Updates

Updates let you announce security, compliance, privacy, subprocessor, maintenance, and other Trust Center changes in one place. Customers can read published updates from your Trust Center, open a shared update link in a modal, and subscribe by email when subscriptions are enabled.

Who Can Manage Updates

Updates are managed from Admin Center → Updates. Admins and content managers can create and edit updates. Viewer-level users can read update information but cannot publish, archive, delete, or change settings.

Settings

Open Admin Center → Settings before using update subscriptions or scheduling.

• Enable update subscriptions shows the Subscribe to updates button in the public Trust Center header. It also allows you to use the Email subscribers delivery channel.
• Timezone is your tenant default timezone. New updates use it as the starting point for scheduled publishing and customer-facing effective dates.

After changing settings, select Save. The Trust Center button does not appear until update subscriptions are enabled and the settings page is saved.

Create An Update

1. Open Updates and select New update.
2. Add a title, summary, body, and classification.
3. Choose affected content when the update is about specific documents, certifications, or subprocessors.
4. Choose the access level.
5. Choose delivery: draft, publish now, or schedule.
6. Save the update.

The body supports Markdown. Use the summary for the short version customers see in the update list, and use the body for the complete explanation.

Save First, Then Publish

Publishing is intentionally a two-step flow.

When you choose Publish now or Schedule, Admin Center first saves the update. It then asks you to confirm the publish or scheduled publish action. This prevents accidental sends and gives you a final check before the update becomes visible or email delivery is queued.

Use Draft when you want to save work without showing it to customers. Drafts are not visible in the Trust Center and do not send emails.

Classifications

Classifications describe what kind of update you are publishing. Examples include Security advisory, Incident, Maintenance, Compliance, or Privacy.

Classifications are important because they:

• Label updates in the Trust Center.
• Help subscribers choose the types of updates they want to receive.
• Can include localized titles for multilingual Trust Centers.
• Can include custom fields, such as severity or region, when your customer communication process needs them.

Every update must have a classification before it can be published or scheduled. You can select an existing classification, create one while writing an update, or start from a classification template.

Access Levels

Access level controls who can open the update in the Trust Center.

Be careful with email delivery and restricted content. Subscribers or selected contacts may receive an email, but they still need the matching Trust Center access level to open protected updates.

Delivery Channels

Updates can use one or more channels:

• Trust Center publishes the update to the Trust Center updates timeline.
• Email subscribers sends the update to people who subscribed through the Trust Center. This channel is available only when update subscriptions are enabled in Settings.
• Custom audience sends the update to selected contacts.

Before publishing, use the readiness checklist to confirm the title, body, classification, delivery channel, audience, and schedule are complete. You can also send a test email from a saved update without publishing it.

Scheduling And Timezones

Updates use two date concepts:

• Published at controls when an update becomes visible and when selected delivery channels can run.
• Effective at is the customer-facing date for when the change, event, or impact applies.

For scheduled updates, choose both a date/time and a timezone. The timezone tells Admin Center how to interpret the selected publish time. For example, 09:00 Europe/Berlin means the update should publish at 9:00 AM Berlin time, even if the viewer or admin is in another timezone.

The Trust Center also gives readers a timezone selector so they can view update times in their own timezone. If an update does not have a specific effective timezone, the tenant timezone is used.

Follow-Ups

Use follow-ups when an update is part of an ongoing thread, such as an incident, maintenance window, document rollout, or subprocessor change.

Follow-ups can only be added to published updates. A follow-up inherits the parent update's classification, access level, channels, affected content, and audience by default, so customers see a consistent thread.

Root updates control the follow-up order:

• Newest first shows the latest follow-up at the top of the thread.
• Oldest first shows the original update first and then the timeline in sequence.

Choose Newest first for status updates where customers usually need the latest state immediately. Choose Oldest first for chronological narratives where the full sequence matters.

Slugs And Shared Links

The slug is the readable identifier used in update links. Use lowercase words separated by hyphens, such as soc-2-type-ii-report-published.

Published updates can be shared with a Trust Center URL that includes the update slug:

https://trust.example.com?update=soc-2-type-ii-report-published

When a customer opens that link, the Trust Center opens the update directly in a modal. If no slug is set, the update ID is used instead. Slugs are easier to share and safer to keep stable, so add one before publishing customer-facing updates.

Archive, Delete, Or Return To Draft

Use the action that matches the lifecycle of the update:

• Draft keeps work private. Drafts can be edited or deleted.
• Return to draft is available only for eligible published, scheduled, or archived updates that have not sent email delivery. Updates with email delivery cannot be returned to draft.
• Archive removes a published update from the active customer-facing timeline without deleting its record. Only published updates can be archived.
• Delete permanently removes the update. Updates with sent email delivery cannot be deleted. If a root update has follow-ups, delete the follow-ups before deleting the root update.

Archive customer-facing updates when you need to preserve history. Delete only drafts, mistakes that were never sent, or updates you intentionally do not need to retain.

Templates

Update templates help teams keep wording and structure consistent. Use templates for repeated update types such as maintenance notices, new compliance reports, subprocessor changes, or security advisories.

Templates can include a title, summary, body, badge, and category. Starting from a template still lets you edit the final update before saving or publishing.

Subscriber Experience

When update subscriptions are enabled, visitors see Subscribe to updates in the Trust Center header. They can enter an email address and choose all updates or only specific classifications. Subscribers receive confirmation and update emails according to their preferences.

Subscribers can unsubscribe or adjust preferences from the links in update emails. If a subscriber chooses specific classifications, they receive only updates that match those classifications and any selected content preferences.

Practical Checklist

Before publishing, confirm:

• The summary is clear enough to stand alone in the Trust Center list.
• The body explains what changed, who is affected, and what customers should do next.
• The classification matches how customers would expect to subscribe.
• The access level matches the sensitivity of the content.
• The slug is readable and stable.
• The publish time and effective time use the intended timezone.
• Email subscribers or custom audience are selected only when you are ready to send.