Usage

Adding content

OpenTrust adds five menu items under the top-level OpenTrust entry in wp-admin, one per content type. The block editor is enabled on policies (full WordPress editor experience). Certifications, subprocessors, data practices, and FAQs use the classic title field plus a sidebar meta box.

Policies

The block editor is enabled with a curated allowed-blocks set: paragraph, heading, list, table, quote, separator, image, code, details. The sidebar meta box captures Policy ID, category, effective and review dates, framework citation pills (SOC 2, ISO 27001, GDPR, etc.), an optional PDF attachment, and sort order.

Policies render at /trust-center/policy/{slug}/.

Certifications

Add the cert title (or pick from the catalog typeahead: SOC 2, ISO 27001, ISO 27701, HIPAA, PCI-DSS, more), then choose a status (active, in progress, expired), the issuing body, issue and expiry dates, and optionally upload a badge image and an artifact (the audit report PDF).

Certifications render in the certifications grid on /trust-center/.

Subprocessors

Type the vendor's name. The catalog covers 200+ common subprocessors and auto-fills purpose, country, website, and a sensible default category. Confirm DPA-signed status, save.

Subprocessors render as a sortable, searchable table on /trust-center/.

Data practices

The most demanding content type. For each practice you record what you collect, the purpose, the legal basis (consent / contract / legitimate interest / legal obligation / vital interest / public interest), retention period, what you collect, where it's stored, who you share it with, whether it's encrypted, and whether it's sold (Article 30 GDPR surface).

Data practices render in their own section on /trust-center/.

FAQs

Title (the question) and editor body (the answer). Optionally link a related policy. Sort order is controlled by Page Attributes → Order.

FAQs render in an expandable list on /trust-center/. The default install seeds a starter set of common FAQs; you can edit, replace, or delete them.

Catalog autofill

The Add-New screen for subprocessors, data practices, and certifications enables a JS typeahead over the bundled catalogs. Catalogs are pure-PHP arrays loaded once per request, no database writes, no network calls.

You can extend or replace catalogs from your own code with the relevant filter. See Developers / Hooks → Catalogs.

The typeahead is intentionally only on the Add-New screen. On the Edit screen the field is plain text so you can override anything the catalog injected.

Policy versioning

Policies have first-class version control built in. Tick Publish new version in the sidebar before saving and OpenTrust:

Increments _ot_version (1 → 2 → 3 …).
Tags the prior content as a WordPress revision, so it stays reachable as a permanent record.
Updates the public "last reviewed" pill on /trust-center/policy/{slug}/.

Public version URLs

Every historical version is reachable at:

/trust-center/policy/{slug}/version/{n}/

This is the URL you give an auditor when they want to cite "as of v4." A request to a version URL that matches the current version 301-redirects to the canonical /trust-center/policy/{slug}/.

Comparing versions

The version-history meta box lists every prior version with two links:

View opens the public archived version.
Diff opens core's revision.php diff screen with the right two revisions pre-selected, so you can review the actual line-by-line text change.

Change summaries

Optional Version summary field captures a one-line "what changed" note. Shown on the version-history meta box. If you skip it, the row shows just the version number and date.

PDF attachments on policies

Upload your authoritative PDF version of a policy via the media library, attach it to the policy via the PDF attachment field, and OpenTrust shows a Download PDF button on the public policy page. No PDF, no button. OpenTrust deliberately does not auto-render PDFs from your block content; auto-rendered PDFs almost always look worse than a hand-crafted master.

Live trust center

The public trust center lives at /trust-center/ (or your configured endpoint slug). Sections render in a fixed order:

Hero (page title, tagline, optional logo).
Certifications grid (only with at least one active or in-progress certification).
Policies grouped by category.
Subprocessors table.
Data practices grid.
FAQ list.
Contact block (only if at least one contact field is filled).

Section ordering is not configurable in v1.x. Per-section visibility toggles live on the General settings tab.

Multilingual setup

OpenTrust ships with a .pot template, an nl_NL translation, and a wpml-config.xml declaring translatable CPTs and meta fields. WPML and Polylang work out of the box.

What's translatable

All five CPT post types are registered as public, so language-aware queries work.
Per-policy _ot_policy_chat_summary is per-locale (the AI summarizer keys by language).
The chat corpus is locale-aware: a separate transient is built per active language so a Dutch visitor's question pulls Dutch policies and a French visitor's pulls French.

Regenerating the .pot

wp i18n make-pot . languages/opentrust.pot --domain=opentrust

Contribute a translation at translate.wordpress.org.

Visitor-facing AI chat

When the AI chat is enabled, visitors see an additional Ask entry on the trust center. Open /trust-center/ask/ for the dedicated chat page. The visitor flow, the citation behaviour, the no-JS fallback, and the operator-side controls are documented in AI Chat.

On this page