legal

Privacy Policy

Effective June 2026

This Privacy Policy describes how Marshall Digital Solutions Ltd. ("we", "us", "Attestd") collects, uses, and protects information when you use the Attestd API and related services. We are incorporated in Toronto, Ontario, Canada.

Governing law

This policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. Any dispute relating to privacy or personal information shall be subject to the exclusive jurisdiction of the courts of Ontario, Canada.

Data controller

Marshall Digital Solutions Ltd.
Toronto, Ontario, Canada
[email protected]

What we collect

Account information: email address and account metadata required to operate your subscription.

API keys: stored as salted hashes. The plaintext key is shown once at creation and is not stored. Keys are used solely for request authentication and rate-limit enforcement.

Usage telemetry: aggregate call counts for billing and rate limiting. We do not log the product slug or version from your queries for analytics or marketing purposes.

Query content: product and version parameters are processed server-side to generate a response. They are not logged, stored long-term, or shared with third parties for profiling or resale.

Website analytics: anonymous page-view analytics via Umami (no cookies, no cross-site tracking, IP addresses not stored by our analytics configuration).

What we do not do

We do not sell personal information. We do not use API query content to train models, build marketing profiles, or disclose customer usage patterns to third parties except as required by law or as described under third-party processors below.

PIPEDA

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario privacy requirements. You may contact us to access, correct, or delete personal information we hold about you.

Retention

Account data is retained for the life of your account and for up to 90 days after deletion, unless a longer period is required for legal or billing reconciliation purposes. Billing records associated with Stripe payments are retained according to Stripe's standard retention and applicable tax law.

Third-party processors

Stripe: payment processing. Governed by Stripe's privacy policy and data processing terms.

Neon: managed PostgreSQL hosting for application data. Neon maintains SOC 2 Type II certification.

Umami Analytics: self-hosted website analytics on attestd.io. No third-party analytics data broker receives your browsing data from us.

Your rights

You may request access to, correction of, or deletion of your personal information by emailing [email protected]. We will respond within a reasonable time as required by applicable law.

Changes

We may update this policy from time to time. Material changes will be posted on this page with an updated effective date. Continued use of the service after changes constitutes acceptance of the revised policy.

Contact

Marshall Digital Solutions Ltd.
Toronto, Ontario, Canada
[email protected]

related
Terms of ServiceAbout