Trust signal.

A trust signal is the appearance or disappearance of compliance and security content on a competitor’s site: SOC 2 Type II, ISO 27001, GDPR statements, HIPAA, security white papers, sub-processor disclosures, status pages. Trust signals are slow-moving but high-stakes; they are the prerequisites for closing enterprise deals, and a competitor publishing them is a competitor about to attack the upmarket segment you may also be aiming at.

What it looks like in practice

NorthCart adds a SOC 2 Type II badge to their footer in March. By April, a “Security” link appears in their main navigation. By May, the security page links out to a sub-processor disclosure and a status page. By June, NorthCart is in an enterprise pilot you also pitched and lost. The trust pages were the early warning. Three months of public preparation before the enterprise sales motion landed, all readable from the rival’s own site, none of it requiring a single competitive interview to confirm.

Why trust signals deserve a category of their own

They are slow, low-volume, and easy to miss because nothing on a security page sells; it just exists. But the move from “no compliance page” to “compliance page with a SOC 2 badge” is a strategic decision worth tens of thousands of dollars in audit cost; nobody publishes it casually. SpotRivals watches trust and compliance URLs separately from marketing pages, and the Monday brief flags any change to security posture as Important by default. For SaaS teams selling to mid-market and above, this is the category that signals where rivals are about to land.