Frequently asked questions

Do you certify our security posture?

No. DeliverTrust is the publication layer. You bring your own SOC 2 report, policies, and claims; we host them, gate them behind an NDA when you want, and notify your team when someone requests access. We don't audit, certify, or warrant the accuracy of what you publish.

Why DeliverTrust over a cheaper trust portal?

The low-cost tools gate a flat list of PDFs. DeliverTrust is a structured trust center - Overview, Controls, Subprocessors, FAQ, and your own custom pages - with a real self-serve NDA flow + optional manual review, per-tenant encryption, watermarked downloads, an analytics dashboard (visitors, requests, approvals, downloads by document), Slack/email/webhook notifications, and dedicated team roles. Those are the things a security reviewer actually checks, at one flat $50/month price with no per-seat math.

Can we block prospects from signing up with personal emails?

Yes. The workflow editor has a 'block generic email domains' toggle with a default list (gmail, yahoo, hotmail, outlook, icloud, proton, etc.) that you can edit. Visitors using those domains see a friendly 'work email required' error.

Can we use our own domain?

Yes. CNAME `your-trust.your-company.com` to `cname.delivertrust.io` and your Trust Page serves at your own domain with a managed TLS certificate.

Do you watermark downloaded documents?

Yes. Every gated PDF is watermarked on download with the viewer's email and a UTC timestamp, so a leaked copy traces back to who downloaded it. Each download is also written to your audit log.

How do notifications work?

Per workflow step, you pick which channels fire: email to one or more admin addresses, a Slack incoming-webhook URL, or any generic JSON webhook (Zapier, n8n, your own service). Each notification is rendered from a templated message you write in the workflow editor.

What about manual review?

Per-document toggle. When a flagged document is requested, your workflow's manual-review step fires instead of auto-grant. Reviewers get a notification with one-click approve/reject magic-links. The requester gets a templated email with either the access link or a polite rejection.

Can our whole team manage the trust center?

Yes. Invite teammates and give each a role - Administrator, Editor, Viewer, or Approver. Approvers can review and approve or reject NDA-gated document requests from a dedicated queue without edit access to the rest of your trust center.