AttestLayerAttestLayer
Sign inStart free Pilot

Direct Buyer Purchase Addendum

This Direct Buyer Purchase Addendum applies only to buy.attestlayer.com direct-buyer purchases, subscriptions, buyer access links issued from this domain, direct-buyer Buyer Console sessions reached on console.attestlayer.com, payment confirmation or redirect steps used to complete a direct-buyer checkout through pay.attestlayer.com, and related support or billing workflows. It supplements AttestLayer's canonical Terms of Service at attestlayer.com/legal/terms. If there is a conflict between this addendum and the company-wide Terms, the company-wide Terms control unless a signed agreement states otherwise.

1. Scope

buy.attestlayer.com is the direct-buyer commercial surface for automated evidence-kit issuance. You upload a ZIP or individual files (PDF/DOCX/XLSX/PNG/JPG/CSV/JSON/TXT). The engine returns a PASS or FAIL outcome under the active ruleset.

Where a direct-buyer workflow continues into the Buyer Console or a hosted payment redirect, those steps remain part of the same direct-buyer transaction for purposes of these terms.

  • On PASS: you receive kit.zip plus supporting artifacts such as passfail.json, mapping.json, classification_report.json, normalized_tree.zip, and standalone diff.json. The diff status shows whether a previous comparable PASS kit was available.
  • On FAIL: you receive fail_report.json with a machine-readable resubmit checklist.
  • We do not answer questionnaires, issue compliance opinions, or certify controls.
  • We do not invent evidence. Missing items produce FAIL or UNSUPPORTED markers.

If a checkout flow, order confirmation, invoice, order form, or signed document for a direct-buyer transaction states more specific commercial terms, that more specific document controls the subject it addresses to the extent permitted by law.

2. Authority and buyer account information

  • You represent that you are authorized to place the order, submit material, and bind the buyer organization or yourself, as applicable.
  • You must provide accurate billing, buyer-contact, and delivery information.
  • You are responsible for keeping the buyer email address and internal recipient routing current.

3. PASS / FAIL outcome

Every submission receives exactly one PASS or FAIL outcome under the active ruleset:

  • PASS — required artifact groups present and valid. A kit is prepared and verified.
  • FAIL — one or more required groups missing or invalid. A fail report is issued.

There is no partial PASS. There is no "pending review." PASS/FAIL is produced by automated checks under the active ruleset, schema version, adapter profile, and validation version.

4. Credits & billing

1 credit = 1 verified PASS kit issued.

  • PASS consumes 1 credit only when Verify PASS succeeds and the kit is issued.
  • FAIL burns 0 credits.
  • PASS + Verify FAIL burns 0 credits. If verification fails due to an AttestLayer system error, the kit is re-issued and no credit is burned.

Fail-closed issuance:

If credits are 0, PASS issuance is blocked (BILLING_REQUIRED) and no kit is issued until credits are available.

Buyer-safe resubmit:

  • Each FAIL includes 1 free resubmit within 7 days.
  • Additional FAIL resubmits may be rate-limited for reliability (never charged).

5. Delivery SLA and make-good

SLA starts after PASS, not after upload or initial submission.

Activation:

  • Activation-10 / Activation-25: 24 hours after PASS
  • Activation-50 / Activation-100: 12 hours after PASS

Monthly Coverage:

  • Post-Activation Coverage, Growth Coverage, and Coverage-10: standard queue unless a checkout page, order form, or written agreement states otherwise.
  • Coverage-25: 24 hours after PASS
  • Coverage-50 / Coverage-100: 12 hours after PASS

MMC Lane:

  • Tier 1 (MMC-25K): 12 hours after PASS
  • Tier 2 (MMC-50K): 8 hours after PASS
  • Tier 3 (MMC-100K): 6 hours after PASS
  • Tier 4 (MMC-250K): 4 hours after PASS

Make-good:

If we miss the stated SLA after PASS, the system automatically applies credit back + 10% bonus credits. No ticket required.

6. Payment terms

  • Card payments are processed via Stripe.
  • Activation: card is available for all Activation tiers. Invoice is available for every Activation tier, including Activation-10. Wire / ACH is available for Activation-25 and above.
  • Monthly Coverage: Post-Activation Coverage and Growth Coverage may be billed automatically by card when their self-serve checkout is available.
  • Coverage-10, Coverage-25, Coverage-50, Coverage-100, and Strategic / Portfolio Coverage require billing review unless a specific checkout link, order form, or written agreement states otherwise.
  • Activation card payments activate access immediately after successful payment, including payment-confirmation steps reached on pay.attestlayer.com as part of the direct-buyer checkout flow. For self-serve Monthly Coverage subscriptions, payment starts the subscription and credits are provisioned after Stripe confirms the paid invoice. Invoice, wire, and ACH paths activate after cleared payment.

MMC Lane:

  • Invoice (Net-5) unless otherwise agreed in a signed MSA or order form.
  • MMC auto-renews monthly. Cancel anytime before the next billing date; cancellation takes effect at the end of the current billing period.

Monthly Coverage Subscription Terms

  • Monthly Coverage is a recurring subscription that renews automatically each billing cycle.
  • Post-Activation Coverage, Growth Coverage, and Coverage-10 are Monthly Coverage subscription plans with lower included monthly PASS issuance capacity. They renew automatically each billing cycle unless cancelled before the next billing date. Unused monthly credits do not roll over. Extra PASS issuance credits may be billed at the stated overage rate for the selected plan.
  • Self-serve Monthly Coverage is limited to Post-Activation Coverage and Growth Coverage where checkout is available. Coverage-10, Coverage-25, Coverage-50, Coverage-100, and Strategic / Portfolio Coverage require billing review unless a specific checkout link, order form, or written agreement states otherwise.
  • Larger recurring agreements may be handled through approved custom billing arrangements — invoice, wire, annual billing, or procurement-led setup.
  • Monthly Coverage may be cancelled anytime before the next billing date by email to billing@attestlayer.com.
  • Cancellation takes effect at the end of the current billing period.
  • No prorated refund is provided for partial months.
  • Unused monthly credits do not roll over.

Activation Upgrade and Conversion Rules

  • Activation purchases are prepaid and non-cash-refundable.
  • If a buyer upgrades from Activation-10 to Activation-25 within 30 days, 100% of the Activation-10 purchase price is applied to the Activation-25 purchase price.
  • The original Activation-10 credits do not stack separately after upgrade; the purchase-price credit replaces the unused Activation-10 balance.
  • If a buyer moves from Activation into Monthly Coverage within 90 days, eligible unused Activation credits can convert 1:1 into the first billing cycle of Post-Activation Coverage, Growth Coverage, Coverage-10, Coverage-25, Coverage-50, or Coverage-100.
  • No double counting applies: the same balance cannot be credited twice through both an upgrade step-up and a Monthly Coverage conversion.
  • Activation credits are not redeemable for cash.

If a checkout page, order form, or signed order document includes more specific commercial terms, those specific commercial terms govern for that transaction, except where prohibited by law.

7. Buyer responsibilities and acceptable use

  • You must submit only material you are entitled to provide and that is lawful for AttestLayer to process.
  • You should not submit secrets, private keys, credentials, or material unrelated to the requested workflow unless the workflow expressly calls for it.
  • You may not abuse the service, bypass access controls, overload the service, or misrepresent AttestLayer output as an audit opinion, certification, or legal conclusion.
  • You remain responsible for how you use or rely on any issued output in your own business, procurement, legal, or audit process.

8. Confidentiality & retention

All intake data is confidential. We do not share, sell, or reuse it.

  • Uploads: up to 24 hours (automatic deletion)
  • Hosted deliverable links: 30 days for Activation purchases (links expire; automatic deletion). Monthly Coverage subscribers retain access to prior deliverables for the duration of their active subscription.
  • Post-Activation Coverage, Growth Coverage, and Coverage-10 subscribers retain access to prior deliverables for the duration of the active subscription, subject to the same confidentiality, retention, and acceptable-use boundaries as other Monthly Coverage plans. Downloaded copies remain outside AttestLayer’s control.
  • Downloaded copies: kept by you outside our control

Current direct-buyer subprocessors for this domain are listed at /subprocessors.

The public controller-processor terms for submitted buyer workflow material are published at /data-processing-addendum.

9. Intellectual property and permitted use of outputs

You retain rights in the material you submit. AttestLayer retains rights in its service, software, verifier tooling, site content, and branding. You may use issued outputs for your internal review, procurement, diligence, or reviewer-sharing purposes connected to the purchased workflow.

10. Security

  • Encryption at rest: AES-256 (platform-managed). CMEK available for Enterprise.
  • Signing: Ed25519. Hashing: SHA-256.
  • Transport: HTTPS/TLS in transit.
  • Artifacts are cryptographically committed after issuance (signed receipts + Merkle inclusion proofs). Any re-issuance generates a new receipt.
  • Payments are handled by Stripe; AttestLayer does not store full card numbers.
  • Subprocessors: https://buy.attestlayer.com/subprocessors
  • Vulnerability disclosure: https://buy.attestlayer.com/vulnerability-disclosure

11. Disclaimers, suspension, and termination

Except where a signed agreement says otherwise, buy.attestlayer.com and its related direct-buyer workflows are provided on an as-is and as-available basis. AttestLayer may suspend, rate-limit, or terminate access where needed for nonpayment, abuse prevention, legal compliance, or security.

AttestLayer is not an audit opinion, legal advisor, compliance certification body, or substitute for your own diligence obligations.

12. Limitation of liability

To the maximum extent permitted by law, AttestLayer is not liable for indirect, incidental, special, consequential, exemplary, or punitive damages arising from or related to the direct-buyer services on this domain. Any direct liability relating to a claim under these terms is capped at the fees paid for the specific buy.attestlayer.com service giving rise to the claim during the 12 months before the event giving rise to that claim.

13. Governing law and venue

These terms are governed by the laws of Quebec and the federal laws of Canada applicable there, without regard to conflict-of-law rules. Unless mandatory law requires otherwise, disputes relating to buy.attestlayer.com direct-buyer transactions will be brought in Montreal, Quebec.

14. Contact

contact@attestlayer.com (general) · billing@attestlayer.com (billing) · security@attestlayer.com (security)

Toll-free: 1-866-739-0570

HQ: 360 rue Saint-Jacques, Suite G101, Montreal, Quebec H2Y 1P5, Canada

Not legal advice. Not an audit opinion. Not a compliance certification. AttestLayer packages evidence and produces verification artifacts only.