Is It a Trustworthy Site? 10 Trust Page Examples for SEO
These days, it's harder than ever to know whether or not what you're looking at is real. From generative AI that is getting increasingly – and distressingly – good to massive organizations dedicated to propaganda and astroturfed opinions to the low-key scammers who are simply good at propping up sites that look real, it can feel like a minefield just to exist online.
Some people call it a post-truth society and with good reason.
One of the most fundamental skills, then, is the ability to distinguish fact from fiction, reality from fantasy, truth from bias and lie. People want to be able to trust the site they're looking at, the information it presents, and the people behind it. That holds true whether they're just looking something up on Wikipedia, seeking out a product listing to buy from a store that isn't Amazon or Walmart, or just clicking links that get shuffled in front of them by their nearest friendly algorithm.
As the owner of one of those sites... how do you convey trust? What signals can you give to both search engines and visitors that you're a trustworthy site?
There are a lot of different ways you can do this, from simple signals like the use of HTTPS encryption, to publicly available author profiles, to establishing a personal brand. One option that is growing in popularity, though, is the Trust Page.
What is a Trust Page? Let's talk about it and show you some examples.
30 Second Summary
30 Second SummaryYou need to know what's real online. Trust pages help by showing security and transparency. Use HTTPS, author profiles, and brand establishment. Trust pages display compliance, policies, and documentation. They reassure visitors and help search engines. Big companies and those requiring high security should have one. Smaller businesses might only need basic pages like privacy policies. Choose what's best for you. What trust pages will you create?
What is a Trust Page?
A lot of this comes down to cybersecurity, secure communications, compliance paperwork, and security frameworks, like the ISO 27001 standards, SOC 2 security, and more.
The idea is that a site is going to be secure, and that the proof of that security, as well as any relevant documentation, the changelog of updates to that documentation, and a means of contacting relevant security personnel within an organization, are all contained on a page.
For the business or website, it means anyone who has questions about your security and trustworthiness can review the information for themselves all in one place. They don't need to hunt around for scattered documents across different pages or message you directly to ask for the information unless it's otherwise not available.
For a potential customer, the presence of a trust page or trust center is a reassuring one. It means that this business takes things seriously – more seriously than most businesses, in fact. Even if you don't go digging into it, knowing it's there, and knowing you can do things like read disclosure paperwork, validate certifications, and more, is all a serious benefit to trust.
For the search engines it's similar. The presence and contents of a trust page can be part of the overall E-E-A-T metrics, and it's a way for additional elements of security and trust to be conveyed. It's a relatively minor SEO factor in and of itself, but it can be considered a force multiplier for many others.
Who Needs a Trust Page?
This is where things get a little trickier. Who needs a trust page?
Actual trust pages are a compliance and documentation hub meant for validation and secure communication. They are most frequently used by larger businesses and contractors working with various governments, and who need to comply with security frameworks that have steep requirements, including the previously mentioned SOC 2, ISO 27001, the US Government's CMMC, and more.
Most of these frameworks don't actually specify that all of this documentation needs to be publicly available on a trust page. Sometimes, it's good enough for it to simply be available in some form, or to be uploaded to a governmental repository, or something of the sort. However, many of these businesses find it beneficial to publish their trust information as a way to have that information available for those who might ask for it outside of the usual channels.
What about someone like me or someone like you? Well, you have a decision to make.
A trust page can be valuable even if you don't comply with any of the major cybersecurity frameworks. Having a trust center can be a place to store things like your privacy policy, your refund policy, disclosures of any information you harvest (like GDPR disclosures), and so on.
On the other hand, nothing stops you from having those pages, just like many other websites, and they still provide the same sort of trust benefits. A trust page, trust center, or hub for documentation is only beneficial in the actual Trust Page format if you have compliance and other documentation to showcase.
It goes without saying, but you should also never copy a trust page from another brand and make claims that aren't true. If you say you're ISO 27001 certified and you aren't, that opens you up to a lot of potential problems down the line.
What Goes Into a Trust Page?
A trust page can be more or less than what I'll describe below, and in part, it depends on the scale and scope of your business. A company like Microsoft is going to have a much, much larger, and more elaborate trust page than a smaller, single-service contractor.
In general, though, this is what should go into a trust page.
Trust Summary and Overview
The first section is a summary of a company's security posture.
What security frameworks does the company comply with? What level of security within that framework is achieved? What are the overall goals, promises, and statements your company is making?
For example, HubSpot's Trust Center has a box with the compliance they've achieved, including SOC 2, SOC 3, GDPR, CCPA, and TRUSTe. Their summary box also includes information about who they are and how they work.
This trust page is actually a great example of how you can display a lot of different kinds of trust information in a compact way, with deep options for digging in and finding specific documentation if necessary.
Frequently Asked Questions
FAQs are also a critical part of a trust page.
The FAQ section should answer common questions that stakeholders and potential business partners might have. The FAQ is a living document and can be added to as people ask questions that aren't easily answered by the trust page. Any time that happens, consider genericizing and answering the question on the page.
As an example, FormAssembly's Trust Page has a short FAQ at the bottom of the page. There's not a ton there, but they answer the most common questions and provide avenues for interested parties to learn more as necessary. Their actual Trust Center, by the way, is nearly identical to HubSpot's because they use the same system to generate it (Safebase).
This is an example of how you don't need to develop a trust page from scratch; there are services that can make one for you and make it easy to keep up to date.
Policies and Statements
Many trust centers start with a summary, and go a little deeper into the statements and policies that the company makes. These can be more generic, like a privacy policy document, or they can be more specific, like data retention policies, ways to request data deletion, whether or not the company works with law enforcement regularly, and how they comply with GDPR.
We create blog content that converts - not just for ourselves, but for our clients, too.
We pick blog topics like hedge funds pick stocks. Then, we create articles that are 10x better to earn the top spot.
Content marketing has two ingredients - content and marketing. We've earned our black belts in both.
A decent example of this is the top statements section on Younium's trust page. They have a GDPR statement, a compliance statement, a privacy policy, and more.
They also disclose that, since a lot of their system is built on Azure, they have a link to Microsoft's trust center.
Resources and Documentation
It's one thing to make statements about your security posture, and it's quite another to be able to prove it. That's where documentation comes in. A lot of basic documentation can be found on trust pages, and the Safebase system also includes ways to access that documentation.
Nudge's page (powered by that same system) offers the option to see documentation as relevant.
This is also an interesting example because of how Nudge has handled their trust center. Unusually, they have a trust center page that doesn't include most of that information – just statements about it – and they link to a Safebase page on the Safebase URL.
I would guess that they're losing some of the potential SEO value because of this, though the page they do have isn't bad.
Documentation Request Access
One quirk of how a lot of these security certifications work is that some of the documentation is, itself, controlled information. You can't just publish it openly on the web; it needs to be access controlled as a form of controlled but unclassified information.
So, your trust center can make claims about your security posture, but to prove it, you need to verify the identity of the person asking about it.
An example here is HootSuite. Their trust center is the same framework as half of the other examples on this list, but they make sure to have a large "GET ACCESS" button at the top for those who have the option to request access to the documentation. There's also another button lower with "request access to private documents" for more access.
Roadmap and POA&Ms
In security parlance, a POA&M is a Plan of Action and Milestones; if you have a fault in your security and compliance, you need to remediate it and publish a timeline on how you're going to do it.
Companies large and small, including examples like Palantir, tend to include these alongside their updates; when a vulnerability is discovered or a problem occurs, they issue a notice and a response.
Sometimes, it's simple; "Palatir is not affected by the Crowdstrike issue." Other times, it's a more detailed list of what went wrong and how it has been fixed.
Changelogs
Alongside roadmaps and disclosures, most trust centers also include a changelog. This is a simple report of how the security posture has changed over time, what incidents have occurred and what changes have been made because of them, and so on.
Sometimes these are given in one large feed; other times they're broken up and even published as blog posts, such as in Okta's case. Okta does have an RSS feed for the purposes of keeping track of it all, as well.
Active Communication
In a sense, this falls under the same banner as a changelog, but there are occasions where more active communication may be necessary. In the simplest form, this can be a service status and incident reporting feed, such as what Vivun has here.
Other times, it might be more along the lines of an RSS feed, blog, or social feed that is dedicated to that specific purpose.
Client, Partner, and Subprocessor Lists
These days, relatively few companies stand on their own. When you work with other companies to handle data or process information, those companies also need to be secure, and your relationships need to be disclosed. It can also be a form of trust; X, Y, and Z companies work with us, and if we're trusted by them, we're sure to be trusted by you, too, right?
Here's an example of a subprocessor list from Crossbeam; it doesn't need to have much, but it does need to exist.
Alerts and Announcements
Another small but important element of a good trust page is an alert system. This is a place (other than your social media, homepage, or blog) where security alerts are issued. If, against the odds, your site is compromised or there are signs of an intrusion, it can be disclosed here. If you're making an announcement of a new certification achieved, a change in certification status, or a change in something that can tangibly impact trust in another way, it can also be announced here.
DocuSign – the document signing engine used by millions around the world – has a very large and robust trust center. They have a whole page dedicated to alerts and updates, complete with a dedicated RSS feed just for those alerts. Anyone who both relies on DocuSign and knows that a change to their security could be impactful will need to follow these updates, and RSS is a simple way to do it.
Should You Make a Trust Center?
At the end of the day, you have to ask yourself, is a trust center worthwhile?
I figure if you're working on serious business security framework compliance, then yes, it's a great idea. And, as you can see from how many large companies use it, you can just use a service like Safebase to handle it for you.
On the other hand, if you're just a simple e-commerce site, blog, or another service provider, you don't really stand to benefit from a trust center to this extent. A document center with things like your privacy policy might be all you need. At the end of the day, though, the choice is yours.
So, what do you think? Which trust pages do you think are essential for SEO, and which are optional? Do you have any questions for me? Let me know in the comments below!
James Parsons is the founder and CEO of Content Powered, a premier content marketing agency that leverages nearly two decades of his experience in content marketing to drive business growth. Renowned for founding and scaling multi-million dollar eCommerce businesses through strategic content marketing, James has become a trusted voice in the industry, sharing his insights in Search Engine Watch, Search Engine Journal, Forbes, Entrepreneur, Inc, and other leading publications. His background encompasses key roles across various agencies, contributing to the content strategies of major brands like eBay and Expedia. James's expertise spans SEO, conversion rate optimization, and effective content strategies, making him a pivotal figure in the industry.
Comments