Registry Privacy Policy

What the registry processes

The registry is a public, read-only transparency log. Its purpose is to publish cryptographic commitments, checkpoints, and public verification material so third parties can verify AttestLayer-issued evidence independently.

• Registry entries are designed to avoid customer names, email addresses, and file contents.
• Standard web request metadata such as IP address, requested URL, user-agent, and timing data may be processed to deliver the service and protect it from abuse.
• Operational files such as checkpoints, witnesses, and verification bundles may be downloaded by any visitor.

What the registry does not do

• It does not create an account relationship on its own.
• It does not collect payment card information or operate a purchase flow.
• It is not intended to publish raw customer submissions or personally identifiable information.

If a separate AttestLayer domain collects commercial, support, or account data, that domain's own privacy policy governs that collection.

Use, sharing, and retention

Registry uses limited operational data to serve public trust material, maintain append-only transparency endpoints, protect availability, and satisfy legal obligations. AttestLayer does not sell personal data collected through the Registry surface.

Public registry materials may remain available as part of the integrity and transparency function of the service. Ordinary operational logs are retained only as long as reasonably necessary for operations, security, and legal compliance.

Contact

Questions about registry privacy can be sent to contact@attestlayer.com. Security-specific questions can be sent to security@attestlayer.com.