Trust and integrity
How Atested earns your trust
Use Atested to verify everything it says. It is your chain, signed with your key. Send it to whoever you want and they can audit it independently from you or us. Trust is earned.
Atested is OPEN SOURCE
We are fully transparent
The classifier, the policy evaluator, the chain recorder are all inspectable. Don't take our word for how it works. Verify for yourself.
YOUR KEY, YOUR CHAIN, YOUR DATA
We can never see your data
Your signing key is generated locally and never leaves that machine. In multi-machine installs, each machine has its own key and the primary stores verified remote imports. Atested cannot see your key or your chain.
INDEPENDENT VERIFICATION
You enable verification
Provide your public key to an authority, auditor, regulator or whoever you choose and they can independently verify your chain. No special Atested software required but we do provide an Open Source app to make it easy for you. The math either checks out or it doesn't.
COMPLETE HISTORY
Every decision. Nothing deleted.
Atested's chain is append-only. Nothing is deleted, nothing is modified. In paid tiers, the primary also records import envelopes for remote chains, so the unified view can show all machines without mutating remote records.
Telemetry
You can turn Telemetry off
Telemetry provides important benefits but if it's something you can do without then turn it off. Turning it off does not affect Atested's core operations. You give up proactive monitoring and tier-calibrated support signals.
Atested's telemetry enables prevention
We know you are busy. We are too. Automation helps us both. It is easier to deal with a developing problem than wait until it's a monster. The same signals that power your dashboard let us see when something about your account warrants attention. We notice and we reach out before it becomes a problem.
Atested telemetry isn't surveillance
The structure of Atested prevents us or anyone without your key from seeing your data. Telemetry is summary-only: aggregate counters such as window opens, report runs, range shortcuts, trouble-report totals, and machine coverage counts. No raw interaction events are stored or sent. No session ids, event order, file paths, user identities, organization names, or chain content are included.
Telemetry is not the chain
The governance chain is exclusively for governance decisions and integrity events. Telemetry is a separate summary stream, not a back door into chain content. The Telemetry Transparency report shows exactly what is collected and what has been submitted.
We hate spam
Atested telemetry is a special communications channel. We reserve it for important communications. This does not include marketing "offers" or other "important to our business" messages. Only operationally relevant messages. Version updates. Security notices. Things that affect how your installation works.
Chain-backed telemetry
Only the primary transmits telemetry externally. Remote summaries sync to the primary first. Every external telemetry transmission is recorded in the primary governance chain with a SHA-256 hash of the payload and machine coverage.
Telemetry enables tier-calibrated depth
Our relationship is more substantive at higher tiers. Personal tier users get priority feedback response. Crew customers get automated signals based on their telemetry. Team customers get proactive engagement from the Atested team based on their telemetry signals. Institution customers get all that and a named contact.
Export security
Exports are authenticated
Every export — from Activity, Audit Search, or Reports — requires operator authentication via license key. Every export is recorded in the governance chain with the selected machine scope, so there is always a record of who exported what, when, and from which view.
Evidence packages are encrypted
Evidence packages created from the Chain Walker use PBKDF2-HMAC-SHA-256 key derivation (310,000 iterations) and AES-256-GCM encryption. The package contains no plaintext chain data. Decryption happens entirely in the recipient's browser using the WebCrypto API — no server, no install, no Atested account.
The viewer verifies integrity
The self-contained evidence viewer checks the ciphertext hash and verifies chain record hash linkage after decryption. It renders evidence in two modes: a plain-language view for non-technical audiences and a technical view with encryption parameters, verification results, and a record-level hash linkage table. The viewer is view-only — there is no decrypted data download function.
No cloud dependency
Evidence packages are ZIP files you share directly. The viewer HTML is inside the ZIP. Recipients open it in their browser. No Atested server is contacted during viewing or verification. The math either checks out or it doesn't.
Start attesting your AI operations
Stop worrying and start knowing in less than five minutes.