Docs

Adding Trust Centers

How to add new company trust centers to TrustLists.

Adding New Trust Centers

There are several ways to add trust centers to TrustLists:

Method 1: Use the Submit Form

The easiest way — visit trustlists.org/submit to submit a trust center through the web form. It includes live duplicate checking against the existing directory.

Method 2: Manual Addition via GitHub

Step 1: Find the Trust Center URL

Look for the company's trust center page. Common patterns include:

  • company.com/security
  • company.com/compliance
  • company.com/trust
  • trust.company.com
  • security.company.com

Step 2: Create Registry File

Create a new file in constants/trustCenterRegistry/ following this format:

export default {
  "name": "Company Name",
  "website": "https://company.com/",
  "trustCenter": "https://company.com/security",
  "platform": "Self-hosted",
  "iconUrl": "https://www.google.com/s2/favicons?domain=company.com&sz=128"
};

The platform field is auto-detected if omitted. You can leave it out and the build pipeline will resolve it via CNAME and URL analysis.

Step 3: Submit Pull Request

  1. Create a new branch
  2. Add your registry file
  3. Submit a pull request

Method 3: Automated Discovery

TrustLists runs automated discovery weekly to find new trust centers from YC companies. High-confidence findings are automatically added via pull requests.

Platform Detection

When you add a trust center, the platform is automatically detected based on:

  • CNAME resolution — e.g., cname.vantatrust.com → Vanta
  • URL patterns — e.g., company.drata.com → Drata
  • Domain analysis — e.g., trust.company.com → Self-hosted

Quality Guidelines

Required Information

  • ✅ Company name
  • ✅ Company website URL
  • ✅ Trust center URL
  • ✅ Favicon URL (auto-generated)

URL Requirements

  • ✅ Trust center must be publicly accessible
  • ✅ Must contain security/compliance information
  • ✅ Must be the primary trust center (not a sub-page)
  • ✅ Company website should be the main domain

What to Avoid

  • ❌ Login-required pages
  • ❌ Generic company websites
  • ❌ Marketing pages without security info
  • ❌ Duplicate entries

Examples

export default {
  "name": "Stripe",
  "website": "https://stripe.com",
  "trustCenter": "https://stripe.com/docs/security",
  "platform": "Other",
  "iconUrl": "https://www.google.com/s2/favicons?domain=stripe.com&sz=128"
};

Need help? Check existing entries for format examples, or open an issue if you're unsure about a submission.