Skip to main content

Trust Package

Security, data handling, and procurement review in one place.

Blacklight's trust package is the public starting point for partner security review, due diligence, and institutional rollout planning. It summarizes current controls, privacy review, retention practices, subprocessors, and the review materials available when an organization wants to support people through resumes, transitions, and job-readiness work without adding a messy tracking stack.

Review-friendly summariesFormal follow-up availableProcurement-ready path
Start with the trust packet
Open technical appendixOpen trust contact flow

Review path

For most procurement and privacy reviews, the trust packet is the shortest document a team can circulate internally before deeper appendix or questionnaire follow-up is needed.

Current public trust package · Use the packet first, then escalate only when needed

Materials

Choose the document set your reviewers actually need

The public trust center reflects the current trust package available for partner and institutional review. Use the contact flow if you need the full questionnaire packet, a procurement follow-up, or a trust question that is not answered by the public summaries.

Editorial rule

Start with the shortest document your review group can use. Move to the appendix or formal review lane only when the review really needs more depth.

Start here

Open the trust packet first

Best for the shortest credible document your reviewers can circulate before they ask for more detail.

Start with the packet

Go deeper

Use the technical appendix for operational detail

Best when privacy, security, or technical reviewers need retention windows, provider handling, and token or access detail.

Open technical appendix

Formal next step

Route questionnaire, procurement, or trust follow-up

Use contact when your organization needs the questionnaire packet, a formal procurement follow-up, or a trust question beyond the public summaries.

Open trust contact flow

Security and operational controls

Use these when the review is about security controls, privileged access, or continuity.

Security overview

Security reviewers, technical approvers, and mission-driven partners validating baseline controls before rollout.

High-level architecture, authentication boundaries, and platform-control summary for organizations that need a serious first-pass review.

Open summary

Access control summary

Reviewers validating privileged access, role separation, and operator safeguards.

Admin, partner, and privileged workflow controls with MFA and role boundaries.

Open summary

Audit logging summary

Security and compliance reviewers focused on traceability and sensitive-event review.

Sensitive admin and billing actions are logged for review and traceability.

Open summary

Incident response summary

Teams that need to know how incidents, outages, and high-risk operational issues are handled.

How operational issues are triaged, investigated, and handled when sensitive systems or partner workflows are involved.

Open summary

Backup and recovery summary

Teams validating resilience expectations before rollout or paid conversion.

Recovery approach and continuity expectations for partner-facing operations.

Open summary

AI usage and model handling summary

Organizations reviewing model usage, AI boundaries, and operational handling expectations.

Where AI is used in the workflow, how outputs are validated, and where human review still applies.

Open summary

Data, privacy, and vendor handling

Use these when the review is about what enters the system, how long it stays, and which providers are involved.

Data handling summary

Privacy, legal, and operations teams reviewing data scope and handling expectations.

What partner and end-user data enters the system, where it flows, and how it stays constrained to the service path.

Open summary

Retention and deletion summary

Institutions reviewing deletion workflows, privacy requests, and retention controls.

Retention windows, purge behavior, and privacy/deletion workflow expectations across normal operations and request-based deletion.

Open summary

Subprocessor list

Procurement and legal teams reviewing vendor dependencies and external service providers.

Current core vendors involved in hosting, billing, identity, messaging, booking, and model operations.

Open summary

Review process

Move from overview to formal review without a messy handoff

The trust center is meant to reduce back-and-forth, then route your team into the right next lane when a public summary is no longer enough.

01

Start with the shortest useful document

Most teams should start with the trust packet, not the deepest appendix or a custom questionnaire.

02

Use summaries to answer focused review questions

Open only the public summary that matches the reviewer asking the question instead of circulating every document at once.

03

Use the formal review lane only when needed

Book or route follow-up when procurement, privacy, or questionnaire review has moved beyond the public packet and summaries.

Formal next steps

Use the public material first. Switch to questionnaire, booking, or contact only if the review has already moved into a formal lane.

Questionnaire packet

Use the institutional questionnaire template when your process already requires a structured review packet.

Best for library systems, schools, workforce groups, nonprofits, and other organizations that use a formal questionnaire or procurement checklist.

Open questionnaire template

Book trust review

Book a live review when the team needs a walkthrough instead of another email thread.

Best when procurement, rollout, privacy, or launch questions are easier to resolve live.

Book trust review

Trust contact flow

Route procurement, privacy, or trust follow-up into the formal review lane.

Best when the public packet and summaries are no longer enough and your team needs formal follow-up.

Open trust contact flow

Coverage

What the public trust package actually covers

These summaries are designed to reduce back-and-forth during partner review. They cover the material most teams ask for first when they need to know whether Blacklight is careful with user data, operationally stable, and ready to support a mission-driven partnership.

Security and access controls

Admin and partner access is role-scoped, MFA-gated for sensitive workflows, and reinforced with audit logging around high-risk actions.

Data handling and retention

The platform documents what data is collected, how it is used, how scheduled minimization and retention work, and how deletion requests speed up removal when needed.

AI usage and model handling

The trust package explains where AI is used in resume generation, what operational safeguards exist, and how model processing stays bounded to the workflow.

Operational readiness and privacy stance

Incident response, backup and recovery, subprocessors, accessibility/document-delivery posture, partner-support boundaries, and the cookie-light public-site stance are documented so reviews can move faster.