Documentation
Hosting on attestly.dev
Canonical /trust/{slug} on the app host; optional *.trust root when DNS is configured.
Last updated May 6, 2026
Every tenant gets a public trust center at {origin}/trust/{slug}
where {origin} is your deployed app (see NEXT_PUBLIC_APP_URL in the
dashboard). It's free on every plan, including the free tier.
When you configure NEXT_PUBLIC_TRUST_ROOT_DOMAIN and wildcard DNS (e.g.
*.trust.attestly.dev), visitors can also use
https://{slug}.{trust-root} — the same routes; our middleware rewrites to
/trust/{slug}.
What lives there
- A landing page with your logo, contact email, and a snapshot of your published documents.
- One page per published document, rendered from the version you approved.
- A live subprocessor table.
- A machine-readable AIBOM at
/aibom.json. - A document feed at
/feed.atomso customers can subscribe to changes.
Caching and freshness
The trust center uses Next.js Incremental Static Regeneration with a 5-minute revalidation window. Publishing a new document version triggers an immediate revalidation, so the public page is updated within a second or two of approval — not five minutes.
SEO
The trust center is fully crawlable. Each page ships with:
- A descriptive
<title>and<meta name="description">. og:imagecards generated from your brand colors.- A self-canonical URL.
Last-Modifiedheaders tied to the version's publish timestamp.
This matters because prospects Google "yourcompany security" when they're evaluating you. The default is for the first hit to be your trust center.
Privacy of the trust center itself
The trust center has no cookies, no third-party scripts, and no analytics by default. We don't want to make your customers' privacy reviews harder. If you want analytics, you can opt in to Plausible or PostHog under Settings → Trust Center.