Submission Guide

The Data Trust Registry is currently in a pilot program, accepting limited applications from services specifically invited to the pilot program. If you represent a service not specifically invited to the pilot program, you may still apply (we will use that expression of intent either to add the service to the pilot program or to drive our build-out of the registry to meet additional needs for which there is high demand).

The application process is intended to allow the applying service to attest to how it protects users' data and privacy, and quickly be approved at Trust Level 1 if there are no blockers. The information required for Trust Level 1 is not onerous - along with service connection information, business registration information is required, and user-affecting terms and policies such as privacy policies. Services approved at Trust Level 1 then are listed in the registry and may gain access to other registry participants' APIs.

Some APIs require Trust Level 2, which involves not just attesting to data and privacy protections but also providing documentation of how those protections have been reviewed by outside experts. This may involve providing SOC2 audits or CASA reports (which will be kept confidential – see our own Terms of Use and Privacy Policy).

The first step to Trust Level 2 is in any case registering a service and applying for Trust Level 1. Create an account, then a service entry from your account dashboard to get started.

Documentation

Right to Data Portability

User Data Portability Threat Model

Trust Model - basis for evaluation

Glossary & Terms for Trust Model