HR & Leadership

How SaaS Products Ascend the “Trust Pyramid”

August 16, 2019

SaaS products may be the future of how we work, but that future will only happen if we can overcome significant obstacles along the way.

And the biggest obstacle is trust.


      • According to a recent 2018 report on Enterprise Cloud Trends, 61% of IT decision makers identified data privacy as the most significant concern for moving organizational operations to the cloud.
      • In a separate report, enterprise IT and security professionals found security to be the biggest barrier to SaaS adoption (State of the IT Enterprise Infrastructure & Security 2019).
      • All of this while the impact of GDPR is still being sorted out—and the CCPA going into effect is just months away.

This 2019 Cost of a Data Breach Report from IBM Security examined the cost of a data breach, looking specifically at factors that mitigated (decreased) or amplified (increased) cost. The top 3 amplifiers of expense were extensive cloud migration, compliance failures and a third-party breach.

All of this as each week brings with it another newsbreak regarding privacy missteps—or some new customer data breach. The New York Times even has an ongoing “Privacy Project” with weekly articles dedicated to these topics.

Everything suggests there’s a breakdown in trust: Consumers struggle to trust companies with their data. Companies struggle to trust the SaaS products they need.

Until the problem of trust is addressed, these struggles will continue. So how can you be upfront with your customers and build trust?

Build a Trust Pyramid

How do businesses address the problem of trust?

Well, how does trust work? When you try and explain how trust works (we have), you see just how complex it really is. This is because the concept of trust is tacit knowledge—one of those things we understand intuitively but have a hard time explaining.

Thankfully, though explaining what trust is can be very hard, evaluating how trust is earned is easier. Consider “The Trust Pyramid,” a framework developed by user experience research and consulting firm Nielsen/Norman Group (“NN/g”). The Trust Pyramid is a bit like Maslow’s hierarchy of needs. Like Maslow’s hierarchy where lower needs must be satisfied before higher needs, in order to build trust—and move up the Trust Pyramid—you must first satisfy lower levels of trust. Trust is built from the ground up.

Take a look:

As a consumer moves from the base of the pyramid to the top, more and more trust is granted.

We can illustrate how the Trust Pyramid works with an example.

Imagine you arrive at a new website (or app) you’ve never encountered before. According to NN/g’s Trust Pyramid, you’ll arrive with a clean slate—no trust in the site, whatsoever. What tells you the site is safe? Maybe it’s that Google lists it. Perhaps it loads rapidly. Or maybe it’s designed neatly and reacts as you’d expect when you interact with it.

As you ascend the Trust Pyramid, you go from baseline trust—which is to say, not very much—to light transactional trust. Take this common digital experience for example: Imagine you add an item to your cart, suggesting you are at least entertaining the idea of making a purchase. Then, based on signals during the checkout flow, you determine you can give the site more sensitive information like your credit card number, shipping address and phone number. As the step-by-step flow proceeds as you expect it to, you go on to complete the purchase. Once the goods are delivered to your satisfaction, perhaps you even reach the top of the pyramid—and go on to make future purchases.

As NN/g puts it, you now have a “willingness to commit to an ongoing relationship.”

A close look at the pyramid levels shows us that the most fundamental requirement is for the site (or app) to match user expectations at each level of trust. Begin by giving the user control of the experience. Then, through continuously offering value to the user, mirror user engagement by meeting their expectations every step along the way.

Here’s how NN/g puts it:

“The site’s requests and the users’ trust needs must be in equilibrium: Don’t make demands at higher levels of commitment until you’ve addressed all the trust needs at the inferior levels.”

Sites that want to ask more of their users must exercise caution, proceeding slowly. Asking for too much too soon—or asking for more than what’s absolutely necessary—can shake lower levels of trust. Also, remember that the experience of building trust with a brand isn’t something explicitly realized by the customer. Similar to how trust works in real life, people don’t notice the small steps they take as they increase their levels of trust.

NN/g’s Trust Pyramid is simple to understand for B2C companies—but when it comes to building a Trust Pyramid for SaaS, there’s a lot more to consider. Not only must a SaaS company build trust with never-before-seen audiences, they must earn the trust of all the new users after the deal is closed. SaaS products establish ongoing relationships with new dependencies.

With so much at stake, what does a Trust Pyramid for SaaS look like? In this article, we’ll walk you through each level of the Trust Pyramid for SaaS—all the way from the foundation to the top. We’ll start with those new to your brand and then end with a look at what building trust with new logged-in users looks like.

Building the Trust Pyramid for SaaS Products

What follows is an overview of how you can think about NN/g’s Trust Pyramid as it pertains to a SaaS product. We’ll cover everything from the foundation to what the pyramid looks like at each level.

Start With a Foundation for Trust

A Trust Pyramid must begin with a solid foundation for trust. As any builder knows, the foundation is critical because it is the footing on which the entire structure stands. If the foundation is not rock-solid, it will eventually fail.

And when it does, the entire Trust Pyramid could very well fall with it.

SaaS companies build a solid foundation for trust by first satisfying the demands of privacy, security and compliance.

There are no shortcuts here. Security must be engineered into every facet of the product. For compliance, regulations must be studied, understood and addressed. And as for privacy, consumer expectations must be kept in constant, proactive focus—lip-service about “taking privacy seriously” simply won’t cut it.

Addressing privacy, security and compliance are beyond the scope of this article. Suffice to say that only once you are thoughtfully and aggressively addressing privacy, security and compliance should you focus on building the next levels of the Trust Pyramid.

Level One: Baseline Relevance and Trust That Needs Can Be Met

Pyramids are built atop a wide, sturdy base. The success of each level will affect the success of each higher level. That’s why each level must be built properly before the next level is attempted.

For SaaS companies, Level 1 concerns establishing that user needs can be met. This is done through satisfying expectations regarding dependability, speed and perceived security—while also presenting baseline relevance through empathy and clarity.


How do you trust a service if it’s not predictably, reliably available? Customers depend on SaaS products to get their job done. If software services go down, work grinds to a halt. This can be a trust-shattering event.

The other day Slack suddenly became slow and unreliable. We Slack users had to determine whether or not it was the service—or our Internet connection—that was the problem. Once we realized it was Slack that was down, we struggled to communicate. Our normal workflows had been compromised leading to frustration, wasted time, and needless distraction.

If you want customers to trust your service, it must be consistently, reliably available. Take measures to prevent catastrophic service outages. Stress-test your systems and plan out what to do when things go wrong. And secure a third-party status page (like to validate your dependability.


A core value proposition for SaaS products is that they help customers work more efficiently and effectively—the best SaaS products make customers more bionic.

For SaaS users, speed matters. If your SaaS product is slow, user trust will degrade fast. Studies have shown a 500ms delay can increase peak frustration, decrease engagement and “seriously undermine overall brand health” (Radware). If it’s too slow, usage will decline and eventually, your customers may simply give up.

Over the years, one of the most staunch advocates of speed has been Google. In 2012, Urs Hoelzle shared research that a mere 400ms delay in returning search results translated into a 0.44% drop in search volume. Google’s focus on speed doesn’t stop with their search engine, they go so far as to consider website speed for search rankings, too, and have been doing so for nearly a decade.

How fast is your SaaS? Exactly where is your service bogging down your users? Like Google’s millisecond analysis, do you have any sense for how the speed of your service impacts customer trust? Vigilantly monitor latency. The milliseconds you save will directly translate into increased trust from your users.

Perceived Security

How do users perceive security for a SaaS product?

For one, it’s standard practice now that websites should use `https` to send data between a browser and a website. Sites that do not serve their websites using `https` are now flagged by Google Chrome, which is a red flag they aren’t trustworthy.

If you have `https://` set up, check to make sure your site can’t be accessed at `http://`. If you find your site is available at the unsecure URL, set up proper redirection rules so that any connection at http:// redirects to https://.

You can also check to see how your site appears in Google (or DuckDuckGo or Bing) search results. A blank meta description could make your search results look “off” to users before they even access a page on your site or app. Providing search engines with proper title tags and meta descriptions for your site will ensure that visitors make a proper first impression—before even loading your site or app.

Make sure image assets and CSS loads properly. Broken image tags and janky designs undermine trust.

Baseline Relevance

How might a user know if a site or app has their interests in mind? Build baseline relevance for users by combining empathy with clarity.

For empathy, recognize the job the user is trying to do. Then make it clear how to do that job with the product. Copy is critical for clarity. For example, in any marketing copy, clearly articulate the problem consumers have. Then, explain how the product or service solves that problem. Avoid hyperbolies and buzzwords whenever possible.

Continuously test your assumptions by putting yourself in the shoes of your audience. Identify common paths on your site or app. Analyze your users sessions, especially the ones that show high levels of frustration and dropped conversions. What problems are your users trying to solve at each step? Where are they getting frustrated or lost? Missing relevance can manifest as friction in the user experience—think rage clicks, going back and forth between the same pages, failed search queries, thrashing mouse, page idling and subtle signals can point to a lack of relevance.

Solving for relevance builds trust. Understanding user expectations and meeting them consistently through clear information will establish your site or app as a trustworthy source of information.

Level Two: Interest and Preference Over Other Options

As NN/g sets forth in their Trust Pyramid, Level 2 is about providing your audience with confirmation they are in the right place. Having established baseline relevance through empathy and clarity, you must now bring even greater clarity to users, paying special attention to making them feel confident about their continued engagement.

Empower your audience at this level by proactively addressing their concerns through “Upfront Disclosure.” Another UX concept from NN/g, upfront disclosure recognizes the needs of your audience and then addresses them proactively. Upfront disclosure can mean anything from pricing transparency to easy-to-find contact information.

Remember, unlike B2C websites where a customer may only ever make a single transaction, B2B SaaS relationships are expected to last months or even years. Being forthright about what your services offers—and, at times, what it doesn’t offer—is a powerful way to match customer expectations through transparent, helpful communication.

Again, put yourself in the shoes of your customer: What questions would you have of a company like yours? What are common questions your sales team encounters when engaging with prospective customers? Identify the most common desire paths—those places your users tend to go on their own accord in order to meet their needs. Determine the pages on your website that are visited by users before they convert—e.g. submitting their email address to be contacted. Hypothesize what boxes users check in order to feel confident about their decision to engage further. Once you identify these common paths, “pave them.”

Users will learn to rely on your site to meet their needs—that’s trust.

Level Three: Trust With Personal Information

Now that Level 1 and 2 of the Trust Pyramid are satisfied, you’re at a critical junction for trust.

If you ask the user to give you some personal information in exchange for a promise of more value, will they run away or engage further?

Here, the goal is to make users comfortable with a small commitment. Don’t ask for the moon.

At times with SaaS companies, this is a point that can be abused. For example, gating content—or product trials—can leave a user begrudgingly offering up their email address to get the “FREE!” report or signing up for a trial they’re not ready to take advantage of.

The same goes for interrupting the user experience with a request that must be dismissed. For example, chatbots offering help—or lightbox requests for email subscribers—can come at inopportune times, distracting a user from their current experience. Use them thoughtfully to enhance the customer experience, not interrupt it.

When users aren’t ready for Level 3, it’s evidenced by low conversion rates. Often, it’s simply too much, too soon.

Success at Level 3 requires looking for clear signs that it’s the right time to ask for personal information. Time spent on the site, pages visited, content consumed—these are all signals to consider. Take advantage of digital experience analytics if you have them and build a conversion funnel. Zero in on pages visited before asking for personal information. Create multiple funnels and analyze results to see if there is any correlation between conversion and pages visited prior to asking for personal information.

Also, when you do ask for personal information like an email address, make it unambiguous how that information will be used and follow through!

Level Four: Trust With Sensitive/Financial Information

If you’ve made it this far, you might think you’re in the clear—not so fast.

Users are certainly timid about submitting their email address, but they’re on high alert when money—or sensitive personal information—is on the line.

That’s why when asking for sensitive and/or financial information, exercise extreme caution.

      • Don’t ask for more information than is necessary. Users are primed to look for aggressive asks.
      • Be clear about how any information submitted is handled. Use visual cues to signal any information will be handled securely and safely.
      • Take it slow. Use confirmation screens to let users set the pace. This will make it clear it’s the user who controls their information.

Assuming success here, make sure to confirm receipt! Confirm from within the site or app as well as through email whenever possible.

Satisfying Level 4 trust is a big accomplishment. It’s also a big responsibility—because now your company has their sensitive information. Customers have put their information into your hands—a sign of trust that really matters.

Level Five: Willingness to Commit to an Ongoing Relationship

Having established Levels 1 through 4 of the Trust Pyramid, a SaaS company must now sustain the trust of customers indefinitely.

And you thought you’d reached the top! There’s still much work to be done—really, the work is never done.

SaaS products are frequently used by seat holders who were not the original purchasers of the product. New users are likely to be skeptical of your product—and you really can’t blame them. You haven’t earned their trust! This is a potentially dangerous situation for SaaS companies: It’s so easy to make the leap that, since a customer (a company) is paying for your SaaS product, every user at that company will automatically trust your product.


For each new user of your SaaS product at a company, the entire Trust Pyramid must be re-established—very likely from directly inside the product experience.

Success begins by satisfying the criteria of Level 1—dependability, speed, perceived security and baseline relevance. Offering helpful, low-friction onboarding experiences for new seat holders will inspire confidence that any questions they have will be easy to answer. Clear user interfaces, concise and relevant copy and even tool-tips can make a world of difference.

Move all users up the pyramid by offering content that further establishes relevance and brings value. Meet customer expectations at every turn with value.

Assuming the SaaS product manages data for users, the product must also instill confidence that any personal information or sensitive data (as with Levels 3 and 4) submitted into the app will be handled safely and securely.

Once you do all of this for users old and new, sustain their trust through continued vigilance:

      • Continue managing efforts regarding your foundation of privacy, security, and compliance. The foundation always comes first!
      • Maintain expectations in perpetuity regarding your app’s dependability and speed. Beware complacency!
      • Empathize with the needs of your top users and your new users, alike, meeting them where they are with clear copy and intuitive product design.

You’ll also have to be ready when things don’t go as planned. Things will break. There will be unexpected complications. And when a customer files a support ticket—or calls in to customer service upset—it’s critical their need is met with empathy and responded to with action that restores confidence and restores trust.

A Pyramid Built to Last

SaaS technology is transforming how businesses operate. However, moving operations to cloud-based technology has risks—the kind of risks that can send would-be customers running. And earning the trust of would-be SaaS customers won’t be easy.

How is your SaaS company building trust with customers? How is it earning the trust of larger organizations and new seatholders? How do you see the landscape for privacy, security, and compliance affecting SaaS companies in the future?