About Us

The Data Trust Registry is an independent non-profit operated for the public benefit to encourage safety and trust when services exchange personal data at user request.

The Right to Data Portability must also include an expectation that the companies involved in sharing or moving data at a user's request do so while protecting privacy, and while following their own promises. The expectation for protection ought to be even stronger for sensitive personal data. Thus, the Data Trust Registry reviews each company and application that wishes to participate in data portability before adding them to the registry. The Registry also reviews registry entries yearly and reviews complaints about trust violations year-round.

Users wishing to move their personal data safely may find providers in the Registry, although the primary direct use of the Registry is for companies who do transfer personal data at the user's request to decide which other companies may be trusted senders or recipients, and how to verify that company's identity securely.

Companies wishing to be added to the Registry should read our Policy documents and Submission Guide to begin with.

Send us an email at support@dtinit.org

Terms & Conditions

Frequently Asked Questions (FAQs)

What does a service need to provide to the registry to be verified?

The assets required to register depend on the vertical. For sharing music playlists, much less is required in the way of audited compliance reports or security or privacy guarantees, whereas for data transfer of personal photos, compliance audit reports of some kind will be defined. More documentation on the trust criteria for specific verticals is still being developed.

How long does it take to be verified?

A complete application for a routine application in the usage verticals already supported by the Registry, in a jurisdiction that the operators are familiar with, ought to take a month or less to process and approve. New verticals, new jurisdictions or novel approaches may take longer. In some cases, the registry may not be prepared to verify any application until the criteria for a vertical have been developed in a public process.

Which verticals or application areas are included?

Initial verticals are expected to be:

Personal photos and videos
Personal notes and tasks
Social Media posts (especially ActivityPub)
Music playlists

Does registry verification guarantee approval for data transfers?

Bluntly, no - just because a service has been verified by the Trust Registry and included in it, does not mean that every other service participating in the same vertical will be able to exchange data.

How is the data transfer executed (protocol, API)?

The Data Trust Registry is not limited to a single data transfer protocol, API or software model. Instead, it can be used to advertise multiple approaches and move towards greater interoperability. The Trust Registry operators and DTI will be engaged to recommend specific protocols and standards for effecting data transfers, but the registry will not be limited to the recommended standards.