Policy metadata
- Policy title: Security Overview
- Effective date: 27 April 2026
- Last updated date: 27 April 2026
- Contact: contact@attestlayer.com
- Policy index: attestlayer.com/legal
AttestLayer Legal
Security Overview
Overview of AttestLayer security posture and operational safeguards.
Operating model
AttestLayer uses a record-only workflow model: customers submit artifacts they control, AttestLayer processes them for the requested proof workflow, and issued materials are bound with manifests, receipts, and verification instructions.
Safeguards
- HTTPS public surfaces and managed cloud infrastructure.
- Role-scoped operational access and security logging.
- SHA-256 manifests, Ed25519 receipt signing, and public verification materials where applicable.
- Short retention for raw uploads where product terms do not require otherwise.
Security reporting
Security questions or vulnerability reports can be sent to security@attestlayer.com.