# SteadyMouse Enterprise & ADA Security Documentation **Version:** 1.4 **Last Updated:** April 2026 **Company:** SteadyMouse, LLC **Website:** https://www.steadymouse.com --- ## Executive Summary SteadyMouse is assistive technology software designed to help users with Essential Tremor, Parkinson's disease, and Multiple Sclerosis use a computer mouse effectively. This document provides security, compliance, and deployment information for enterprise IT departments and organizations processing ADA (Americans with Disabilities Act) accommodation requests. **Key Points for Security Review:** - Operates in user space via Windows API (no driver installation required) - One-time online activation required (can be done via browser for air-gapped systems) - Operates 100% offline after activation with no feature limitations - Can be fully firewalled with no loss of functionality - Registered vendor with sam.gov and VA TRM (Tool ID: 11407) - SCCM/silent installation supported with product key preloading - Code signed releases (dual SHA1/SHA256) with cryptographic verification - Regular VirusTotal scanning of all releases --- ## Table of Contents 1. [Executive Summary](#executive-summary) 2. [Quick Reference for IT Departments](#quick-reference-for-it-departments) 3. [Product Overview](#product-overview) 4. [Security & Compliance](#security--compliance) 5. [Technical Architecture](#technical-architecture) 6. [System Requirements](#system-requirements) 7. [Network & Firewall Requirements](#network--firewall-requirements) 8. [Licensing & Pricing](#licensing--pricing) 9. [Support & SLA](#support--sla) 10. [Deployment Options for Locked-Down Environments](#deployment-options-for-locked-down-environments) 11. [Enterprise Deployment & SCCM](#enterprise-deployment--sccm) 12. [ADA & Accessibility Documentation](#ada--accessibility-documentation) 13. [Data Privacy & Retention](#data-privacy--retention) 14. [Incident Response](#incident-response) 15. [Software Development Practices](#software-development-practices) 16. [Contact Information](#contact-information) --- ## Quick Reference for IT Departments | Question | Answer | |----------|--------| | **Does it require admin rights?** | Only for installation. Runs with user rights afterward. | | **Does it use a driver?** | No. Uses standard user mode Windows API calls. | | **Can it run fully offline?** | Yes. 100% offline after one-time activation. | | **Can it be firewalled?** | Yes. Use manual browser activation method. No feature loss. | | **What data is collected?** | License info, OS version, anonymized computer ID at activation only. | | **Does it phone home?** | Only during activation and optional update checks. Can be blocked. | | **PCI-DSS compliance?** | Payment processors (Gumroad/QuickBooks) handle all card data. | | **Merchant of Record?** | Gumroad is MoR for standard purchases (handles sales tax). SteadyMouse, LLC for purchase orders. | | **Where is data stored?** | Customer data on US soil (DigitalOcean, Gumroad). Google Workspace (2FA + passkeys) for internal records backup. Business email via Fastmail (Australian company, US-based servers). | | **AI components?** | No. | | **Open source?** | No. Proprietary closed source. | | **Code signing?** | Yes. All releases are cryptographically signed. | | **Virus scanning?** | Yes. All releases published to VirusTotal. | | **Known conflicts?** | Minimal. Auto-disables in remote desktop sessions. Only supports some games. | | **Commercial use allowed?** | Yes. Same pricing as personal use. | | **Evaluation available?** | Yes. Full unrestricted license on honor system. | | **VA TRM listed?** | Yes. Tool ID 11407, approved via One-VA TRM v25.6. | | **Section 508 compliant?** | Not assessed by Section 508 Office. Implementer responsible for verification. | | **Contains database?** | No. | | **SCCM supported?** | Yes. InnoSetup installer with silent install flags. Multiple orgs deployed successfully. | | **Installer format?** | InnoSetup executable (not MSI). Supports /VERYSILENT /NORESTART flags. | | **Installer/license compatibility?** | **SteadyMouse 2 and SteadyMouse X have separate installers. Installer must match license edition.** | | **Product key preloading?** | Yes. Embed in installer filename (recommended) or use --set_product_key parameter. | | **Service uptime monitoring?** | Yes. Public status page at https://status.steadymouse.com/. | | **Debug logs available?** | Yes. Per-user logs in AppData\Roaming\SteadyMouse\steadymouse.log. | --- ## Product Overview ### What It Does SteadyMouse detects and removes hand tremor motion before it reaches the cursor, enabling users with movement disorders to use standard mouse hardware effectively. The software operates as a filter layer between physical mouse input and on-screen cursor movement. ### Core Features - Anti-tremor filtering with adjustable strength and multiple filter profiles - Automatic blocking of unintentional mouse clicks - Icon Targeting System for cursor snapping - Global toggle via Num-Lock key (configurable) - No specialized hardware required - works with all standard mice, trackpads, and pointing devices ### Target Users Individuals with: - Essential Tremor - Parkinson's Disease - Multiple Sclerosis - Other neurological conditions affecting fine motor control --- ## Security & Compliance ### Registration & Certifications **Government Registration:** - **Legal Entity Name:** STEADYMOUSE LLC - **D.U.N.S. Number:** 080691166 - **CAGE Code:** 7W6J0 - **UEI:** Z3QKMTKL7CF7 - **NAICS Codes:** 513210 (Primary), 541511 - Registered entity with [sam.gov](https://sam.gov) - Listed in VA Technical Reference Model (TRM): https://www.oit.va.gov/services/trm/ToolPage.aspx?tid=11407 - W-9 provided securely during onboarding **Payment Processing:** - SteadyMouse, LLC does NOT process, store, or transmit cardholder data - All payment processing handled by PCI-DSS compliant third parties | Purchase Method | Legal Seller | Tax Handling | |----------------|--------------|--------------| | Standard (via Gumroad) | Gumroad, Inc. | Gumroad collects & remits all sales tax | | Purchase Order (5+ licenses) | SteadyMouse, LLC | Invoice via QuickBooks (tax exempt orgs provide certificate) | **Gumroad Merchant of Record:** For standard purchases, [Gumroad](https://gumroad.com) acts as the **Merchant of Record**. This means Gumroad is the legal seller to the buyer, and handles all sales tax collection and remittance worldwide. For enterprise accounting purposes, standard purchases are technically purchases from Gumroad, Inc. - [Privacy Policy](https://gumroad.com/privacy) - [Terms of Service](https://gumroad.com/terms) - [Reseller Certificate](https://gumroad.com/Gumroad-CA-Resale%20Certificate-01JAN25.pdf) ### Security Scanning All releases are scanned and published to VirusTotal. Example reports: **Latest Installers:** - https://www.virustotal.com/gui/file/cc5c8ac1cce9bc57de5c65ae932efd934ee4944b5eeb5023773594f247baf14e - https://www.virustotal.com/gui/file/fc9db55abd1be582079c3d53ee28e5d41610545ac50114a9202c63b98a5f3951 ### Code Signing All releases are cryptographically signed to: - Verify publisher authenticity - Detect any post-release modification - Prevent tampering ### No AI Components The software does NOT incorporate any AI (Artificial Intelligence) components. --- ## Technical Architecture ### How It Works - **No Driver Required:** Operates entirely in user space via Microsoft Windows API - **Admin Rights:** Required only for installation to `C:\Program Files (x86)\SteadyMouse` - **Runtime Privileges:** Runs with standard user rights after installation - **Core Mechanism:** Uses Windows OS Mouse APIs (above driver layer) to intercept mouse data stream - **Language:** Written in C++ for efficiency and minimal resource usage ### External Dependencies The Windows desktop application makes calls to: - **steadymouse.com API:** One-time license activation, optional update checks - **No other external APIs** during normal operation Server infrastructure uses: - **Gumroad APIs:** Payment processing - **Google Workspace APIs:** Internal records backup ### Data Storage **Local (Development & Backup):** - Encrypted storage (fscrypt, AES-256) - Development, testing, and backup purposes **Cloud Services:** - **DigitalOcean** (NYC3 and SFO3 regions, encryption at rest) — License activation, website hosting - **Google Workspace** (2FA + passkeys, name-based access) — Internal records backup - **Fastmail** ([Privacy Policy](https://www.fastmail.com/policies/privacy/)) — All business email (Australian company, US-based servers) - **Gumroad** — Payment processing, customer purchase data All production servers run recent Ubuntu LTS with daily security updates. **Server Hardening:** - SSH key-only authentication (password auth disabled) - Tailscale mesh VPN for management plane (no public SSH exposure) - fail2ban intrusion prevention - Explicit user whitelists - Three-tier account separation (root disabled / admin with sudo / service account) --- ## System Requirements ### Operating Systems - Windows 11, 10, 8.1, 8, 7, Vista, XP (SP3) - Windows Server 2022, 2019, 2016, 2012 - Both 64-bit and 32-bit architectures supported ### Hardware Compatibility Works with all standard mouse types: - Wired USB mice - Wireless/Bluetooth mice - Trackpads - Trackballs (e.g., Contour RollerMouse) - Pointing sticks - Wacom tablets (experimental) ### Virtual Environments - Works in Parallels and VMWare Fusion with minor configuration adjustments - **Remote Desktop / Azure / Citrix:** SteadyMouse must be installed on the LOCAL Windows client (where the user physically sits), not on the remote/virtual machine. It automatically disables if installed on the remote session. Mouse filtering occurs locally before input is sent to the remote system. --- ## Network & Firewall Requirements ### Connectivity Summary **Required for activation only. 100% offline operation after activation.** ### Network Details - **Protocol:** HTTPS - **Port:** 443 - **Endpoint:** steadymouse.com and auth.steadymouse.com API server - **TLS Version:** TLS 1.2+ ### Activation Methods #### Option 1: Standard Activation (Internet Required) One-time connection to activation servers during first launch. **Data exchanged during activation:** - Software version - License information and Product Key - Anonymized computer identification number (hash) - Windows OS version and preferred language - Partial, irreversible hash of IP address (not the full IP address) Reference: https://www.steadymouse.com/manual/#activationsimple #### Option 2: Manual Browser Activation (Air-Gapped Systems) For fully firewalled or air-gapped environments: 1. User accesses steadymouse.com from any device with internet 2. Enters product key via browser 3. Receives confirmation code 4. Enters code into offline installation **No feature limitations with this method.** Reference: https://www.steadymouse.com/manual/#activationmanual ### Update Checks (Optional) - Every 6 months, software reminds user to optionally check for updates - User can skip this check, or select "Never Remind Me" to permanently dismiss all future prompts and stop all outbound connectivity - If firewalled, updates can be downloaded manually from website ### Firewall Recommendation **For maximum security:** Firewall the application completely after activation. This ensures zero internet communication while maintaining full functionality. --- ## Licensing & Pricing ### Commercial & Workplace Use **Commercial use is permitted** using the same license tiers as personal use. The EULA is flexible to accommodate workplace deployments. ### License Tiers | License Type | Price | Description | |-------------|-------|-------------| | **SteadyMouse 2** | $43 USD | Current version (2.x) and all minor updates. Does not include major upgrades (3.0+). | | **SteadyMouse X** | $127 USD | Lifetime access to all future major and minor versions. | **Note for IT Departments:** These are separate products with separate installers. The installer edition must match the purchased license edition. A SteadyMouse 2 key cannot activate the SteadyMouse X installer, and vice versa. ### Installation Rights Each license permits: - Installation on multiple computers for a given user: https://www.steadymouse.com/manual/#multiplecomputers - Use by purchaser, employees, subsidiary staff, or IT consultants performing internal business functions - Both "multiple computers per person" and "multiple users per computer" scenarios ### Volume Purchasing - **Purchase Orders:** Accepted for orders of 5+ licenses - **Invoicing:** Available via Intuit QuickBooks - **Payment:** Electronic funds transfer (USD) ### Enterprise Licensing For enterprise licensing arrangements, contact sales [at] steadymouse.com. ### ADA Accommodation Pricing Pricing is the same for workplace/ADA accommodation use as for personal use. ### EULA Reference Full licensing terms: https://www.steadymouse.com/eula/ --- ## Support & SLA ### Support Channels - **Primary:** Email (support [at] steadymouse.com) - **Phone:** Not available - **Self-Service:** Comprehensive [manual](https://www.steadymouse.com/manual/), [FAQ](https://www.steadymouse.com/faq/), and [Reddit community](https://old.reddit.com/r/steadymouse) ### Response Time - **Typical response:** 1 business day - **Priority:** All users receive equal access to support - **Volume licenses:** Higher priority during high-traffic periods ### Evaluation Licenses - **Type:** Full, unrestricted licenses - **Duration:** Honor system - **Purpose:** IT testing, analysis, packaging, security review - **Request:** Contact sales [at] steadymouse.com ### Service Uptime - **Status Page:** https://status.steadymouse.com/ (powered by Uptime Robot) - Real-time and historical uptime data for all SteadyMouse services (website, activation servers, APIs) - Publicly accessible — no login required ### Money-Back Guarantee - **Duration:** 70 days from purchase - **Process:** Simple refund via email request to support [at] steadymouse.com - **Reminder:** Automated email sent at day 25 - **Note:** While Gumroad's standard refund window is 30 days, SteadyMouse honors our 70-day guarantee for all purchases regardless of purchase method --- ## Deployment Options for Locked-Down Environments ### Recommended Deployment Strategies #### Option 1: Fully Firewalled Installation **Best for:** High-security environments with strict data protection requirements 1. Download installer from steadymouse.com 2. Transfer installer to target system (USB, internal network, etc.) 3. Install with admin rights 4. Configure firewall to block all steadymouse.exe internet access 5. Activate using manual browser method (https://www.steadymouse.com/manual/#activationmanual) 6. **Result:** Zero application internet communication after one-time browser activation, full functionality #### Option 2: Remote Desktop / Azure / Citrix **Best for:** VDI environments, thin clients, and remote desktop scenarios - Install SteadyMouse on LOCAL Windows PC (where user physically sits) - Use Remote Desktop, Azure Virtual Desktop, or Citrix to access remote systems - **Result:** Assistive technology runs locally, filtered mouse input is sent to remote system - **Note:** Do NOT install on the remote/virtual machine — SteadyMouse automatically disables if it detects it's running in a remote session #### Option 3: Standard Installation with Limited Internet **Best for:** Environments allowing occasional internet access 1. Install with admin rights 2. Allow one-time activation via HTTPS (port 443) 3. Optionally allow semi-annual update checks 4. Otherwise normal operation ### Installation Testing Request an evaluation license for: - Security analysis and penetration testing - Packaging and deployment testing - Integration testing with existing security tools - Validation of firewall configurations --- ## Enterprise Deployment & SCCM ### Installer Format & Code Signing **Installer Type:** InnoSetup executable (not MSI) **Important — Installer Must Match License Edition:** SteadyMouse 2 and SteadyMouse X are separate products with **separate installers**. A SteadyMouse 2 product key will only activate the SteadyMouse 2 installer, and a SteadyMouse X product key will only activate the SteadyMouse X installer. The installers are not interchangeable. When packaging for enterprise deployment, verify that the installer edition matches the purchased license edition. **Code Signing:** - Dual signed with SHA1 and SHA256 algorithms - Certificate: COMODO RSA EV Code Signing Certificate - Issued to: "SteadyMouse, LLC" **Note:** While not a native MSI installer, multiple organizations have successfully packaged SteadyMouse for silent installation via SCCM/Microsoft System Center Configuration Manager. ### Silent Installation Commands The installer supports standard InnoSetup command-line parameters: ```bash # Completely silent installation (no UI) SteadyMouseInstaller.exe /VERYSILENT /NORESTART # Silent with UI visible SteadyMouseInstaller.exe /SILENT /NORESTART # Skip VC++ Runtime installation (if already present) SteadyMouseInstaller.exe /VERYSILENT /SKIP_VCRUNTIME=true # Control startup and desktop icon tasks SteadyMouseInstaller.exe /VERYSILENT /TASKS="desktopicon,!startup_justme" # Combination example for enterprise deployment SteadyMouseInstaller.exe /VERYSILENT /NORESTART /SKIP_VCRUNTIME=true /TASKS="!desktopicon,!startup_justme" ``` **Available Tasks:** - `desktopicon` - Create desktop shortcut - `startup_justme` - Launch at Windows startup for current user - Prefix with `!` to deselect (e.g., `!desktopicon`) **Full InnoSetup Documentation:** https://jrsoftware.org/ishelp/index.php?topic=setupcmdline ### Product Key Preloading IT departments can preload the product key before user's first launch using two methods: #### Method 1: Installer Filename (Recommended) Append the product key to the installer filename in brackets: ``` SteadyMouseSetup[XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX].exe ``` *Note:* Installers downloaded from [steadymouse.com/downloads](https://www.steadymouse.com/downloads/) are automatically named this way when using a product key to access the download. #### Method 2: Post-Install Command Run this command after installation to store the product key: ```bash SteadyMouse.exe --set_product_key=XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX --basic_update_and_quit ``` **Key Requirements (both methods):** - Must be in standard format: `XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX` - Does NOT trigger activation, only stores the key for easier activation later - User will still need to complete activation on first launch **Typical SCCM Deployment Sequence:** 1. Download installer with key embedded in filename from [Downloads](https://www.steadymouse.com/downloads/) 2. Silent install: `SteadyMouseSetup[XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX].exe /VERYSILENT /NORESTART` 3. User activates via browser (manual activation method) on first launch ### Multi-User Environments & Shared Machines #### How Activation Works **Activation automatically configures for both per-user and per-machine use.** **App Data Storage:** 1. **User-specific:** `C:\Users\\AppData\Roaming\SteadyMouse\settings.xml` 2. **Machine-wide:** `C:\ProgramData\SteadyMouse\settings.xml` 3. **Read-only Machine-wide:** `C:\Program Files (x86)\SteadyMouse\defaults.xml` At startup, SteadyMouse loads activation data in layers: 1. `defaults.xml` loads first (read-only machine-wide defaults from Program Files) 2. `settings.xml` in ProgramData loads second (machine-wide settings) 3. `settings.xml` in user AppData loads third (user-specific overrides) - If valid activation confirmation code exists in any file, software is activated When a user activates SteadyMouse, the software automatically writes activation data to both user-specific and machine-wide locations, enabling all users on the PC to benefit from a single activation. ### Troubleshooting & Debug Logs #### Debug Log Location Each user account has its own debug log: ``` C:\Users\\AppData\Roaming\SteadyMouse\steadymouse.log ``` **What it contains:** - Application startup and shutdown events - Settings loading and errors - Activation attempts and results - Runtime errors and warnings **Access instructions:** https://www.steadymouse.com/manual/#debuglog ### Testing & Validation #### Validation Steps for IT Departments 1. **Download installer:** - Access via product key: https://www.steadymouse.com/downloads/ - Or from purchase receipt email 2. **Verify code signature:** - Right-click installer → Properties → Digital Signatures - Confirm: "SteadyMouse, LLC" with COMODO RSA EV Certificate 3. **Test silent installation:** ```bash SteadyMouseInstaller.exe /VERYSILENT /NORESTART ``` 4. **Preload product key (optional):** ```bash SteadyMouse.exe --set_product_key=XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX --basic_update_and_quit ``` 5. **Test activation:** - Launch application as test user - Complete manual browser activation - Verify activation in settings 6. **Test multi-user activation (if applicable):** - Log in as second user account on same PC - Launch SteadyMouse - Verify activation is present (should be automatic) - If not activated, check debug logs for both users and verify machine-wide settings files were written 7. **Configure firewall (if required):** - Block `SteadyMouse.exe` internet access - Verify functionality remains intact #### Software Center / Self-Service Deployment SteadyMouse can be made available in SCCM Software Center for user-initiated installation: 1. Package installer with silent installation flags 2. Optionally preload product key during deployment 3. Users install from Software Center at their convenience 4. Users complete manual browser activation on first launch 5. No admin rights required for activation step ### Activation Limits **Per Product Key:** - Maximum 30 successful activations to accommodate PC replacements and multiple machines ### Download Access for IT Testing IT departments can access installers for testing using the product key: https://www.steadymouse.com/downloads/ Select license type and enter product key to download installers for any version/platform testing. ### Compatibility Notes **Gaming Support:** - Partial game compatibility - see https://www.steadymouse.com/gaming/ for details - Used successfully for aim stabilization in some games (e.g., Overwatch) - Software operates at user-space level, not kernel level - No anti-cheat conflicts reported **Support Resources:** - Comprehensive troubleshooting resources available in manual and FAQ - Direct developer support via email for deployment or compatibility concerns - Debug logs provide detailed diagnostics for troubleshooting - No reports of data loss, security vulnerabilities, or system instability --- ## ADA & Accessibility Documentation ### Assistive Technology Classification SteadyMouse is purpose-built assistive technology designed from the ground up to accommodate users with hand tremor conditions. ### Government Recognition **Department of Veterans Affairs - Technical Reference Model (TRM)** SteadyMouse is officially listed in the VA Technical Reference Model: - **Tool ID:** 11407 - **Vendor:** Steady Mouse LLC - **Decision Date:** June 16, 2025 - **Decision Source:** TRM Management Group - **Decision Process:** One-VA TRM v25.6 - **Public Reference:** https://www.oit.va.gov/services/trm/ToolPage.aspx?tid=11407 *This listing is publicly accessible and can be independently verified by IT departments and security teams.* **Official VA TRM Description:** > SteadyMouse is accessibility software installed locally on a personal computer (PC) which enables users with Parkinson's disease and Essential Tremor to use a computer mouse. This technology both rejects tremor shaking motion before it reaches the cursor, and blocks accidental button clicks before unintended actions are caused. This technology provides controls allowing the user to configure these features to fit personal tremor characteristics. SteadyMouse is designed to work with all common mouse types. > > This technology does not contain a database. **Technology/Standard Usage Requirements:** Users must ensure their use of this technology/standard is consistent with VA policies and standards, including, but not limited to, VA Handbooks 6102 and 6500; VA Directives 6004, 6513, and 6517; and National Institute of Standards and Technology (NIST) standards, including Federal Information Processing Standards (FIPS). Users must ensure sensitive data is properly protected in compliance with all VA regulations. **Section 508 Compliance Status:** *Important Note:* This technology has not been assessed by the Section 508 Office. The implementer of this technology has the responsibility to ensure the version deployed is 508-compliant. Section 508 compliance may be reviewed by the Section 508 Office and appropriate remedial action required if necessary. For additional information or assistance regarding Section 508, contact the Section 508 Office at Section508@va.gov. ### Third-Party Expert Recognition SteadyMouse has been recognized and featured by leading medical, accessibility, and assistive technology organizations: **Medical & Healthcare Organizations:** - **Parkinson's UK** - Featured in 2025 Tech Guide as recommended essential tremor aid - **Stanford Parkinson's Community Outreach** - 2022 feature highlighting accessibility and cost-effectiveness for individuals with Parkinson's disease **Assistive Technology Centers:** - **MonTECH** (Montana Assistive Technology Program) - 2020 demonstration video showcasing real-time tremor reduction capabilities **Digital Health Recognition:** - **Medical Futurist** - 2024 reference among digital health tools for tremor management These independent endorsements from medical and accessibility experts provide additional validation of SteadyMouse's effectiveness as assistive technology, complementing its formal approval in the VA Technical Reference Model. ### ADA Accommodation Requests When filing ADA accommodation requests, you may reference: 1. **Company Registration:** SteadyMouse, LLC is a registered vendor with sam.gov 2. **VA Recognition:** Listed in VA Technical Reference Model (Tool ID: 11407) - Publicly verifiable at: https://www.oit.va.gov/services/trm/ToolPage.aspx?tid=11407 - IT departments can independently confirm this approval 3. **Purpose:** Medical assistive technology for Essential Tremor, Parkinson's, MS 4. **Security:** Can operate in fully air-gapped mode after one-time activation 5. **This document:** Provides technical and security details for IT review ### Supporting Documentation Available Upon request, SteadyMouse, LLC can provide: - Evaluation licenses for testing - Direct correspondence with IT departments - Technical clarification on any security concerns - VirusTotal scan reports - Release notes and version history ### Contact for ADA Requests - **Email:** admin [at] steadymouse.com - **Subject:** "ADA Accommodation - [Company Name]" - **Include:** Any specific security questionnaires or requirements from your IT department --- ## Data Privacy & Retention ### Data Collected #### At Purchase (via Payment Processor) - Name, email, license type, purchase price, product key - Timestamp, state, ZIP code, approximate geographic location (country) - Depending on processor: purchase referral source and contact preference flag - We do not send marketing emails regardless of any contact preference setting - We do not receive or store credit card numbers - Transaction records retained for order processing and support - See [Security & Compliance](#security--compliance) for current payment processor details #### At Activation - Software version - License information and Product Key - Anonymized computer identification number (hash) - Windows OS version and preferred language - Partial, irreversible hash of IP address (not the full IP address) **Transmitted via TLS 1.2+ encrypted connection.** #### During Operation - **Local debug log:** Kept on user's computer, never transmitted unless user emails for support - **No telemetry:** No usage tracking, analytics, or behavioral data collection - **No automatic reporting:** Software does not "phone home" after activation ### Data Storage & Retention - **Retention Period:** Indefinitely unless deletion requested - **Deletion Requests:** Honored upon request via email - **GDPR/CCPA:** Data deletion requests honored upon request. Minimal data footprint — no behavioral tracking, no telemetry, no marketing emails - **Storage Locations:** Customer data on US soil (DigitalOcean, Gumroad). Google Workspace (2FA + passkeys) for internal records backup. Business email via Fastmail (Australian company, US-based servers). ### Customer Communication - **Method:** Email only - **Frequency:** Purchase confirmation, optional update reminders - **Opt-out:** Update reminders can be dismissed/skipped --- ## Incident Response ### Incident Handling All aspects of incident response are managed directly by the founder, Benjamin Gottemoller. The active response process includes: 1. **Monitoring:** Continuous uptime and security monitoring via UptimeRobot and DigitalOcean alerting 2. **Assessment:** Impact analysis of any identified issues 3. **Containment:** Prompt action to contain and resolve issues 4. **Notification:** Direct notification of affected parties if necessary 5. **Transparency:** Clear communication about incident nature and resolution ### Breach Notification In the event of a data breach: - Customers notified via email after analysis - Notification includes: data types affected, timing, circumstances - Only users with confirmed data access are notified ### Customer Communication Channel - **Primary link to users:** Email - **Post-activation security:** Software operates offline, making exploitation difficult - **Updates:** Security updates bundled with regular dependency updates - **User protection:** Standard users cannot modify installation without admin rights --- ## Software Development Practices ### Secure Development Environment - **Code storage:** Encrypted repositories (fscrypt, AES-256) - **Version control:** Git tracking of all changes - **Build environment:** Clean Windows VM with only essential development tooling - **Dependencies:** Carefully screened, limited to handful of major well-known libraries - **Code signing:** All releases cryptographically signed - **Scanning:** All releases uploaded to VirusTotal ### Development Process - **Developer:** Benjamin Gottemoller (sole developer) - **Education:** UIUC Computer Engineering B.S., embedded firmware specialty - **Location:** Princeville, Illinois, USA - **Testing:** Manual and automated testing (63-test suite) every release and continuously during development - **Code review:** Internal review process - **Quality assurance:** Thousands of assertion checks in codebase to prevent bad releases - **User feedback:** Direct email feedback drives bug fixes ### Release Management - **Release notes:** https://www.steadymouse.com/downloads/release_notes/ - **Update cadence:** No fixed schedule, driven by features and bug fixes - **Security updates:** Dependencies updated at each release, including security patches - **Version support:** Current major version fully supported; older versions receive limited support ### Code Integrity - **Repository security:** Encrypted repos (fscrypt, AES-256) with strict access control - **Build verification:** Compiled and signed in isolated clean environment - **Release verification:** VirusTotal scan published for every release - **Publisher verification:** Code signing proves authenticity and detects tampering --- ## Contact Information ### Company Details **SteadyMouse, LLC** 10013 W. Legion Hall Rd. Princeville, IL 61559 United States **Founded:** 2005 (Incorporated 2016) **Jurisdiction:** Illinois ### Email Contacts - **Founder:** ben [at] steadymouse.com - **Support:** support [at] steadymouse.com - **Sales & Licensing:** sales [at] steadymouse.com - **Security Questions:** dev [at] steadymouse.com - **Bug Reports:** bugs [at] steadymouse.com ### Online Resources - **Website:** https://www.steadymouse.com - **Manual:** https://www.steadymouse.com/manual/ - **FAQ:** https://www.steadymouse.com/faq/ - **EULA:** https://www.steadymouse.com/eula/ - **Privacy Policy:** https://www.steadymouse.com/privacy/ - **Service Status:** https://status.steadymouse.com/ - **Reddit Community:** https://old.reddit.com/r/steadymouse ### Social Media - Twitter: [@steadymouse](https://twitter.com/steadymouse) - Instagram: [@steadymouse](https://www.instagram.com/steadymouse) - Facebook: [SteadyMouse](https://facebook.com/steadymouse) --- ### Deployment Checklist for Locked-Down Environments - [ ] Download installer from official website or purchase email - [ ] **Verify installer edition matches license edition (SteadyMouse 2 vs. SteadyMouse X)** - [ ] Scan installer with internal security tools - [ ] Verify code signature - [ ] Cross-reference VirusTotal report - [ ] Test installation in isolated VM - [ ] Configure firewall rules to block application internet access - [ ] Perform manual browser activation (https://www.steadymouse.com/manual/#activationmanual) - [ ] Verify functionality with firewall active - [ ] Document configuration for deployment - [ ] Deploy to end user system - [ ] Provide user training on toggle key (Num Lock) and basic features --- **Document Version:** 1.4 **Maintained by:** SteadyMouse, LLC **For updates or questions:** support [at] steadymouse.com --- *This documentation is provided to assist IT departments and security teams in evaluating SteadyMouse for enterprise deployment and ADA accommodation requests. For additional details or specific security questionnaires, please contact us directly.*