AttestLayer Policy

Data Processing Addendum

This Data Processing Addendum summarizes the processor boundary, security posture, and request-routing model used when AttestLayer processes personal data for a customer or partner under a written agreement.

Review subprocessors Contact privacy

Updated 18 April 2026 Canonical root-domain policy

Scope and order of precedence

This page is the public reference for AttestLayer data-processing posture. A signed order, enterprise agreement, partner agreement, or separately executed DPA controls where it conflicts with this public summary.

AttestLayer processes supplied records only to provide the requested record-only evidence workflow, maintain security, support billing and support operations, and meet legal obligations.

Processor commitments

Process personal data only for the documented service purpose or written customer instruction.
Apply technical and organizational measures appropriate to the record-only workflow.
Limit personnel and subprocessor access to what is required to operate, secure, support, and bill the service.
Assist with reasonable deletion, access, and security questions through the contact channel below.

Subprocessors and transfers

Current subprocessors are listed at /legal/subprocessors. AttestLayer uses infrastructure, email, payments, and limited analytics providers required for first-party operations.

Where international transfer terms are required, they are handled in the signed agreement or applicable addendum for the customer or partner relationship.