The WordPress trust center your customers expect.
Free Forever.

OpenTrust is the open-source alternative to Vanta, Drata and SafeBase. Publish policies, certifications, subprocessors and data practices on your own WordPress site, with an AI assistant that answers visitor questions from your real corpus.

Install from WordPress.org Star on GitHub
  • GPL-2.0
  • Self-hosted
  • Zero PII logged
  • Encrypted secrets
  • WCAG-aware

Your visitors ask. OpenTrust answers.

Add an Anthropic API key. Visitors ask in plain sentences; the trust center answers from what you've published. Every claim cites the exact policy, certification or data-practice row it came from. The links come from Anthropic's Citations API, not guesswork.

  • Only your content. Answers pull from your published policies, certifications, subprocessors and data practices. Nothing outside.
  • Stays fresh on its own. Publish a policy, the cache clears. Save a cert, it's in the next answer. No re-indexing, no cron to babysit.
  • The bill can't run away. Hard caps of 500K tokens a day and 10M a month, by default. Tune them, or switch the chat off.
  • Abuse filtered, PII invisible. Per-IP and per-session rate limits up front, optional Cloudflare Turnstile behind them. Every identifier is hashed before it hits the log.
  • Secrets locked at rest. Your Anthropic key and Turnstile secret are encrypted with libsodium secretbox, salted from AUTH_KEY. Rotate the salt; every stored secret goes with it.

Everything a buyer wants to verify. In one place.

Five custom post types map to the five things every security review touches. Each one ships with a meta-box workflow, a public renderer, and the AI assistant baked in.

Policies

Versioned, diffable, framework-tagged. A curated block-editor palette keeps the markup clean. Visitors get a download button only when the author actually attaches a PDF.

Certifications

Status-tracked badges (active, in progress, expired) with effective and expiry dates. Upload your own PNG, or fall back to the bundled placeholder.

Subprocessors

Purpose, data processed, country, DPA status. Sortable, searchable, and pre-fillable from the bundled catalog of major vendors.

Data practices

Categorised cards covering what you collect, how you store it, who you share it with, your legal basis, and your retention. The full GDPR Article 30 surface, public.

Pre-filled libraries so you're not Googling every subprocessor.

Type three letters of a vendor name; the rest auto-fills: country, purpose, default category. The bundled catalog covers major subprocessors, common data practices, and the certifications you're likely to list. Extend or replace it via two WordPress filters.

200+
subprocessors with metadata
~92KB
pre-bundled, zero network calls
2
hooks to extend or replace

Publish a policy. Bump the version.

Mark a publish as a new version; OpenTrust bumps the number and archives the previous text as a WordPress revision. Visitors can browse every past version from the public page.

  • You decide what counts. Tick the "new version" box on publish; OpenTrust bumps the number and archives the prior text. Typo fixes stay quiet; deliberate updates get the bump.
  • History is public. Every past version stays browsable. Reviewers can verify when each version shipped and what it said. No "trust us" required.
  • Pending-effective banners. Schedule a future effective date and the public page tells visitors a change is coming.

Read it. Fork it. Audit it. Self-host it.

GPL-2.0-or-later. Modern PHP 8.1+ codebase with strict types, match expressions, and readonly properties where they earn their keep. No vendor SDKs. Every outbound call goes through wp_remote_post with an SSRF allowlist.

GPL-2.0-or-later PHP 8.1+ WordPress 6.0+ Zero build step No vendor SDKs i18n + WPML/Polylang
Browse the source

A trust center, built like a trust center should be.

If we're going to ask buyers to trust your security narrative, the plugin under it has to walk the talk.

Encrypted secrets

Your Anthropic API key and the Cloudflare Turnstile secret are encrypted with libsodium secretbox, salted from wp_salt('auth'). Rotate AUTH_KEY and every stored secret invalidates atomically.

Zero PII in logs

The wp_opentrust_chat_log table stores only hashed identifiers, never raw IPs, emails, or session IDs. A 90-day purge cron keeps the table tight.

Token budgets

Reserve / commit / release pattern across daily and monthly caps. Hit the ceiling and the chat surfaces a graceful exhausted-state, not a surprise invoice.

Rate limits

Per-IP and per-session sliding-window limits, optional Cloudflare Turnstile gate with a 1-hour bypass transient. The chat is open; abuse is not.

SSRF allowlist

Provider HTTP calls are whitelisted at the host level. The plugin can't be coerced into hitting your internal network, even if the model is asked to.

WCAG-aware accent

Pick any brand colour. The accent system clamps lightness in HSL space until it clears 4.5:1 contrast on white, or honours your override if you'd rather take the hit.

Frequently asked.

Everything security and procurement teams tend to ask before installing. If you have something that isn't here, open an issue on GitHub.

Is OpenTrust really free?
Yes. OpenTrust is GPL-2.0-or-later with no paid tier, no unlock screens, no feature gating, no "pro add-on" upsell. Install it, host it, ship it, for as long as WordPress keeps running. The only variable cost is your Anthropic bill if you enable the AI chat, and that's billed directly by Anthropic, not by us.
Do I have to enable the AI chat?
No. The plugin works as a fully static trust center without ever adding an API key: policies, certifications, subprocessors, data practices, FAQ, contact block. The AI assistant is an additive feature; flip it on when you're ready, flip it off any time.
What does running the chat actually cost?

Pocket change for most sites. You only pay Anthropic directly for the tokens you consume, and the plugin leans on prompt caching so the policy corpus is billed at cache-read rates after the first hit.

Ballpark, on Claude Sonnet 4.5 at current pricing, for a trust center with a typical ~20K-token corpus:

  • Quiet, ~50 conversations/month (seed-stage startup): under $3/month.
  • Typical, ~200 conversations/month (growing B2B SaaS): $8–$15/month.
  • Busy, ~1,000 conversations/month (widely-linked, active procurement funnel): $40–$60/month, right around the default monthly cap.

Hard ceilings are 500K tokens/day and 10M tokens/month, enforced by a reserve/commit/release budget. Tune them up or down to your appetite. Once a cap is hit, visitors see a graceful "come back later" state, never a surprise bill. Switching to Claude Haiku roughly cuts the numbers above by ~3×.

What stops someone burning through my AI credits?
Three overlapping defences. The token budgets above are hard ceilings, not soft hints. Per-IP (60s) and per-session (1h) sliding-window rate limits keep one visitor from flooding the queue. Optional Cloudflare Turnstile gates the first message of every session, with a 1-hour bypass transient so repeat readers aren't pestered. And if your corpus is so large it alone would blow the context budget, a 120K-token safety valve auto-disables the chat rather than letting it run hot.
Does the AI stay in sync when I update a policy?
Yes, automatically. The corpus the model sees is cached as a transient and invalidated the moment any OpenTrust post is saved, trashed, restored, or transitions status. Even if nothing changes, the cache expires after 12 hours. You'll never watch the chat cite last quarter's policy wording because someone forgot to press a "reindex" button. There isn't one.
Does the plugin phone home?
No. Zero telemetry, zero analytics, zero licence checks. The only outbound HTTP calls the plugin can make are the AI chat requests you configure (to Anthropic), and those go through an SSRF allowlist. Everything else is local to your WordPress install.
What do chat logs store about visitors?
Structurally, never PII. The wp_opentrust_chat_log table has no columns capable of holding raw IPs, emails, session IDs, user agents, or referers; only short hashed identifiers, the question text (capped at 1,000 chars), and aggregate token counts. A 90-day purge runs on wp_cron to keep the table lean. The privacy posture is enforced by the schema itself, not by good intentions.
Will it clash with my theme?
It can't. The trust center intercepts the request at template_redirect, outputs a complete standalone HTML document with inlined CSS, and exits. Your theme's stylesheet, header, footer, and JavaScript never load. All styles are wrapped in @layer opentrust and prefixed with ot- for belt-and-braces isolation.
How hard is it to brand?
Pick a hex accent colour, upload a logo, set a page title and tagline. That's the whole setup surface for look-and-feel. The plugin clamps your accent's lightness in HSL space until it clears WCAG AA contrast on white, or respects your override if you'd rather take the hit.
Is it translatable?
Yes. Ships with a .pot template and a starter Dutch translation. WPML and Polylang compatible out of the box. All four content CPTs are registered public with a wpml-config.xml declaring translatable meta fields, so policies/certs/subprocessors/data-practices can be translated per-language.
Is there an audit trail for policy changes?
Every publish auto-increments the policy's version number, tags the WordPress revision, and adds it to a version history meta box with view and diff links. Each historical version is reachable at a stable URL (/trust-center/policy/{slug}/version/{n}/), so auditors can cite "as of v4" without you digging through revisions. Your buyers see "last updated" on the current policy; your auditors get the receipts.
What's the minimum stack?
PHP 8.1+, WordPress 6.0+. No Composer vendor tree, no build step, no Node dependency. Libsodium (bundled with PHP 7.2+) is used for secret encryption. That's the whole stack.

Ship your trust center this afternoon.

Install the plugin, set your accent colour, publish a policy, drop in an AI key. The whole loop fits in a coffee break.

Install from WordPress.org Star on GitHub