SteadyFile

Trust

Security and Trust

SteadyFile handles sensitive workplace context, so the product should be plain about what is protected, what is not live yet, and what users should still control themselves.

SteadyFile provides documentation tools and general legal information. It does not provide legal advice and does not create a lawyer-client relationship. For advice about your specific situation, consult a qualified employment lawyer.

Translations are provided for accessibility and convenience. If there is any inconsistency, the English version is the reference version unless a reviewed local version is published.

Current security posture

Browser-local by default

The current workspace can save drafts in your browser storage without requiring an account.

Originals not uploaded by default

The workspace references original records and can compute local SHA-256 hashes. Original evidence files are not uploaded by the browser-local workflow.

Account MVP infrastructure

Account save, export, and deletion are built around Supabase authentication, PostgreSQL row-level security, and user-owned records once environment configuration is complete.

No employer access surface

The product does not include employer dashboards, HR integrations, or employer-facing access to user files.

User safety basics

Use a personal device, browser profile, and email account that your employer does not control. Review exports before sharing them with HR, a union representative, an advisor, or a lawyer.

What we do not promise

  • SteadyFile is not an emergency service or a substitute for a qualified lawyer.
  • SteadyFile does not make records immune from legal process, discovery, subpoena, or user sharing.
  • Current MVP infrastructure is not advertised as end-to-end encrypted.
  • SteadyFile does not claim evidence is court-ready, admissible, or outcome-changing.

Transport security

Public routes are served over HTTPS by the hosting provider. Backend traffic should also use encrypted provider-managed connections.

Access controls

Account records are designed for per-user access through Supabase authentication and row-level security policies.

Data lifecycle

Export and account deletion controls are part of the MVP path. Real backend verification depends on configured environment variables and applied database migrations.

Report a security concern

Email privacy@steadyfile.com with the subject line Security concern. Do not include sensitive workplace records in the initial report.