Security & Breach Notification
We take the security of your family's health information seriously. This page explains what we do to keep your data safe — and what we'll do if something goes wrong.
Our Security Practices
SteadyWith is built on infrastructure that takes security seriously:
- Encrypted in transit: All communication between your browser and SteadyWith uses HTTPS/TLS
- Encrypted at rest: Your documents and data are stored with encryption in Supabase
- Authentication: Secure login via email (magic link or password) with session management
- Access controls: Only you (and family members you explicitly invite) can see your data
- Limited team access: Only essential team members can access production data, and only when necessary for support or debugging
No system is perfectly secure. We are a small team in closed beta, doing our best to follow industry best practices while building quickly. We're honest about that.
If There's a Security Incident
If we discover a security breach that affects your personal data, here's what we commit to:
We'll notify you within 72 hours
You'll receive an email notification at your account email address within 72 hours of us discovering the breach. We won't wait until we have all the answers — we'll tell you what we know as soon as we know it.
We'll tell you what happened
The notification will explain: what occurred, what data was accessed or exposed, the approximate time period, and how many users were affected.
We'll tell you what we're doing about it
We'll describe the steps we're taking to contain the incident, recover systems, and prevent recurrence. We'll provide updates as our investigation progresses.
We'll tell you what you should do
If there's anything you should do — like change your password, monitor for unusual activity, or take other protective steps — we'll tell you clearly and specifically.
Reporting a Security Issue
If you notice something suspicious — like unexpected activity in your account, or you think your account may have been accessed without your permission — please contact us immediately.
Security contact
security@steadywith.comPlease include your account email and a description of what you observed. We'll respond within 24 hours.
Beta Reminder
SteadyWith is in closed beta. We are not HIPAA-compliant and do not have Business Associate Agreements with our AI providers. While we follow good security practices, we are not yet subject to the formal breach notification requirements of HIPAA. We adopt the 72-hour notification standard voluntarily because we believe it's the right thing to do.