AttestLayer

About

Record-only evidence issuance, built for repeatable diligence.

AttestLayer turns submitted records into verifier-friendly evidence kits: binder, manifest, signed receipt, hash trail, and offline verification. We do not access your systems. We do not certify compliance. We package what was submitted, what was accepted into scope, what was issued, and how the kit can be checked.

Record-onlyNo installNo system accessVerifier-friendlyOffline-verifiable

AttestLayer provides record-only evidence issuance and verification support. It does not certify compliance, replace audit work, provide legal advice, or guarantee buyer/reviewer acceptance.

What we do

Evidence issuance rail

Submitted records become a structured packet with binder, manifest, signed receipt, and hash trail.

Verifier-friendly output

Reviewers, buyers, and partners can independently verify integrity and issuance.

Partner-friendly delivery

Partners keep the client relationship while AttestLayer operates the record-only issuance rail.

Clear boundaries

The packet supports diligence. It does not certify compliance, replace audits, or guarantee acceptance.

What we do not do

  • not an auditor
  • not a scanner
  • not a certification body
  • not legal counsel
  • not buyer approval
  • not control effectiveness testing

Leadership

Founder & CEO

Founder bio and photo will be published in an upcoming update.

Advisors

Advisor disclosures will be published in an upcoming update.

Contact

General: hello@attestlayer.com

Press: press@attestlayer.com

Partners: partners@attestlayer.com

Where AttestLayer lives

buy.attestlayer.com

Direct-buyer purchase paths.

Open buy

partners.attestlayer.com

Partner program for service providers and distribution partners.

Open partners

program.attestlayer.com

Standardization program lanes for institutional and platform partners.

Open program

verify.attestlayer.com

Reviewer verification page and offline verifier.

Open verify

registry.attestlayer.com

Public verification metadata and JWKS keys.

Open registry

api.attestlayer.com

Evidence API surface (FES-1.0-preview).

Open API

The AttestLayer trust model

AttestLayer’s trust model is intentionally narrow. It records what was submitted, what was accepted into scope, what was issued, and how the issued kit can be checked.

The model uses

  • SHA-256 artifact hashing
  • manifest-based evidence inventory
  • canonical receipt hashing
  • Ed25519 receipt signatures
  • JWKS public-key discovery
  • offline verification
  • fail-closed verification behavior

What it proves

  • files match the manifest
  • manifest matches the receipt
  • receipt key ID matches a public key
  • receipt signature verifies
  • the kit has not been modified since issuance

What it does not prove

  • company compliance status
  • company security status
  • controls are operating effectively
  • a buyer, auditor, insurer, bank, regulator, or PSP has accepted the packet
  • the evidence content is legally sufficient

Integrity and issuance evidence only. Not audit, certification, or compliance guarantee.