SteadyFile

Trust

Security and Trust

SteadyFile handles sensitive workplace context, so the product is explicit about what stays local, what is shared only by user action, and what users should still control themselves.

SteadyFile provides documentation tools and general legal information. It does not provide legal advice and does not create a lawyer-client relationship. For advice about your specific situation, consult a qualified employment lawyer.

Translations are provided for accessibility and convenience. If there is any inconsistency, the English version is the reference version unless a reviewed local version is published.

Current security posture

Browser-local by default

The current workspace can save drafts in your browser storage without requiring an account.

Originals not uploaded by default

The workspace references original records and can compute local SHA-256 hashes. Original evidence files are not uploaded by the browser-local workflow.

Account backup boundary

Account backup is planned for structured records and packet history. It is not required to start a private file.

No employer access surface

The product does not include employer dashboards, HR integrations, or employer-facing access to user files.

User safety basics

Use a personal device, browser profile, and email account that your employer does not control. Review exports before sharing them with HR, a union representative, an advisor, or a lawyer.

What we do not promise

  • SteadyFile is not an emergency service or a substitute for a qualified lawyer.
  • SteadyFile does not make records immune from legal process, discovery, subpoena, or user sharing.
  • Current account backup is not advertised as end-to-end encrypted.
  • SteadyFile does not claim evidence is court-ready, admissible, or outcome-changing.

Transport security

Public routes are served over HTTPS by the hosting provider. Backend traffic should also use encrypted provider-managed connections.

Access controls

Future account backup is designed around per-user access, structured record storage, and no employer-facing access.

Data lifecycle

Browser-local drafts remain on the device until the user clears them or exports them. Account-backed records will need clear export and deletion controls before being treated as trust-ready.

Report a security concern

Email privacy@steadyfile.com with the subject line Security concern. Do not include sensitive workplace records in the initial report.