Trust Center

The work behind the badge.

Trust isn't a vibe; it's infrastructure. This page lays out how we secure the platform, how we use AI, and the third parties involved in delivering the service.

Report a vulnerability

Security Posture

What we do to keep things boring.

Encryption

TLS 1.3 in transit. AES-256 at rest. Encrypted database backups stored in a separate region.

Authentication

Fortify-backed sessions, optional 2FA with TOTP, LinkedIn OAuth, and signed magic links for sensitive flows.

Infrastructure

Tier-1 European cloud, hardened images, infrastructure-as-code, least-privilege IAM.

Vulnerability handling

Coordinated disclosure process. Triage within one business day. Public acknowledgement for accepted reports.

AI UsageRev 2026.05

Where our models run. And where your data doesn't.

In the era of synthetic intelligence, data sovereignty is non-negotiable. We built the Trust Protocol for enterprise PR agencies and top-tier newsrooms — which means your proprietary pitches and your clients' unpublished quotes are handled with strict isolation.

EU Jurisdiction · GDPR Art.32

Fig.01Lifecycle of a Citable Packet

01
Ingest.
Draft Citable Packet uploaded from your workspace over an encrypted channel.
TLS 1.3 · AES-256
02
Isolate.
A transient compute instance is spun up in a GDPR-compliant European cluster.
EU · LONDON · LON1
03
Audit.
The GEO Simulator runs the Information Gain audit in-memory. No disk, no log files.
EPHEMERAL · ≤ 60s
04
Anchor.
A SHA-256 hash of the packet is written to BNB Chain. The raw text never leaves the cluster.
BNB · 32 BYTES ON-CHAIN
05
Wipe.
Process memory is cleared on tear-down. Audit results return to your workspace only.
ZERO RESIDUAL

Spec.AThree Guarantees of the Trust Protocol

Protocol.01

Zero-Training Guarantee.

We explicitly opt out of data-sharing agreements with foundational LLMs. Your pitches, your clients' quotes, and your journalistic requests are never used to train base models.

Opt-outOPENAI · ANTHROPIC · GOOGLE

ContractENTERPRISE TIER

AuditANNUAL DPA REVIEW

Protocol.02

Isolated Processing.

Audits run in isolated, transient instances inside secure European server clusters. When the Information Gain audit completes, the temporary processing memory is wiped.

RegionEU · LONDON (LON1)

LifetimeEPHEMERAL · ≤ 60s

ComplianceGDPR · SCC 2021

Protocol.03

Cryptographic Anchoring.

We never store raw intellectual property on a public ledger. We generate a unique cryptographic hash of your Citable Packet and anchor only the hash — immutable proof-of-origin, zero exposure of your text.

DigestSHA-256

ChainBNB · MAINNET

On-chainHASH ONLY · 32 BYTES

Never. Not Once.

Your data is never used to train —

ChatGPT. Gemini. Claude. Llama.

Sub-processors

Who else touches the data.

Vendor

Purpose

Region

Stripe

Payment processing

EU / US

OpenAI

LLM inference for GEO + Authorship

Resend

Transactional email

Sentry

Error tracking

Cloudflare

CDN and DDoS mitigation

Global

We notify workspace owners 30 days before adding a new sub-processor.

Responsible Disclosure

Found a hole?
Please tell us first.

We accept vulnerability reports at [email protected]. We acknowledge within one business day, triage with you, and publicly credit accepted reports unless you ask otherwise.