AttestLayer Legal

Data Processing Addendum

Data processing terms for customers that require DPA coverage.

Updated 27 April 2026 Canonical root-domain policy

Policy metadata

Policy title: Data Processing Addendum
Effective date: 27 April 2026
Last updated date: 27 April 2026
Contact: contact@attestlayer.com
Policy index: attestlayer.com/legal

Processing role

Where AttestLayer processes customer-submitted workflow material on documented instructions, AttestLayer acts as processor or service provider for that submitted workflow material unless a signed agreement states otherwise.

Baseline commitments

Process customer workflow data only as needed to provide the requested service or comply with law.
Limit access to personnel and subprocessors that need access to operate the service.
Use technical and organizational measures appropriate to a cloud-native, record-only workflow.
Support reasonable deletion, return, access, and incident coordination requests as required by the governing agreement or law.

Executed copies

Customers that require an executed DPA can contact contact@attestlayer.com with company name, service surface, and order or agreement context.