Skip to content


Steady employs advanced technology to secure and back up your account information on protected and guarded systems that allow for scalability, performance and reliability. We work with an independent auditor to maintain a SOC 2 Type 2 attestation.

AICPA SOC for Service Organizations badge Monitored by Drata SOC 2 badge SOC 2 tested and attested by independent auditor Precscient

Your Data is Yours

  • We do not share or sell the organizational or personal information for you or any team member connected to your account. Period.
  • Your team’s data belongs to you and your team. You may export it at anytime.
  • We will purge your data from our data stores and logs at your request or automatically upon account cancellation.
  • We cannot access your data unless you ask us to for troubleshooting purposes.
  • We will never use your data to train AI models.

Your Data is Protected and Secure

  • Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS.
  • Each user in your organization is provided with a unique user name and strong password or expiring authentication token that must be entered each time a user signs on. We also integrate with SAML 2.0 compliant iDPs.
  • Steady issues a session cookie only to record encrypted authentication information for the duration of a specific session, not to store usernames or passwords. Our session cookies use the secure and HTTP only flags.
  • Your credit card data is securely submitted directly from your browser to a leading, PCI Service Provider Level 1 payment gateway. It never touches our servers.
  • We keep rotating, daily backups of all account data.
  • Under the hood, all data is encrypted in transit and at rest.
  • Sensitive data, like passwords, authentication tokens and status check-ins are never logged.
  • Your data is housed in physically secured, SOC 2 Type II compliant, and ISO 27001/27017/27018 certified data centers within the United States.
  • We work with an independent auditor to maintain a SOC 2 Type II report, which objectively certifies our controls to ensure the continuous security of our customers’ data.

Our Systems are Monitored 24x7

  • Our managed hosting provider operations team monitors all hosts and services for integrity and availability, 24 hours a day, 7 days a week.
  • Our software infrastructure is updated regularly with the latest security patches.
  • Both manual and automated vulnerability scans and security reviews are continuously performed.

Security Exploit Bounty Program

Security of user data and communication is of utmost importance to us. In pursuit of the best possible security for our service, we welcome responsible disclosure of any vulnerability you find in Steady. Additional details here.

More Information

Contact us anytime for additional details.