AttestLayer
Partners Direct buyers

AttestLayer Policy

Privacy Policy

This privacy policy applies only to the attestlayer.com corporate, trust, and informational site unless a page on this root domain explicitly states otherwise.

View subprocessors Contact AttestLayer
Updated 18 April 2026 Canonical root-domain policy

Scope and AttestLayer's role

This policy covers the attestlayer.com root site only: company pages, trust pages, policy pages, public informational material, and corporate contact routes served on that root domain.

AttestLayer acts as the controller for website usage data, contact data, trust or procurement inquiry data, and limited operational data collected through those root-domain pages.

This policy does not govern buy.attestlayer.com, partners.attestlayer.com, verify.attestlayer.com, registry.attestlayer.com, pay.attestlayer.com, or console.attestlayer.com. Each of those domains keeps its own policy set.

What AttestLayer collects

AttestLayer collects only the categories of data needed to operate the root corporate and informational site.

  • Website usage data such as page requests, browser or device metadata, referrer data, IP-based security logs, and limited analytics events.
  • Contact and inquiry data such as names, work email addresses, company names, and support, trust, procurement, or partnership correspondence.
  • Corporate routing data such as which surface or workflow a visitor asks to be directed toward.
  • Security and abuse-prevention data such as authentication events, rate-limit events, and fraud or misuse signals.

AttestLayer does not sell personal data collected through the root site.

How AttestLayer uses data

AttestLayer uses collected data to operate, secure, and improve the root site and to answer inbound corporate, trust, procurement, or partnership requests.

  • Provide public site content, trust references, and documentation.
  • Route visitors to the appropriate AttestLayer surface for their requested workflow.
  • Respond to support, trust, procurement, legal, or security inquiries.
  • Detect abuse, protect service reliability, and satisfy legal obligations.

Where law requires a legal basis, AttestLayer relies on contract performance, legitimate interests in operating and securing the service, compliance obligations, and consent where consent is the correct basis.

Sharing and subprocessors

AttestLayer shares data only with service providers needed to operate first-party surfaces, process payments, deliver communications, or support the applicable service workflow.

  • Hosting, storage, and operational infrastructure providers.
  • Payment processors and billing support providers.
  • Transactional email providers.
  • Limited analytics providers used on first-party web surfaces.

The current provider list is maintained on the Subprocessors page. AttestLayer may also disclose data where required by law, to protect the service, or as part of a corporate transaction involving the business.

Retention, security, and your choices

Retention depends on the category of data and the surface being used. Uploaded artifacts are kept only as long as needed to process the requested service. Hosted deliverable access follows the retention rules of the applicable plan or agreement. Billing and accounting records are retained longer where law requires it.

AttestLayer uses technical and organizational measures appropriate to a cloud-native, record-only service, including access controls, encrypted infrastructure layers, cryptographic signing, and short retention for raw uploads. More detail is available on the Security page.

You can request access, correction, or deletion by contacting contact@attestlayer.com. Some records may need to be retained to complete a transaction, preserve security, or meet legal obligations.