Privacy Policy

1. Who we are

Attestify OS (“Attestify”, “we”, “our”, “us”) operates the website at www.attestifyos.com and provides an AI agent governance and compliance API platform. Our primary contact email is hello@attestifyos.com.

For the purposes of the UK GDPR and the Data Protection Act 2018, Attestify OS is the data controller of your personal data.

2. What data we collect

We collect and process the following categories of personal data:

• Account data: name, email address, company name, job title
• Billing data: payment method details (processed and stored by Stripe — we do not store card numbers), billing address, VAT number
• Usage data: API call logs, request metadata, timestamps, IP addresses, agent identifiers passed in API requests
• Technical data: browser type, operating system, referring URLs, pages visited, session duration
• Communications: emails, support messages, and any other correspondence you send us

3. How we use your data

• To provide, operate, and maintain the Attestify OS platform and APIs
• To process payments and manage your subscription via Stripe
• To send you your API key and transactional emails relating to your account
• To monitor platform usage, enforce fair-use limits, and detect abuse
• To respond to support requests and communications
• To comply with legal obligations (tax, anti-money laundering, fraud prevention)
• To improve the platform based on aggregated, anonymised usage analytics

4. Legal basis for processing

We process your personal data under the following lawful bases:

• Contract: processing necessary to deliver the service you have subscribed to
• Legitimate interests: security monitoring, fraud prevention, platform improvement
• Legal obligation: tax records, regulatory compliance
• Consent: marketing emails (you may withdraw consent at any time)

5. Third parties we share data with

• Stripe (stripe.com) — payment processing and subscription management. Stripe Privacy Policy
• Vercel (vercel.com) — hosting and infrastructure. Vercel Privacy Policy
• Resend (resend.com) — transactional email delivery. Resend Privacy Policy

We do not sell your personal data to third parties. We do not share your data with advertisers.

6. Data retention

We retain your personal data for as long as your account is active and for a period of 7 years after account closure to comply with UK tax and financial record-keeping obligations. API call logs are retained for 90 days by default; paid plans may configure longer retention periods.

7. Your rights under UK GDPR

You have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — request deletion of your personal data (“right to be forgotten”)
• Restriction — ask us to limit how we process your data
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests
• Withdraw consent — at any time, for processing based on consent

To exercise any of these rights, email hello@attestifyos.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use essential cookies to maintain your session and authentication state. We use analytics cookies (anonymised) to understand how the platform is used. You can disable non-essential cookies in your browser settings at any time.

9. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest, API key hashing, and access controls. Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it to hello@attestifyos.com.

10. International transfers

Our infrastructure providers (Vercel, Stripe) may process data outside the UK and EEA. Where this occurs, it is subject to appropriate safeguards including Standard Contractual Clauses (SCCs) as recognised under UK GDPR.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform. The “Last updated” date at the top of this page will always reflect the most recent version.

12. Contact

For any privacy-related questions or to exercise your rights:
Email: hello@attestifyos.com
Website: www.attestifyos.com