Submitting Your App to the Data Trust Registry

The Data Trust Registry is an independent third party, operating as a non-profit, that can assess trust characteristics for participants in the personal data transfer ecosystem.

Create an Account

For your app to get reviewed by the Data Trust Registry, create an account first.

1. Use a company email address to sign up and choose a good password.
2. Agree to the Data Trust Registry Terms of Use.
3. Verify your email address.
4. Setup two-factor authentication.
5. Enter Company name and Website.

Create a Service

A Service entry is required to connect to other participants in the data transfer ecosystem. The service may make connections, accept connections, or both.

All services require a service name, URL and description. Category is used to help find services that might interoperate but "Other" or "Multiple" are acceptable answers if there is no better match.

To setup a service that will connect to another company's data platform and request data, the OAuth section will also need to be filled in.

Instructions:

1. Fill in the section with service name, URL and description
2. You may skip the section on connection details for responding to connection requests
3. Fill in the section on initiating connections
4. Create the service and confirm the values showing. You can use the Edit functionality to fix any errors.

Apply for Trust Registry Review

Once you are ready for the operators of the Trust Registry to review how your service meets the registry's trust criteria, use the "Upgrade Trust Level" button to begin the application.

Process:

1. Open the Service details
2. Use the "Upgrade Trust Level" button
3. Fill in details about privacy policies, terms of service, security issue reporting URL
4. You will also be asked for some information regarding the incorporation of the organization responsible for the service
5. Data Protection Officer information is optional but may be provided
6. Any logos you may choose to provide (they are optional) will be shown in the Data Trust Registry, and may be shown to users who are asked to consent to share their data with you
7. Choose "Submit Application"

At this point, the Data Trust Registry staff will communicate with you about the status and next steps of your application. Trust Level One may be granted directly based on the information provided in forms so far. Meeting Trust Level Two requirements will require additional documentation to be provided over email. Make sure you are able to respond at the email address registered to the account.

Publish Your Registry Entry

The last step to joining the data transfer ecosystem is for you to choose to make your registry entry public. Until you choose to make it public, your service information will be private, and other participants as well as the general public will not know that you have created a service or applied to the Data Trust Registry. Once you make it public, your trust level can be used to apply for API access to other services participating in the ecosystem.

Final Steps:

1. Open the Service listings for your account
2. Make the service listing public for whichever service is ready to be made public

Trust Level Requirements

Trust Level 1 Requirements

To apply for Trust Level 1, you will need a few things that you probably already have or ought to have:

• A home page that describes the service
• A privacy policy that covers the basics of what the service provides, as well as how personal data is:
  1. Collected
  2. Used
  3. Shared with third parties
  4. Protected
  5. Retained or deleted
• A way for users to report security issues

You will need to provide links to these resources, as well as providing some incorporation information for the organization responsible for the service. Contact the Data Trust Registry directly if you cannot provide some of these.