-
Notifications
You must be signed in to change notification settings - Fork 0
FAQ
Navigation
- Home
- What is TrustSignal
- Architecture
- Verification Receipts
- API Overview
- Quick Verification Example
- Vanta Integration Example
No. TrustSignal is an integrity layer that fits behind an existing workflow or system of record.
The main output is a signed verification receipt that can be retrieved, checked, and attached to downstream audit or compliance workflows.
For receipt-oriented integrations in this repository, prefer the /api/v1/* surface. The /v1/* surface remains available and is used by the current JavaScript SDK.
Yes. The repository includes @trustsignal/sdk, which currently targets the /v1/* API surface.
Yes. The repository exposes a Vanta schema endpoint and a normalized verification-result endpoint for Vanta-style evidence ingestion.
Yes. Receipt lifecycle routes include revocation and anchoring operations, subject to the documented authorization model and receipt state requirements.
No. TrustSignal provides technical verification signals. It should not be described as legal advice, a certification, or a substitute for independent control validation.
No. Public-facing documentation should describe outcomes, integration points, and security boundaries without exposing private implementation details.
At minimum, store the receiptId and receiptHash returned by TrustSignal so the receipt can be retrieved and re-checked later.
No. Public integrations should minimize sensitive data exposure and avoid anchoring raw personal data unless there is an explicit requirement and supporting controls.
No. The upstream platform remains the system of record. TrustSignal adds verifiable provenance around the verification event.