary.

To add a request:

1. Click the +Add Request button to create a New Request. 
2. In the pop-up, enter your requester information and click Next. (Note: Starred fields are required.)
3. Use the search field to find applicable documents you want to share, or use the check box  from the list below
4. Once all documents are selected, click Send Documents

Document Request Limit

You will still continue to receive requests from your Trust Center, but you must upgrade your plan to unlock them. Once you've upgraded, you will be charged a "use" to unlock each request from your total yearly allotment.

Advertise your controls and security practices

The Monitoring section in the Site Designer is where you can review your controls and their associated tests configured in the Secureframe platform. The control’s health is determined by the number of passing tests within it. You can control the public visibility of passing tests.

To hide a passing test on the web page:

1. Click the eye symbol to show or hide a passing test on the Trust Center web page. This reflects immediately on your trust center site after you publish changes.

Note that failing and unhealthy tests/controls are automatically hidden after 30 days. If you need to share unhealthy or failing controls with clients or prospects you can export your controls by going to the Controls Page, then click the Export button in the top right corner. 

Configuring your Trust Center settings

A number of tools to manage the content and themes of your Trust Center web page are available on the Settings tab. To access, click the gear icon in the top right corner.

You are able to:

• Adjust Request Notification Emails & Reply to
• Upload an NDA document
• Adjust DNS settings
• Designate a custom URL for the Public Trust Center
• Use Secureframes Zapier for Document Request Automation
• Add a Favicon
• Add links for privacy policy and terms of service information
• Access the Site Designer
• Publish/Unpublish the Trust Center page

Create Public Trust Center Custom URL

The automatically created Public Trust Center URL (your_organization.secureframetrust.com) will display your Trust center, but you may also choose a custom URL ( trust.your_organization.com).

Navigate to the Settings tab and scroll down until you see DNS Settings then select "Setup custom domain"


Now enter the Custom Domain you would like to set and click next.


Now navigate to your website host provider's DNS settings and create a CNAME record with the CNAME Key & Value of your Custom Domain.

Note: In some cases, Cloudflare customers are getting an error "cname cross-user banned error" when setting up a custom domain for trust.

If you receive this error, please use this webform to get into contact with their Abuse team. 

We have also attached an article from Cloudflare regarding this issue here. 

How to upload an NDA in your Trust Center

Visit the Trust Center located in your left navigation, then click the gear icon in the top right corner. Now click the NDA Tab and upload your file (PDF Only). 

When an NDA has been added in Secureframe, it will automatically be used in the document request flow when you check the Require request for access Resource in the Site Designer.

When a request arrives for a document with a required NDA, admins will first need to 'make a decision' and approve or deny the request.

Once approved, you will see the Document access request dropdown on the approval pop-up offering these NDA options:

• Require clickwrap NDA
• Waive NDA
• NDA signed outside of Secureframe

It's important that you set both email notifications and reply to's in the event there is an issue or your customers/prospects have questions.

Request Email Notifications

Once in the Trust Center, click on the settings gear icon in the top right corner, then click on the Request tab, then review the Request Notification options below.

This section will automatically populate a full list of all your Admins. Note: An Admin that is labeled as a Contractor will not show in this list. 

If you need to add Custom Addresses outside of the pre-populated list, select Custom Address and Add New Address or Remove address as needed. 

From here, click the box next to the Admins who should receive email notifications or reply to email notifications. 

NOTE: If your organization requires a formal eSignature provider, Secureframe recommends using DocuSign, HelloSign, AdobeSign or similar vendors.

Secureframe collects the following metadata fields from signatories during document approval:

• Full name
• Work email
• Business name
• Job title
• Confirmation the signer understands NDA terms and agrees to them (via checkbox)
• Version of NDA signed
• IP address of signer
• Timestamp of signature

This information can be provided to admins upon request. Reach out to Secureframe Support or your Customer Success Manager if you require signatory metadata.

Customers Requesting documents (NDA may be required)

Once your Trust Center is published, customers will be able to see valuable Security & Compliance related information like Control Monitoring, your achievements (SOC, ISO, etc), your Subprocessors, and the ability to request documents. 

We do recommend that you go through the document request process yourself to ensure a smooth experience for the customer. 

• Head to your new Trust Center webpage (ex, see our Secureframe Trust Center here)
• Then scroll down to the Resource section and click Request next to the applicable document. 

• Then select one or more of the documents you would like to request and click Continue.

• Fill in the applicable fields and click on the Terms checkbox to Submit Request.

• You will receive an email titled "Your Request Has Been Received" letting you know the team is reviewing the request.

• Some Trust Centers will requires an NDA before your files will be granted. If NDA is required, you will be directed to a form after clicking the "Download approved resources" where you will need to read and agree to the terms of the NDA. Once accepted you can download your files using the "Download from Trust Center" button.

• Other Trust Centers will not require an NDA and you will simply download your files from the email titled "Your resource request from XYC company." This email will contain a section outlining the Approved Resources and or the Declined Resources and a "Download approved resources" button as shown below.

Issues Downloading Approved Trust Center Resources

After your request for Trust Center documents is approved, you’ll receive an email with a “Download approved resources” link.

If you click the link and see “No documents found,” this can happen for a few common reasons:

Most common reason

• The download link has expired. For security purposes, Trust Center download links expire 24 hours after approval.

Other (less common) reasons

• The request is still pending or was revoked.

• The request is invalid or no longer exists.

• No documents were attached to the approved request (rare).

How to resolve

• If your link has expired, simply submit a new Trust Center request for the documents.

• Once approved, make sure to download the files within 24 hours of receiving the approval email.

This expiration behavior helps ensure sensitive documents are shared securely and only accessible for a limited time.

Spam Filtering for Trust Center Requests

To help reduce noise from unwanted or invalid requests, Secureframe Trust Center now includes basic spam detection.

• Automatic Archiving: If a request is determined to be spam, it will be automatically sent to the Archived tab.

• SPAM Label: These requests will display a Spam tag for easy identification.

• Reviewing Spam Requests: You can still open and review spam-labeled requests from the Archived tab, then clicking on the 3 dot menu to "Edit Decision" or "Unarchive Request." This ensures that if a legitimate request is mistakenly flagged, you have the ability to review and take action.

This helps your team focus on valid requests while maintaining visibility into any items that may have been incorrectly classified.

Trust Center Request Columns

When viewing requests in the Trust Center, each request is displayed in a table with several columns. These provide details to help you quickly review, validate, and manage incoming requests:

• Status – Shows whether the request is New, Decisioned, or flagged as Spam. This helps you prioritize which requests need attention.

• Requester – Displays the requester’s name and email address. Use this to validate who is making the request.

• Request Date – The date the request was submitted. Helpful for tracking timeliness and prioritizing recent requests.

• Reason – Shows the requester’s stated purpose for needing access. This can help you evaluate whether the request is valid.

• Documents Requested – Lists the specific resources or documents that the requester has asked to access.

• Decision – Allows admins to take action on a request. Options include:

  • Make decision – Approve or deny the request.

  • Edit decision – Update or change a previous decision.

  • Archive request – Manually move the request to the Archived tab.

💡 Tip: Archived requests remain visible under the Archived tab, so you can always revisit them later if needed.

Frequently Asked Questions (FAQ)

Can I get a signed copy of the NDA from the Trust Center?

• If the NDA was accepted using the clickwrap option in the Trust Center, there isn’t a traditional signed copy available. A clickwrap NDA is a digital contract that is accepted when the user clicks “I agree” or checks a box, so no signature is applied to the document itself.
• You can, however, export a list of NDA acceptances from the Trust Center settings. If needed, our team can also retrieve backend metadata (e.g., timestamp, user identity, acceptance record) that verifies the client’s acceptance.

I tried to access the Trust Center and it says "Unlock Trust Features."

• This could mean that your current subscription tier does not include access to those features and an upgrade may be required.
• This could also mean that your organization had a free trial at some point which may now be expired, in which case those features are now hidden. 
• Feel free to contact our Account Management team to discuss further details and or to see a DEMO at accountmanagement@secureframe.com

Why am I getting a an error cname cross-user banned error when trying to add a custom URL to Trust Center domain?

• In some cases, Cloudflare customers are getting an error cname cross-user banned error.
• If you receive this error please use this webform to get into contact with their Abuse team.
• We have also attached an article from Cloudflare regarding this issue here. 

 What emails are pulled in the "Admins" option under Trust Center Settings → Request Notifications?

• The "Admins" option in the Trust Center settings pulls the email addresses of all employees who are marked as Admins or Super Admins on the Personnel page.
  • Please note: This list does not include contractors, even if they have admin-level access.

How can I change or add admins that receive email notifications when initiating document requests in the Trust Center (without using Zapier)?

To manage who receives email notifications for document requests in the Trust Center:

1. Go to the Trust Center.

2. Click the settings gear icon in the top right corner.

3. Select the “Request” tab.

4. Under Request Notifications, you’ll see a list of all Admins.

   Note: Admins marked as Contractors will not appear in this list.

5. To notify additional people outside of this list, select Custom Address and choose Add New Address or Remove Address as needed.

6. Check the box next to any Admin or custom email address you want to receive or reply to notifications.

No Zapier integration is required for this functionality.

Why does my Trust Center confirmation email look unusual or show the message “Some content in this message has been blocked because the sender isn't in your Safe senders list”?

This is likely caused by how the Outlook desktop app on Windows renders certain emails. While the Trust Center email is delivered correctly, Outlook may display it with blocked content or unusual formatting.

We’ve confirmed that:

• The email looks normal in Outlook Webmail and the Outlook mobile app.

• The unusual formatting only happens in the Outlook desktop app on Windows.

• The warning message is a standard Outlook notice when the sender is not in your Safe Senders list — it does not indicate an issue with the Trust Center.

What you can do:

1. Try viewing the email in Outlook Webmail or Outlook mobile to confirm proper formatting.

2. If needed, add hello@secureframe.com to your Safe Senders list.

3. Contact your local IT team if the formatting issue persists in the Outlook desktop app.

This is considered a low-impact display issue. No action is required for your Secureframe Trust Center account.

Where can I find Secureframe's pentest report, vulnerability SLAs, ISO 27001 SoA and related trust documents?

Some security documents are available directly on the Secureframe trust center located at https://secureframe.com/trust, while others are available on request:

• Pentest report (including remediation findings and confirmation of test environment): Available on the trust center.
• Vulnerability SLAs and ISO 27001 Statement of Applicability (SoA): Not currently on the trust center. Contact your CSM at success@secureframe.com to request these directly.

Can we provide view-only access (no download), an expiration date, and an audit trail for Trust Center document requests?

• View-only access: Not currently supported. Trust Center documents are provided as downloadable files once access is approved.

• Expiration date: While there isn’t a configurable expiration date, documents can only be downloaded once after approval, which effectively limits ongoing access.

• Audit trail: Yes. By placing documents behind the Trust Center request flow, you can track who requested access and when. This provides visibility into document access activity.

Best practice: To meet audit and access-control needs, we recommend keeping all sensitive documents behind the Trust Center request workflow rather than making them publicly accessible. This ensures requester tracking and limits document access by design.

Does the Trust Center support iframe embedding for customers who want to display it on their own site?

• Not officially. The recommended approach is to use a custom domain via CNAME to host your Trust Center on your own site. iframe embedding isn't supported or intended, and while it may work in some cases, it's not guaranteed and isn't something we can stand behind.