Public Trust & Compliance Evidence Agent

Turn public trust centers, security pages, privacy pages, and legal pages into a compact evidence record for vendor review, sales due diligence, procurement triage, and AI-agent research.

The Actor looks for public evidence such as security controls, SOC 2, ISO 27001, GDPR, DPA, subprocessor, status-page, privacy, vulnerability-disclosure, and compliance links. It returns source URLs and short evidence snippets so a human or downstream agent can inspect the original claims.

It does not certify a company, provide legal advice, verify private audit documents, log in to trust portals, or claim that a vendor is compliant. It only organizes public evidence.

How To Use It

For a broad first pass, provide a public trust center, security page, privacy page, legal page, or company homepage and leave focus terms empty:

{
  "trustOrSiteUrls": ["https://www.cloudflare.com/trust-hub/"],
  "focusEvidenceTerms": [],
  "maxEvidencePages": 4,
  "previousEvidenceRecords": []
}

For targeted review, add focusEvidenceTerms such as SOC 2, ISO 27001, DPA, subprocessor, status, GDPR, encryption, or

vulnerability disclosure

For repeat monitoring, pass previous dataset records from this Actor in previousEvidenceRecords. If the public evidence hash is unchanged, the record is written as changeStatus: "unchanged" without the useful event charge.

What It Finds

Useful evidence can include:

• trust center, security, privacy, legal, DPA, and subprocessor pages
• SOC 2, ISO 27001, GDPR, CCPA, and other public compliance references
• status pages and incident transparency links
• vulnerability disclosure and responsible security contact evidence
• short source-linked snippets that help a human or AI agent inspect claims

Pricing

Pay-per-event pricing is designed to be predictable:

• apify-actor-start: a tiny run-start fee
• useful-trust-evidence-result: charged only for useful public trust/compliance evidence records
• no apify-default-dataset-item

If focusEvidenceTerms are supplied, useful-result charging requires at least one matched term. Invalid inputs, duplicate equivalent URLs, private-network targets, query/fragment/token inputs, weak pages, failed fetches, and unchanged records do not charge the useful event.

Output

Each input produces one compact record with fields such as:

• status, changeStatus, inputUrl, and siteOriginUrl
• evidenceTypes and complianceReadinessScore
• trustCenterUrls, securityUrls, privacyUrls, dpaUrls, subprocessorUrls, statusUrls, certificationUrls, and legalUrls
• evidenceSnippets with source URLs and matched evidence types
• matchedEvidenceTerms, complianceEvidenceHash, confidenceScore, completenessScore, missingFields, and diagnostics

Boundaries

This Actor is not a broad crawler, API-docs scanner, pricing extractor, contact finder, hiring monitor, article extractor, or legal compliance verifier. It fetches the input page plus a small bounded number of same-organization trust/security/legal candidate pages.

It does not use cookies, render JavaScript, bypass paywalls, download private documents, solve CAPTCHAs, access login-required trust centers, enrich private persons, or fetch arbitrary external links.

Not For

This Actor is not a legal opinion, certification verifier, audit-document reader, procurement decision engine, or private trust-portal crawler. It only extracts bounded public evidence and source links.