Demonstrate your securityin real time

Trust assurance is the capability to measure with confidence that information security, privacy controls, processes, and systems across an organization are effective, predictable, and transparent. Basically, it is knowing and proving that your GRC bases are covered.

Kardu Trust Center View plans

Trust Assurance

Trust Center and Trust Badge

Trust Center

It is a public page that shows your live Compliance Score, active frameworks, and audited controls. Any update you make in Kardu will be reflected automatically. This way, your clients and auditors will always see the current status.

See the Kardu Trust Center →

Trust Badge

It is a Trust Center widget that you can embed on your corporate website. It is also available in a compact version for commercial proposals and email signatures. It connects in real time and always shows updated information.

Integration snippet

Once your compliance is underway, Kardu automatically generates three resources:

A public link to share your Trust Center (app.kardu.eu/trust/your-company)
Two integration snippets to embed the Trust Badge on any website with a single line: large version and compact version.

Trust Center - Widget Grande

Trust Center - Widget Compacto

Use the Trust Center/Badgewith full confidence

Your data lives within the European Economic Area and with no exposure to the US CLOUD Act. Every piece of evidence you upload is sealed with an SHA-256 hash and is irreversible — what is there is what was there.

eu-central-1

Frankfurt, DE · EEA

Data residency

Frankfurt, Germany. No CLOUD Act exposure

The CLOUD Act (Clarifying Lawful Overseas Use of Data Act, 2018) allows the US government to demand data from American companies regardless of where it is hosted. If you use Google Workspace, Microsoft 365 or Salesforce, their US parent entities can be compelled to hand over your data without notifying you.

Sovereignty — important nuance

Full sovereignty would require that no provider in the chain has legal exposure to non-European governments. Kardu uses some tools with US origins; our goal is to be 100% sovereign in the future.

See our sub-processor list and threat model to assess this yourself.

Read the official CLOUD Act text →

Public

Radical transparency

We publish our threat model

A threat model is a structured analysis of which assets we protect, which threats we consider relevant and which controls we have implemented to mitigate them. Most companies keep it private. We publish ours because asking for your trust without demonstrating it first would be inconsistent with what we are building.

The model covers unauthorized access, data exfiltration, insider threats, supply chain compromise and evidence integrity. It is updated with every relevant architecture change.

View full threat model →

sha256:

a3f8c2d1e9b7...

Cryptographic integrity

Every piece of evidence has a proof of existence

When you upload a document to Kardu as evidence for a control, the system automatically generates a cryptographic hash (SHA-256) and anchors it with a timestamp at the exact moment of upload. This creates a mathematical proof that the document existed on that date and has not been modified since.

For an auditor, this eliminates the possibility of retroactive adjustments. What is there is what was there. No room for undetected modifications.

Why Trust Assurance?

Your compliance is not an annual event

Certification validates your posture at one specific point in the year. But threats evolve, teams change and controls degrade. An audit is a snapshot; real compliance is a continuous process.

Companies that demonstrate their security continuously win more contracts, shorten sales cycles and build trust without sending a PDF every time someone asks.

Activate Trust Center See the full product