Skip to content
Maintruth
How it works

A repeatable workflow for enterprise security reviews.

Maintruth turns scattered security answers, documents, and buyer requests into a structured process your startup can reuse.

Get startedSee pricing

Acme Corp · security review

Questionnaire · 142 questions · 128 drafted

In review

Questions

  • Is customer data encrypted at rest and in transit?

    Approved

  • Where is customer data hosted?

    Approved

  • Do you have a current SOC 2 Type II report?

    Drafted

  • List the subprocessors that handle customer data.

    Drafted

  • Describe your incident response process.

    In review

Buyer question

Is customer data encrypted at rest and in transit?

Approved answer

Customer approved

Yes. Data is encrypted with AES-256 at rest and TLS 1.2+ in transit.

Evidence: SOC 2Encryption PolicyLast reviewed Apr 2026
Drafting progress128 / 142

Activity

  • Maintruth drafted this from the knowledge base

    2m

  • Acme Corp approved the answer

    1h

  • SOC 2 report linked as evidence

    1h
The workflow

Six steps from scattered answers to a system your team controls.

Each completed review feeds the next one, so your security-review process gets faster and more consistent as you go.

Get started
  1. 01

    Onboard your trust materials

    You share what you already have:

    • SOC 2 report or readiness materials.
    • ISO certificates, if applicable.
    • Security policies.
    • Architecture diagrams.
    • Data-flow docs.
    • Prior questionnaires.
    • Subprocessor list.
    • Pen test summaries.
    • Security FAQs.
    • AI or privacy documentation.
    • Buyer security emails and follow-ups.

    We organize those materials into a usable evidence base.

  2. 02

    Build your answer library

    We create a reusable answer library with:

    • Approved answer language.
    • Supporting evidence.
    • Source documents.
    • Notes for unclear or risky answers.
    • Questions that need customer approval.
    • Topics that need better documentation.

    This becomes the foundation for future reviews.

  3. 03

    Send us new buyer requests

    When a security review arrives, send it to Maintruth however works for you, a forwarded email, a Slack message, or a note in your CRM. A reviewer on our team picks it up and intakes:

    • Buyer name.
    • Deal context.
    • Deadline.
    • Review format.
    • Product or environment in scope.
    • Any special buyer requirements.
    • Whether submission is through a spreadsheet, portal, document, or email.
  4. 04

    We draft evidence-backed responses

    We complete the review using your approved materials and identify anything that needs your input. We flag:

    • Missing evidence.
    • Ambiguous controls.
    • Buyer requests that require legal or executive approval.
    • New documents that may need to be drafted.
    • Questions that should not be answered without confirmation.
  5. 05

    You approve before anything goes out

    You remain the owner of your security claims.

    Maintruth does not submit unsupported answers, invent controls, or make commitments without your review and approval.

  6. 06

    Every review improves the next one

    After the review is complete, we update your answer library and gap register. Over time, your team gets:

    • Faster responses.
    • More consistent answers.
    • Fewer repeated questions.
    • Better buyer-facing documents.
    • A clearer roadmap of trust gaps.

Build your security-review workflow

Send Maintruth your trust materials and your next buyer request. We’ll help you intake, complete, approve, and reuse every response.

Get startedSee pricing