Subprocessors
Providers used to operate buy.attestlayer.com direct-buyer workflows.
This list applies only to buy.attestlayer.com direct-buyer flows: self-serve purchases, buyer billing, buyer access links, buyer delivery workflows, and limited analytics or abuse-prevention functions tied to that domain. It is not the processor list for partners.attestlayer.com, verify.attestlayer.com, registry.attestlayer.com, or the root corporate site.
Material updates to the providers used for this direct-buyer surface will be reflected here. A signed enterprise or procurement document may supplement this list for a negotiated direct-buyer engagement.
| Subprocessor | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Hosting, infrastructure, storage, compute, database, networking, encryption-at-rest infrastructure, and regional cloud services. | United States, Canada, and other regions where AttestLayer deploys |
| Stripe | Payment processing, checkout, invoices/payment links if active, card processing, billing metadata, receipts, and tax/payment records. | United States and other Stripe-supported regions |
| PostHog | Analytics and product analytics for website surfaces, where deployed. If PostHog is removed or blocked intentionally, it is not listed. | United States and other PostHog-supported regions |
| Transactional email and delivery | Provider name disclosed during DPA or procurement review before purchase where required. | — |
| Support tooling | Provider name disclosed during DPA or procurement review before purchase where required. | — |
| Monitoring and logging | Provider name disclosed during DPA or procurement review before purchase where required. | — |
| Status monitoring | Provider name disclosed during DPA or procurement review before purchase where required. | — |
Questions about direct-buyer subprocessors can be sent to contact@attestlayer.com. Security-specific questions can be sent to security@attestlayer.com.
See also Data Processing Addendum, Privacy, and Security.