Privacy Policy

This policy applies only to buy.attestlayer.com, including the direct-buyer storefront, buyer checkout flows, buyer sign-in requests originating from this domain, direct-buyer Buyer Console sessions reached on console.attestlayer.com, payment confirmation or redirect steps used to complete a direct-buyer checkout through pay.attestlayer.com, and buyer delivery or support flows tied to purchases made on this domain. It does not govern partners.attestlayer.com, verify.attestlayer.com, registry.attestlayer.com, attestlayer.com, or partner-only console workflows reached under a different domain-specific notice or written agreement.

1. Data categories we collect on this site

• Buyer identity and contact data such as work email address, company name, billing contact, and support correspondence.
• Transaction and account data such as order identifiers, payment status, invoice references, subscription state, and buyer access-link events.
• Service workflow data such as upload metadata, job identifiers, PASS or FAIL outcomes, generated manifests, receipts, and delivery events.
• Website and abuse-prevention data such as IP-based security logs, browser metadata, referrer data, device signals, and rate-limit events.

2. How we use that data

• Process direct-buyer purchases, subscriptions, invoices, and payment confirmation workflows.
• Issue buyer access links, send delivery notices, and operate buyer support or billing requests.
• Process submitted artifacts, generate verification materials, and deliver the purchased output.
• Detect abuse, prevent fraud, protect service availability, and comply with legal obligations.

3. Sharing and subprocessors

We share data only with providers needed to run buy.attestlayer.com and the purchased direct-buyer workflow. Those providers include payment processing, cloud infrastructure, transactional email, wire-routing support where offered, and limited site analytics. The current provider list for this domain is maintained on the Subprocessors page.

We do not sell personal data collected through this site and we do not use this site as a third-party advertising resale surface.

4. Cookies and similar technologies

buy.attestlayer.com uses limited cookie, local-storage, and session-storage mechanisms for buyer sign-in continuity, direct-buyer console handoffs, payment confirmation, fraud prevention, and site analytics. The detailed notice for those technologies is published at /cookies.

5. Retention

• Uploads: Up to 24 hours (automatic deletion)
• Hosted deliverables links: 30 days for Activation purchases (links expire; automatic deletion). Monthly Coverage subscribers retain access during active subscription.
• Downloaded copies: kept by you
• Payment/invoice records: retained as required (duration: 7 years)
• Operational and security logs: retained only as reasonably necessary for security, abuse prevention, delivery support, and legal compliance.

6. Your requests and rights

To request access, correction, or deletion of personal data, email contact@attestlayer.com.

• Include your company name and the email address used with AttestLayer.
• If your request relates to an intake job, include the job ID/slug (if available).
• We may ask for minimal verification to prevent unauthorized deletion requests.

7. Cross-domain boundaries

If you use a different AttestLayer domain for a different purpose, that domain should be reviewed under its own policy set. In particular: partners.attestlayer.com governs partner programs and partner-console access, verify.attestlayer.com governs the public verifier, and registry.attestlayer.com governs the public transparency registry.

The public direct-buyer processor terms for submitted workflow material are published at /data-processing-addendum.