Loading...
Skip to main content
Pricing
Simple tiers. Honest discounts.
Start free. Upgrade when you need signed proofs or enterprise controls.
Free
For prototyping + public portfolio entries.
$0
forever
- Up to 3 systems
- Unsigned attestations
- Public registry listing
- Community support
Recommended
Team
For teams shipping to regulated markets.
$2,870
per year
- Up to 25 systems
- Signed attestations (Ed25519)
- All four frameworks
- Audit trail + decision log
- Email + Slack support
Business
For compliance-heavy orgs with external auditors.
$9,590
per year
- Unlimited systems
- Third-party auditor integrations
- Custom framework mappings
- SLA-backed verify API
- Priority support + onboarding
Enterprise
Data residency + SSO + procurement controls.
Custom
- SOC 2 + HIPAA BAA
- EU / US data residency
- SSO / SAML / SCIM
- Dedicated CSM
- Custom DPA + redlines
Compare
See the full matrix.
| Feature | Free | Team | Business | Enterprise |
|---|---|---|---|---|
| Signed attestations | ||||
| Framework: EU AI Act | ||||
| Framework: NIST AI RMF | ||||
| Framework: ISO 42001 | ||||
| Framework: Colorado AI Act | ||||
| Third-party auditor integrations | ||||
| Custom DPA / MSAs | ||||
| Priority support (SLA) | ||||
| SSO / SAML |
FAQ
Questions we get a lot.
- What does an Attestry attestation actually contain?
- A signed JSON object with the system identity, the framework + article being claimed, the assessor's DID, the signing timestamp, and a Merkle root over your evidence bundle. Anyone with the public verify URL can independently confirm the signature without contacting Attestry.
- Which compliance frameworks does Attestry support?
- EU AI Act, NIST AI RMF, ISO 42001, and Colorado AI Act at GA. New frameworks are added via the OVS-AI standard's public extension process, so your assessments inherit them automatically.
- Is my evidence stored with Attestry?
- No. Evidence bundles live in your storage (S3, GCS, Azure Blob). Attestry signs the hash, not the content. Your auditor can independently hash your bundle and verify.
- How does my auditor verify an attestation independently?
- Each attestation publishes a verify URL plus a public Ed25519 signature. Your auditor pastes the URL into the public registry or runs `attestry verify <hash>` from the open-source CLI. No Attestry account required; no API key.
- What happens when an attestation is revoked?
- The public registry shows the revoked status immediately. Every verify URL serves the current status in real time, with no cached proofs.
- Do you support GDPR deletion requests?
- Yes. Because Attestry signs hashes, not content, you can delete the source evidence while the signed proof remains verifiable for audit retention windows.
- What counts as a "user" on Team and Business tiers?
- A user is anyone with a login who issues, revokes, or modifies attestations. Read-only auditors and external assessors do NOT count toward your seat limit; they verify via the public registry, which is unauthenticated.
- Can I cancel anytime?
- Yes. Monthly plans prorate, annual plans refund unused months. Your attestations stay valid + verifiable after cancellation.
Start attesting in 60 seconds.
Free plan includes fingerprinting, unverified attestations, and a public registry listing. Upgrade when you need signed proofs or SLA-backed verification.