Institutional Security, Privacy, and Data GovernanceDocumentation Index
Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt
Use this file to discover all available pages before exploring further.
1. Executive Summary
The Truthlocks B2G Procurement Pack is designed for government agencies and public institutions. It addresses the unique requirements of public sector data handling, including rigorous auditability, sovereign data control, and incident response readiness.2. Institutional Architecture
Truthlocks provides Sovereign-Ready Infrastructure:- Regional Data Residency: Support for localized hosting within approved AWS regions.
- Logical Isolation: Enhanced RLS policies and dedicated encryption keys per government tenant.
- Auditability: Real-time, tamper-evident logs for every administrative and transactional action.
3. Privacy & Compliance Matrix
| Objective | Truthlocks Control |
|---|---|
| Data Retention | Configurable TTLs and automated erasure schedules. |
| Data Minimization | Private payloads are never indexed; only cryptographic hashes are persisted. |
| Access Control | Fine-grained RBAC with mandatory multi-party authorization for high-stakes ops. |
| Transparency | Publicly verifiable signed checkpoints for platform integrity. |
4. Incident Response & SLAs
We maintain a robust operational posture for public sector reliability:- Uptime SLA: 99.99% availability for core signing and verification services.
- Recovery: Multi-AZ failover and encrypted point-in-time recovery for all system logs.
- Security Disclosures: Dedicated PGP-signed security communications and a 24/7 Response Team.
5. Enterprise onboarding emails
When you create a government tenant, Truthlocks sends a dedicated onboarding invite email to the tenant administrator. This email is separate from the standard issuer welcome and is tailored for institutional stakeholders.Triggers
The enterprise onboarding invite is sent automatically in two scenarios:- Tenant creation — A platform admin creates a tenant with the
GOVERNMENTtype. The designated admin receives the invite immediately. - Lead qualification — A sales lead is marked as “qualified” in the platform leads pipeline. The lead’s contact email receives the invite with a link to sign up.
What the recipient sees
The administrator receives an email titled “You’ve been invited to Truthlocks Enterprise” containing:- The organization name of the government agency or institution
- A branded call-to-action button (Accept Invitation) linking directly to the onboarding wizard
- A brief overview of the Truthlocks Enterprise platform
Onboarding flow
After clicking Accept Invitation, the recipient is guided through the console onboarding wizard:- Organization profile — Configure the agency name, region, and compliance requirements.
- Team setup — Invite additional administrators, developers, and auditors.
- Issuer creation — Register the agency as an issuer. The issuer is activated immediately at the Basic trust level. Optionally, submit an issuer application to request a higher trust tier.
- Key generation — Create Ed25519 signing keys for attestation issuance.
- Test mint — Issue a test attestation in the sandbox environment to validate the integration.
Custom SMTP support
Government tenants that require emails to originate from their own mail infrastructure can configure a custom SMTP sender in Settings > Email. Once configured, all onboarding and notification emails for that tenant route through the custom SMTP server instead of the default AWS SES provider.For details on email infrastructure, bounce handling, and suppression lists,
see the Email Delivery & SES Integration guide.
6. Deployment framework
- Pilot Phase: Sandboxed integration for feasibility and security assessment.
- Compliance Review: Detailed mapping of Truthlocks controls to local institutional standards.
- Production Rollout: Incremental migration of public service records to the high-integrity layer.