Documentation
Quickstart
From sign-up to a published trust center in five minutes.
Last updated May 6, 2026
Get from zero to a public trust center in five minutes.
1. Sign up
Head to attestly.dev/sign-up and authenticate with your work email. We use Clerk — no password to remember, MFA on by default.
2. Connect GitHub
Click Connect GitHub on your dashboard. We request the following OAuth scopes:
| Scope | What we use it for |
|---|---|
read:user | Display your name and avatar in the dashboard. |
user:email | Send approval emails to your verified address. |
repo | Clone repositories you explicitly select — read-only. |
We never push commits to your repo. Source code is downloaded into a short-lived ephemeral environment, scanned, and discarded once the scan completes. We persist findings (e.g. "detected OpenAI in package.json:18"), not your source files.
3. Pick a repository
We list every repo you have read access to — public and private. Pick the one that contains your customer-facing application. You can connect more later.
4. Wait ~60 seconds
Attestly scans the repo, identifies subprocessors and AI systems, and runs four LLM passes (one per document type) using structured output locked to a Zod schema. The model can't add a clause that doesn't exist in the schema — that's our most important safety primitive.
5. Review and publish
Each document opens in a side-by-side editor:
- Left: the rendered Markdown.
- Right: the version history, with one-click rollback.
Click Approve & publish when you're happy. Your trust center is live at the
URL shown on the dashboard (https://<app-host>/trust/<slug>, and on hosted
Attestly also https://<slug>.trust.attestly.dev when wildcard DNS is enabled) —
ISR caches re-warm in under a second.
Next steps
- Add a custom domain like
trust.yourcompany.com. - Wire the PR webhook so drift surfaces in code review.
- Brand your trust center with your logo and colors.