AttestLayerAttestLayer
Request Qualification

Privacy Policy

Privacy and data handling for partners.attestlayer.com only.

This policy applies only to partners.attestlayer.com, including partner program pages, reserved-capacity or partner order flows, partner-managed delivery workflows, and partner support or billing requests originating from this domain. It does not govern the direct-buyer, verifier, registry, pay, console, or root corporate domains except where a written agreement or a more specific domain notice says otherwise.

1. Data categories processed on this site

  • Partner representative data such as work email addresses, company names, job titles, billing contacts, and support correspondence.
  • Partner account and transaction data such as order details, invoicing references, subscription state, capacity selections, and access-link events.
  • Workflow data such as job identifiers, uploaded artifacts, manifests, receipts, delivery events, and partner-configured packaging instructions.
  • Website and abuse-prevention data such as security logs, browser metadata, referrer information, rate-limit events, and operational telemetry.

2. How data is used

  • Operate partner programs, reserved-capacity lanes, partner billing, and partner support workflows.
  • Process partner-submitted workflows and deliver the requested output package.
  • Support approved white-label or co-branded delivery options where offered.
  • Protect the service, prevent abuse, and comply with legal obligations.

3. AttestLayer role and downstream data

For partner account, billing, and security data, AttestLayer acts as the service operator for the partners surface. For workflow material a partner submits on behalf of its customer, the partner remains responsible for ensuring it has the right to submit that material and for giving any downstream notices the partner owes to its own customer or end user.

4. Sharing and subprocessors

We share data only with providers needed to operate the partner program, billing, infrastructure, email, analytics, and approved payment-routing functions tied to this site. The current list for partners.attestlayer.com is maintained on the Subprocessors page.

We do not sell personal data collected through this domain.

5. Retention

  • Uploads: Up to 24 hours (automatic deletion)
  • Hosted deliverables links: 30 days (links expire; automatic deletion)
  • Partner/customer downloaded copies: kept by you/customer
  • Payment/invoice records: retained as required (duration: 7 years (standard accounting/tax retention))
  • Operational and security logs: retained only as reasonably necessary for security, abuse prevention, delivery support, and legal compliance.

6. Requests and rights

To request access, correction, or deletion of partner personal data, email contact@attestlayer.com.

  • Include your company name and the email address used with AttestLayer.
  • If your request relates to an intake job, include the job ID/slug (if available).
  • We may ask for minimal verification to prevent unauthorized deletion requests.

7. Cross-domain boundaries

This policy is partner-surface specific. Direct-buyer terms belong to buy.attestlayer.com, the public verifier belongs to verify.attestlayer.com, and registry publication terms belong to registry.attestlayer.com.