AttestLayer Trust Center

Trust Center

This root-domain trust center explains what AttestLayer publishes publicly, how independent verification works, and which operating policies are controlled directly on attestlayer.com.

Review sample kit Open verifier

Updated 18 April 2026 Canonical root-domain policy

What the root domain is responsible for

attestlayer.com is the company-facing root domain. It explains the proof model, publishes trust and policy references, and routes visitors toward the public surface that matches the task they already have.

The root site is now the canonical home for AttestLayer trust and policy pages. It is intentionally separate from the direct-buyer storefront so company-level trust review does not depend on commercial checkout copy.

Direct buyer path Pilot, Activation, Monthly Coverage, and the commercial flow for direct teams. Partner path Reserved Capacity and structured multi-client operating programs. Verify Inspect an issued kit locally in the browser without a private session. Registry Issuer keys, registry keys, checkpoints, and verification support material.

What reviewers can verify independently

A PASS package is designed to be reviewable after it leaves AttestLayer. The verifier recomputes file hashes, checks the manifest, validates the Ed25519 receipt, and can work with bundled key material offline.

Every issued kit binds submitted files into a SHA-256 manifest.
The receipt is Ed25519-signed against published issuer keys.
Issued kits include a bundled verification path so offline review remains possible.
Registry material supports longer-lived transparency and checkpoint review.

Representative public entry points remain available for reviewers who want to inspect the shape before interacting with a buyer flow.

Sample kit Inspect a representative PASS package before engaging with AttestLayer. Reviewer pack Short review packet for procurement, security, or partner review. Browser verifier Open an issued kit locally without uploading it to a server. Registry material Review public keys, checkpoints, and transparency support artifacts.

Operating model and boundaries

AttestLayer stays narrow on purpose. It is a record-only evidence company, not an audit firm, certification body, or agent deployed inside a buyer's systems.

No software is installed into customer infrastructure.
No agent or persistent system access is required for the core proof flow.
Teams submit exported artifacts they already control.
The platform returns deterministic PASS or FAIL rather than a discretionary opinion.

That operating boundary is what lets trust review, policy review, and commercial review stay legible across separate public surfaces.

Security, disclosure, and policy references

Trust on the root domain is backed by published policies that are specific to AttestLayer's first-party web surfaces rather than copied from the direct-buyer storefront.

Security Infrastructure posture, operating model, and cryptographic trust material. Privacy How AttestLayer handles website, account, and submitted service data. Subprocessors Current third-party providers used to operate first-party surfaces. Vulnerability disclosure How security researchers can report issues to AttestLayer.

Security issues and trust questions can always be routed to security@attestlayer.com.