ConsoleConsole terms
This addendum describes console-specific access, evidence submission, PASS/FAIL credit behavior, reviewer verification, account responsibility, and enterprise-control boundaries.
Console is the authenticated workspace for purchased or issued entitlements. It is not a public marketing site and it does not change Activation pricing, side-offer pricing, checkout links, or fulfillment terms.
Paid side-offer workspaces appear here after purchase: Readiness Check, Buyer Proof Pack, and Service Provider Workspace.
Activation workspaces remain available through the existing buyer console when an Activation entitlement exists. Readiness Check, Buyer Proof Pack, and Service Provider Workspace cards appear only when the matching paid entitlement is active.
AttestLayer is record-only. It packages supplied records into structured proof packets with manifests, receipts, signatures, and verification paths. AttestLayer does not certify, audit, legally approve, insure, independently verify supplied claims, or guarantee buyer, procurement, security, partner, or customer approval.
The console is used for workspace access, evidence submission, account management, packet operations, PASS/FAIL workflows, buyer packet re-export, and related AttestLayer product functions.
Access to the console does not change the legal status of any AttestLayer deliverable.
Customers are responsible for ensuring that only authorized users access their workspace.
Customers are responsible for managing internal permissions, email access, account security, user invitations, and internal approval authority.
AttestLayer may rely on actions taken by users who access the console through a valid account, magic link, invitation, or approved authentication flow.
Customers are responsible for assigning appropriate internal access. Where role-based workspace permissions are enabled, available roles may include Owner, Admin, Contributor, Viewer, and Reviewer. Where role-based permissions are not enabled, customers remain responsible for limiting access to authorized users through their own internal approval, email, and device controls.
Customers are responsible for the accuracy, legality, completeness, authorization, and appropriateness of evidence they upload or submit through the console.
AttestLayer does not independently verify the truth of all underlying business claims unless a specific written agreement states otherwise.
AttestLayer may reject, fail, or request clarification for submissions that do not meet the applicable evidence rules, format requirements, or acceptable-use boundaries.
Unless a checkout page, order form, or signed agreement states otherwise, the following credit rules apply.
Console deliverables may include buyer packets, binder PDFs, manifests, receipt chains, verification instructions, and related outputs.
Customers may download available deliverables. Downloaded copies remain outside AttestLayer’s control.
Hosted access, re-export, retained access, and workspace continuity depend on the customer’s active plan, product terms, and applicable retention policy.
Verification is part of the issued proof model.
Console access is not required for a reviewer to verify an issued packet where public or offline verification materials are provided.
Console subscriptions do not sell “verification staying live.” Subscription plans may provide retained workspace access, re-export, refresh, support, and monthly PASS issuance capacity depending on plan terms.
AttestLayer support may assist with account access, upload issues, submission workflow, PASS/FAIL operational questions, buyer packet re-export, billing/account questions, and verification instructions.
AttestLayer does not provide legal advice, audit opinions, compliance certifications, buyer approval guarantees, or advice that replaces the customer’s own professional, legal, security, or compliance review.
Console outputs, PASS results, buyer packets, manifests, binders, receipts, and verification materials are not audit opinions, legal opinions, compliance certifications, SOC 2 replacements, ISO certifications, buyer approval guarantees, or substitutes for buyer diligence.
Customers remain responsible for their own compliance, legal obligations, buyer communications, and underlying evidence accuracy.
Customers are responsible for securing their own email accounts, devices, internal systems, authorized users, access controls, and approval workflows.
Customers must promptly notify AttestLayer if they believe a console account, invitation, workspace, or related access method has been compromised.
Console tokens, sign-in links, invitations, and API keys must be treated as confidential. Customers must not share them outside authorized users. API keys, where enabled, may be scoped, rotated, or revoked depending on plan and account configuration. Customers must promptly notify AttestLayer if any token, invitation, session, workspace, or API key may have been exposed or misused.
Console activity may include workspace access events, submission events, PASS/FAIL outcomes, credit-impact events, top-ups, support adjustments, download/re-export events, and API-key events where technically available. Availability, exportability, retention, and granularity of activity records depend on plan, technical implementation, Product Terms, retention policy, or signed agreement.
Reviewers may verify issued materials using public or offline verification materials where provided. Reviewer verification does not require AttestLayer to grant the reviewer customer workspace access unless a written agreement or approved workflow provides otherwise.
Enterprise controls such as SSO/SAML, MFA enforcement, domain allowlisting, advanced RBAC, SCIM, customer-managed keys, custom retention, private status channels, named support, or dedicated environments are not included unless expressly provided in a signed agreement, order form, or active enterprise configuration.
Customers may not use the console to submit unlawful, unauthorized, misleading, fraudulent, infringing, harmful, or prohibited materials.
Customers may not attempt to bypass credit rules, misrepresent PASS/FAIL outputs, alter verification materials, interfere with registry or verification systems, or use AttestLayer outputs to make claims that exceed the applicable deliverable.
Plan-specific rules, including included credits, overage pricing, SLA handling, access duration, billing method, cancellation, and retained access, are governed by the applicable checkout page, order form, Product Terms, Terms of Service, Refund/Billing Policy, or signed agreement.
AttestLayer may update this Console Product Addendum from time to time. The current version posted on this page applies unless a signed agreement states otherwise.