What Is Brand Asset Attestation? A Guide for Marketing Agencies
Brand asset attestation is the practice of creating a verifiable, timestamped record that a specific digital asset — a logo file, a brand guideline document, an approved creative — existed in a particular state at a particular moment and was delivered to a particular party.
It is not a backup. It is not a file archive. It is a chain-of-custody record that answers the question: can we prove that what we say we delivered is exactly what was delivered, unchanged, at the time we say we delivered it?
For most agencies, the answer to that question is currently: no, not reliably. This guide explains why that matters and how attestation solves it.
Why "We Sent the Email" Is Not Sufficient
The typical evidence chain for a creative deliverable goes like this: the project manager sends a Dropbox link via email, the client downloads the files, and the email is archived somewhere in a shared inbox.
This is not an attestation record. It proves that an email was sent with a link, but it does not prove:
- What the file contained at the moment of delivery (the link might have been updated after the email was sent)
- That the file delivered was the approved version (not a previous draft)
- That the client received and accessed the specific file, not a renamed copy
- That the file has not been modified since delivery
A link to a shared folder is a mutable reference. An attestation certificate is an immutable one.
How Brand Asset Attestation Works
At its core, attestation uses a cryptographic hash — a fixed-length fingerprint computed from the file's exact contents — to lock a record of what the file contained at a specific moment.
The process:
- At attestation time, the file is hashed. The hash, a timestamp, and the relevant metadata (client, project, deliverable type, attesting party) are written to a tamper-evident record.
- At delivery time, the attested file and a certificate URL are sent to the recipient. The certificate is readable by anyone with the URL.
- At verification time — whether during a routine audit or a dispute — the file is hashed again and compared to the hash in the certificate. If they match, the file is proven to be identical to what was attested. If they do not match, the file has been modified.
The hash makes it impossible to alter the file after attestation without the modification being detectable. This is what "tamper-evident" means.
What Brand Asset Attestation Proves
An attestation record, properly issued, creates evidence of three things:
1. The asset existed in this form at this time. A timestamp on a certificate issued by a third-party attestation service is harder to dispute than a file modification date, which can be changed on any operating system.
2. The agency delivered this specific version. If a client later claims the wrong version was used, you can produce the certificate showing exactly what was delivered and have the client's copy hashed to compare.
3. The asset has not been altered since delivery. This matters for scenarios where a file is downloaded, modified, and re-submitted as the original. A passing verification confirms the modification did not happen.
Use Cases Where Attestation Changes the Outcome
Brand guideline delivery
A client commissions a brand refresh. At final delivery, the agency attests the complete brand kit — logo files, colour palettes, typography guide, usage manual. Eighteen months later, a dispute arises over whether the agency delivered the correct pantone reference. The attestation certificate resolves it in one verification.
Campaign creative sign-off
An agency delivers a full suite of campaign assets across digital and print. The creative director signs off. Three months after launch, the client claims the banner delivered was not the approved version. The attested delivery record shows the file delivered matches the approved version exactly.
Freelancer contribution disputes
A freelancer claims the illustration they contributed was modified after delivery without authorisation. The agency attests the version it received from the freelancer and the version it used in production. If the hashes differ, the modification is provable. If they match, the claim is rebutted.
Vendor and partner brand compliance
An agency licenses its client's brand assets to a media partner for a co-branded campaign. Attestation of the asset version sent to the partner creates a record of exactly what brand materials were shared, preventing the partner from claiming they received an incorrect version if they misuse the assets.
The Difference Between Attestation and a DAM
A digital asset management (DAM) system stores and organises files. It is valuable for internal workflow. It is not a chain-of-custody tool.
A DAM shows you what is in your system today. An attestation record shows what existed at a point in time, who received it, and whether it has been changed since. These are complementary, not equivalent.
The failure mode a DAM does not prevent: you deliver the correct file from the DAM, the client modifies it, and later claims they received a defective version. The DAM shows your internal copy is correct, but cannot prove what the client received. An attestation certificate proves both.
Getting Started with Brand Asset Attestation
Merlonix provides digital attestation for marketing agencies. The workflow is straightforward:
- Upload the asset to create an attestation certificate
- Share the certificate URL alongside the delivered file
- Any party can verify the asset at any time by uploading the file to the certificate URL
A Starter plan supports up to 100 attestations per month at $49/month. For agencies managing multiple clients or requiring API integration into existing workflows, Team and Agency plans include bulk attestation and white-label certificate branding.
→ Complete guide: Agency Brand Protection: How to Safeguard Client Brands at Scale