AttestLayer

Partner economics

How partners make money on AttestLayer.

AttestLayer is record-only. The partner keeps the client relationship, scopes the engagement, and decides how to package AttestLayer-backed evidence delivery inside their own service line. This page lays out tier pricing, included PASS credits, and the ways qualified partners can bundle, mark up, or include AttestLayer-backed packets.

AttestLayer provides record-only evidence issuance and verification support. It does not certify compliance, replace audit work, provide legal advice, or guarantee the underlying security/compliance state of the customer.

Tier prices and included credits

Starter Workspace

US$15,000 · up to 3 client packet workspaces

Includes 5 PASS credits. Annual or invoiceable.

Growth Workspace

US$30,000 · up to 8 client packet workspaces

Includes 15 PASS credits. Recommended for established service providers.

Portfolio Workspace

US$50,000 · up to 15 client packet workspaces

Includes 30 PASS credits. Reserved-capacity discussions available after first cohort.

How partners can monetize

Bundle inside an existing service

Partners can include AttestLayer-backed packet delivery inside their own SOC 2, GRC, fractional-CISO, MSP, or compliance-agency service line. Partner pricing is set by the partner.

Add a packet line item

Partners can quote AttestLayer-backed packets as an itemized deliverable on top of their core advisory work.

Cohort delivery

Portfolio partners can bundle multiple client packets into a cohort and pass through reserved-capacity benefits to clients.

Renewals and continuity

Partners can offer continuity packages around AttestLayer’s record-only rail (intake, blocker, manifest, receipt, packet, verification path).

What partners do not do

  • do not certify compliance, audits, or legal review on behalf of AttestLayer
  • do not promise buyer, regulator, insurer, or PSP acceptance
  • do not sell support, licensing, or warranties on the AttestLayer rail itself
  • do not give clients access to AttestLayer signing keys, internal tooling, or non-public registry data

What AttestLayer keeps

  • workspace workflow
  • record-only ruleset checks
  • blocker output
  • packet generation
  • manifests, receipts, verification paths
  • technical support for the packet workflow

Tier prices are commercial guidance. Final partner terms are agreed in qualification.

Start partner qualification Request Distribution Pack

The AttestLayer trust model

AttestLayer’s trust model is intentionally narrow. It records what was submitted, what was accepted into scope, what was issued, and how the issued kit can be checked.

The model uses

  • SHA-256 artifact hashing
  • manifest-based evidence inventory
  • canonical receipt hashing
  • Ed25519 receipt signatures
  • JWKS public-key discovery
  • offline verification
  • fail-closed verification behavior

What it proves

  • files match the manifest
  • manifest matches the receipt
  • receipt key ID matches a public key
  • receipt signature verifies
  • the kit has not been modified since issuance

What it does not prove

  • company compliance status
  • company security status
  • controls are operating effectively
  • a buyer, auditor, insurer, bank, regulator, or PSP has accepted the packet
  • the evidence content is legally sufficient

Integrity and issuance evidence only. Not audit, certification, or compliance guarantee.