Skip to main content

Trust Center

Publish your CloudArq posture as a public page at cloudarq.net/trust/your-slug. Embed it on your marketing site as an iframe so prospects see your security score before they ask a sales question. Available on the Max tier and above.

What gets published

You opt in to each metric independently. Anything you toggle off is OMITTED from the public page — the field doesn't render even partially. Available toggles:

  • Overall posture score — the hero number, computed from your primary framework (set in your dashboard).
  • Per-framework breakdown — pass-rate bars for each compliance framework your tier unlocks (CIS, SOC 2, HIPAA, PCI-DSS, NIST, ISO 27001, AWS Well-Architected).
  • Last scan date — establishes recency for prospects.
  • Open finding count — off by default. Opt in only if the absolute count helps your story.

We never publish your AWS account IDs, resource IDs, finding text, customer counts, or any other identifying detail. The public page is pass-rate metadata only.

How to enable it

  1. Go to Settings → Trust Center in the dashboard.
  2. Pick a slug — lowercase letters, digits, and dashes, 3–50 characters. We check availability live as you type.
  3. Toggle the metrics you want to publish. The defaults show overall score, framework bars, and last-scan date; finding count is opt-in.
  4. Optional: upload a logo (PNG / JPEG / WebP / GIF, up to 200 KB). We resize to 256×256 and re-encode as PNG.
  5. Flip the Publish Trust Center master switch and save. Your URL is now live.

Embed on your site

The settings page exposes a copy-pasteable snippet, but here's the shape. Drop it anywhere HTML renders on your marketing site:

HTML
<iframe
  src="https://cloudarq.net/trust/your-slug"
  width="600"
  height="400"
  frameborder="0"
  title="Security posture by CloudArq"
></iframe>

CSP headers on cloudarq.net allow embedding from any origin. The page renders without app chrome (no top nav, no marketing footer) so it sits cleanly inside your card / modal / hero region. Resize the iframe by adjusting width and height; the content scales accordingly.

Stale-data behaviour

When your most recent completed scan is more than 30 days old, the public page renders an honest warning banner above the score:

“Latest scan: <date>. This data is more than 30 days old. The customer hasn't run a fresh scan in a while; treat the numbers below as a snapshot, not real time.”

We surface staleness explicitly because the alternative — silently rendering a stale score as if it were fresh — would deceive your prospects. Set up scheduled scans under Connection → Schedule to keep the data current.

Privacy + tier behaviour

  • Opt-in to each metric. Toggling a field off omits it from the public response; no zero-stub leak.
  • Tier-gated. Trust Center is a Max-and-above feature. If you downgrade from Max, your public URL returns 404 even though the slug stays in our database — re-upgrade and the same URL springs back without losing your configuration.
  • Soft-disable kept. “Hide page” flips the master switch but keeps your slug reservation, so re-enabling restores the same URL.
  • No reserved-slug surprises. Slugs that conflict with our app routes (admin, api, login, etc.) and brand reservations are blocked at pick time, not after the fact.