Trust Center: Sourcing, Privacy and Security

Sourcing, Privacy, Security and Delivery Trust

The GSDSI Trust Center indexes the public diligence surfaces enterprise and federal buyers use before procurement: sourcing methodology, privacy rights, vulnerability disclosure, data delivery controls, and contract-scope boundaries. Binding obligations remain in signed customer agreements, the Privacy Policy, Terms of Use, and any applicable order form or data processing addendum.

Public trust surfaces

• Sourcing methodology for source categories, provenance artifacts, quality checks, and exclusions.
• Privacy Center and Do Not Sell for privacy rights, opt-outs, and GPC handling.
• Security policy and security.txt for vulnerability disclosure routing.
• Developer integration guidance for manifests, sample rows, delivery formats, and QA checks.

Qualified buyers can request NDA-scoped diligence materials such as field-level dictionaries, source-category summaries, sample manifests, delivery checksums, retention and deletion terms, and security-process summaries.

FAQ

Is the Trust Center the source of binding legal terms?

No. The Trust Center is an index of public diligence materials and buyer-facing explanations. Binding obligations live in signed customer agreements, the Privacy Policy, the Terms of Use, and any applicable order form or data processing addendum.

What diligence materials can qualified buyers request?

Depending on the feed and use case, buyers can request source-category summaries, field-level dictionaries, delivery manifests, sample checksums, refresh cadence documentation, retention and deletion terms, and security-process summaries.

Where should security researchers report vulnerabilities?

Security researchers should follow the instructions in /.well-known/security.txt and the public SECURITY.md policy. The Trust Center links to those public disclosure materials.

Does GSDSI publish subprocessors publicly?

Subprocessor and vendor details are provided where appropriate through NDA-scoped diligence or customer agreement workflows. Public pages summarize the control areas without exposing sensitive operational details.