AttestLayer Policy

Data Retention Policy

AttestLayer keeps raw uploads, generated outputs, billing records, support records, and public trust material for different periods based on purpose, plan, legal obligation, and written agreement.

Review privacy policy Request retention help

Updated 18 April 2026 Canonical root-domain policy

Retention categories

Raw uploaded artifacts	Retained only as long as needed to process the requested evidence workflow, unless a plan or written agreement says otherwise.
Generated packets and manifests	Retained according to the purchased plan, entitlement, or written order.
Billing and tax records	Retained for the period required by accounting, tax, and anti-fraud obligations.
Support and security records	Retained as needed to support the account, investigate issues, and preserve service security.

Deletion and access requests

Deletion and access requests can be sent to privacy@attestlayer.com. Some records may remain where retention is required for billing, legal compliance, dispute handling, security, or signed-record integrity.

Surface boundary

Public verification material, registry references, signed receipts, and cryptographic metadata may be retained separately from raw uploads so reviewers can validate issued artifacts without exposing private records.