Enterprise & ADA Documentation

SteadyMouse is assistive technology software designed to help users with Essential Tremor, Parkinson's disease, and Multiple Sclerosis use a computer mouse effectively. This document provides security, compliance, and deployment information for enterprise IT departments and organizations processing ADA (Americans with Disabilities Act) accommodation requests.

Key Points for Security Review

• Currently operates in user space via Windows API (no driver installation required)
• One-time online activation required (can be done via browser for air-gapped systems)
• Operates 100% offline after activation with no feature limitations
• Can be fully firewalled with no loss of functionality
• Registered vendor with sam.gov and VA TRM (Tool ID: 11407)
• SCCM/silent installation supported with product key preloading
• Code signed releases (dual SHA1/SHA256) with cryptographic verification
• Regular VirusTotal scanning of all releases

Question	Answer
Does it require admin rights?	Only for installation. Runs with user rights afterward.
Does it use a driver?	No. Uses standard user mode Windows API calls.
Can it run fully offline?	Yes. 100% offline after one-time activation.
Can it be firewalled?	Yes. Use manual browser activation method. No feature loss.
What data is collected?	License info, OS version, anonymized computer ID at activation only.
Does it phone home?	Only during activation and optional update checks. Can be blocked.
PCI-DSS compliance?	Payment processors (Gumroad/QuickBooks) handle all card data.
Merchant of Record?	Gumroad is MoR for standard purchases (handles sales tax). SteadyMouse, LLC for purchase orders.
Where is data stored?	Customer data on US soil (Google Workspace, Digital Ocean, Gumroad). Business email via Fastmail (Australian company, US-based servers).
AI components?	No.
Open source?	No. Proprietary closed source.
Code signing?	Yes. All releases are cryptographically signed.
Virus scanning?	Yes. All releases published to VirusTotal.
Known conflicts?	Minimal. Auto-disables in remote desktop sessions. Only supports some games.
Commercial use allowed?	Yes. Same pricing as personal use.
Evaluation available?	Yes. Full unrestricted license on honor system.
VA TRM listed?	Yes. Tool ID 11407, approved via One-VA TRM v25.6.
Section 508 compliant?	Not assessed by Section 508 Office. Implementer responsible for verification.
Contains database?	No.
SCCM supported?	Yes. InnoSetup installer with silent install flags.
Installer format?	InnoSetup executable (not MSI). Supports /VERYSILENT /NORESTART flags.
Installer/license compatibility?	SteadyMouse 2 and SteadyMouse X have separate installers. Installer must match license edition.
Product key preloading?	Yes. Embed in installer filename (recommended) or use --set_product_key parameter.
Service uptime monitoring?	Yes. Public status page at status.steadymouse.com.
Debug logs available?	Yes. Per-user logs in AppData\Roaming\SteadyMouse\steadymouse.log.

What It Does

SteadyMouse detects and removes hand tremor motion before it reaches the cursor, enabling users with movement disorders to use standard mouse hardware effectively. The software operates as a filter layer between physical mouse input and on-screen cursor movement.

Core Features

• Anti-tremor filtering with adjustable strength and multiple filter profiles
• Automatic blocking of unintentional mouse clicks
• Icon Targeting System for cursor snapping
• Global toggle via Num-Lock key (configurable)
• No specialized hardware required — works with all standard mice, trackpads, and pointing devices

Target Users

Individuals with:

• Essential Tremor
• Parkinson's Disease
• Multiple Sclerosis
• Other neurological conditions affecting fine motor control

Registration & Certifications

Government Registration:

• Legal Entity Name: STEADYMOUSE LLC
• D.U.N.S. Number: 080691166
• CAGE Code: 7W6J0
• UEI: Z3QKMTKL7CF7
• NAICS Codes: 513210 (Primary), 541511
• Registered entity with sam.gov
• Listed in VA Technical Reference Model (TRM): Tool ID 11407
• W-9 provided securely during onboarding

Payment Processing:
SteadyMouse, LLC does NOT process, store, or transmit cardholder data. All payment processing is handled by PCI-DSS compliant third parties:

Purchase Method	Legal Seller	Tax Handling
Standard (via Gumroad)	Gumroad, Inc.	Gumroad collects & remits all sales tax
Purchase Order (5+ licenses)	SteadyMouse, LLC	Invoice via QuickBooks (tax exempt orgs provide certificate)

Gumroad Merchant of Record:
For standard purchases, Gumroad acts as the Merchant of Record. This means Gumroad is the legal seller to the buyer, and handles all sales tax collection and remittance worldwide. For enterprise accounting purposes, standard purchases are technically purchases from Gumroad, Inc. (Privacy Policy | Terms of Service | Reseller Certificate)

Security Scanning

All releases are scanned and published to VirusTotal. Example reports:

• Installer Scan Report 1
• Installer Scan Report 2

Code Signing

All releases are cryptographically signed to:

• Verify publisher authenticity
• Detect any post-release modification
• Prevent tampering

No AI Components

The software does NOT incorporate any AI (Artificial Intelligence) components.

How It Works

• No Driver Required: Operates entirely in user space via Microsoft Windows API
• Admin Rights: Required only for installation to C:\Program Files (x86)\SteadyMouse
• Runtime Privileges: Runs with standard user rights after installation
• Core Mechanism: Uses Windows OS Mouse APIs (above driver layer) to intercept mouse data stream
• Language: Written in C++ for efficiency and minimal resource usage

External Dependencies

The Windows desktop application makes calls to:

• steadymouse.com API: One-time license activation, optional update checks
• No other external APIs during normal operation

Server infrastructure uses:

• Gumroad APIs: Payment processing
• Google Workspace APIs: Business operations

Data Storage

Local (Development & Backup): Encrypted storage only for development, testing, and backup purposes.

Cloud Services:

• Digital Ocean (NYC3 and SFO3 regions) — License activation, website hosting
• Google Workspace (2FA enabled, name-based access) — Internal business operations
• Fastmail (Privacy Policy) — All business email (Australian company, US-based servers)
• Gumroad — Payment processing, customer purchase data

All production servers run recent Ubuntu LTS with daily security updates.

Operating Systems

• Windows 11, 10, 8.1, 8, 7, Vista, XP (SP3)
• Windows Server 2022, 2019, 2016, 2012
• Both 64-bit and 32-bit architectures supported

Hardware Compatibility

Works with all standard mouse types:

• Wired USB mice
• Wireless/Bluetooth mice
• Trackpads
• Trackballs (e.g., Contour RollerMouse)
• Pointing sticks
• Wacom tablets (experimental)

Virtual Environments

• Works in Parallels and VMWare Fusion with minor configuration adjustments
• Remote Desktop / Azure / Citrix: SteadyMouse must be installed on the LOCAL Windows client (where the user physically sits), not on the remote/virtual machine. It automatically disables if installed on the remote session. Mouse filtering occurs locally before input is sent to the remote system.

Connectivity Summary

Required for activation only. 100% offline operation after activation.

Network Details

• Protocol: HTTPS
• Port: 443
• Endpoint: steadymouse.com and auth.steadymouse.com API server
• TLS Version: TLS 1.2+

Activation Methods

Option 1: Standard Activation (Internet Required)

One-time connection to activation servers during first launch.

Data exchanged during activation:

• Software version
• License information and Product Key
• Anonymized computer identification number (hash)
• Windows OS version and preferred language

Reference: Manual - Simple Activation

Option 2: Manual Browser Activation (Air-Gapped Systems)

For fully firewalled or air-gapped environments:

1. User accesses steadymouse.com from any device with internet
2. Enters product key via browser
3. Receives confirmation code
4. Enters code into offline installation

No feature limitations with this method.
Reference: Manual - Manual Activation

Update Checks (Optional)

• Every 6 months, software reminds user to optionally check for updates
• User can easily skip this check
• If firewalled, updates can be downloaded manually from website

Firewall Recommendation

For maximum security: Firewall the application completely after activation. This ensures zero internet communication while maintaining full functionality.

Commercial & Workplace Use

Commercial use is permitted using the same license tiers as personal use. The EULA is flexible to accommodate workplace deployments.

License Tiers

License Type	Price	Description
SteadyMouse 2	$43 USD	Current version (2.x) and all minor updates. Does not include major upgrades (3.0+).
SteadyMouse X	$127 USD	Lifetime access to all future major and minor versions.

Note for IT Departments: These are separate products with separate installers. The installer edition must match the purchased license edition. A SteadyMouse 2 key cannot activate the SteadyMouse X installer, and vice versa.

Installation Rights

Each license permits:

• Installation on multiple computers for a given user: Details
• Use by purchaser, employees, subsidiary staff, or IT consultants performing internal business functions
• Both "multiple computers per person" and "multiple users per computer" scenarios

Volume Purchasing

• Purchase Orders: Accepted for orders of 5+ licenses
• Invoicing: Available via Intuit QuickBooks
• Payment: Electronic funds transfer (USD)

ADA Accommodation Pricing

Pricing is the same for workplace/ADA accommodation use as for personal use.

EULA Reference

Full licensing terms: EULA

Support Channels

• Primary: Email (support-essential-tremor-filtering@steadymouse.com)
• Phone: Not available
• Self-Service: Comprehensive manual, FAQ, and Reddit community

Response Time

• Typical response: 1 business day
• Priority: All users receive equal access to support
• Volume licenses: Higher priority during high-traffic periods

Evaluation Licenses

• Type: Full, unrestricted licenses
• Duration: Honor system
• Purpose: IT testing, analysis, packaging, security review
• Request: Contact sales-essential-tremor-filtering@steadymouse.com

Service Uptime

• Status Page: status.steadymouse.com (powered by Uptime Robot)
• Real-time and historical uptime data for all SteadyMouse services (website, activation servers, APIs)
• Publicly accessible — no login required

Money-Back Guarantee

• Duration: 70 days from purchase
• Process: Simple refund via email request to support-essential-tremor-filtering@steadymouse.com
• Reminder: Automated email sent at day 25
• Note: While Gumroad's standard refund window is 30 days, SteadyMouse honors our 70-day guarantee for all purchases regardless of purchase method

Option 1: Fully Firewalled Installation

Best for: High-security environments with strict data protection requirements

1. Download installer from steadymouse.com
2. Transfer installer to target system (USB, internal network, etc.)
3. Install with admin rights
4. Configure firewall to block all steadymouse.exe internet access
5. Activate using manual browser method
6. Result: Zero application internet communication after one-time browser activation, full functionality

Option 2: Remote Desktop / Azure / Citrix

Best for: VDI environments, thin clients, and remote desktop scenarios

• Install SteadyMouse on LOCAL Windows PC (where user physically sits)
• Use Remote Desktop, Azure Virtual Desktop, or Citrix to access remote systems
• Result: Assistive technology runs locally, filtered mouse input is sent to remote system
• Note: Do NOT install on the remote/virtual machine — SteadyMouse automatically disables if it detects it's running in a remote session

Option 3: Standard Installation with Limited Internet

Best for: Environments allowing occasional internet access

1. Install with admin rights
2. Allow one-time activation via HTTPS (port 443)
3. Optionally allow semi-annual update checks
4. Otherwise normal operation

Installation Testing

Request an evaluation license for:

• Security analysis and penetration testing
• Packaging and deployment testing
• Integration testing with existing security tools
• Validation of firewall configurations

Installer Format & Code Signing

Installer Type: InnoSetup executable (not MSI)

Important — Installer Must Match License Edition:
SteadyMouse 2 and SteadyMouse X are separate products with separate installers. A SteadyMouse 2 product key will only activate the SteadyMouse 2 installer, and a SteadyMouse X product key will only activate the SteadyMouse X installer. The installers are not interchangeable. When packaging for enterprise deployment, verify that the installer edition matches the purchased license edition.

Code Signing:

• Dual signed with SHA1 and SHA256 algorithms
• Certificate: COMODO RSA EV Code Signing Certificate
• Issued to: "SteadyMouse, LLC"

Note: While not a native MSI installer, multiple organizations have successfully packaged SteadyMouse for silent installation via SCCM/Microsoft System Center Configuration Manager.

Silent Installation Commands

The installer supports standard InnoSetup command-line parameters:

# Completely silent installation (no UI)
SteadyMouseInstaller.exe /VERYSILENT /NORESTART

# Silent with UI visible
SteadyMouseInstaller.exe /SILENT /NORESTART

# Skip VC++ Runtime installation (if already present)
SteadyMouseInstaller.exe /VERYSILENT /SKIP_VCRUNTIME=true

# Control startup and desktop icon tasks
SteadyMouseInstaller.exe /VERYSILENT /TASKS="desktopicon,!startup_justme"

# Combination example for enterprise deployment
SteadyMouseInstaller.exe /VERYSILENT /NORESTART /SKIP_VCRUNTIME=true /TASKS="!desktopicon,!startup_justme"

Available Tasks:

• desktopicon - Create desktop shortcut
• startup_justme - Launch at Windows startup for current user
• Prefix with ! to deselect (e.g., !desktopicon)

Full InnoSetup Documentation: Command Line Parameters

Product Key Preloading

IT departments can preload the product key before user's first launch using two methods:

Method 1: Installer Filename (Recommended)

Append the product key to the installer filename in brackets:

SteadyMouseSetup[XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX].exe

Note: Installers downloaded from steadymouse.com/downloads are automatically named this way when using a product key to access the download.

Method 2: Post-Install Command

Run this command after installation to store the product key:

SteadyMouse.exe --set_product_key=XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX --basic_update_and_quit

Key Requirements (both methods):

• Must be in standard format: XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX
• Does NOT trigger activation, only stores the key for easier activation later
• User will still need to complete activation on first launch

Typical SCCM Deployment Sequence:

1. Download installer with key embedded in filename from Downloads
2. Silent install: SteadyMouseSetup[XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX].exe /VERYSILENT /NORESTART
3. User activates via browser (manual activation method) on first launch

Multi-User Environments & Shared Machines

How Activation Works

Activation automatically configures for both per-user and per-machine use.

App Data Storage:

1. User-specific: C:\Users\<USERNAME>\AppData\Roaming\SteadyMouse\settings.xml
2. Machine-wide: C:\ProgramData\SteadyMouse\settings.xml
3. Read-only Machine-wide: C:\Program Files (x86)\SteadyMouse\defaults.xml

At startup, SteadyMouse loads activation data in layers:

1. defaults.xml loads first (read-only machine-wide defaults from Program Files)
2. settings.xml in ProgramData loads second (machine-wide settings)
3. settings.xml in user AppData loads third (user-specific overrides)

If valid activation confirmation code exists in any file, software is activated.

When a user activates SteadyMouse, the software automatically writes activation data to both user-specific and machine-wide locations, enabling all users on the PC to benefit from a single activation.

Troubleshooting & Debug Logs

Each user account has its own debug log:

C:\Users\<USERNAME>\AppData\Roaming\SteadyMouse\steadymouse.log

What it contains:

• Application startup and shutdown events
• Settings loading and errors
• Activation attempts and results
• Runtime errors and warnings

Access instructions: Manual - Debug Log

Validation Steps for IT Departments

1. Download installer: Access via product key at Downloads or from purchase receipt email
2. Verify code signature: Right-click installer → Properties → Digital Signatures. Confirm: "SteadyMouse, LLC" with COMODO RSA EV Certificate
3. Test silent installation: SteadyMouseInstaller.exe /VERYSILENT /NORESTART
4. Preload product key (optional): SteadyMouse.exe --set_product_key=XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX --basic_update_and_quit
5. Test activation: Launch application as test user, complete manual browser activation, verify activation in settings
6. Test multi-user activation (if applicable): Log in as second user account on same PC, launch SteadyMouse, verify activation is present
7. Configure firewall (if required): Block SteadyMouse.exe internet access, verify functionality remains intact

Activation Limits

Per Product Key: Maximum 30 successful activations to accommodate PC replacements and multiple machines.

Software Center / Self-Service Deployment

SteadyMouse can be made available in SCCM Software Center for user-initiated installation:

1. Package installer with silent installation flags
2. Optionally preload product key during deployment
3. Users install from Software Center at their convenience
4. Users complete manual browser activation on first launch
5. No admin rights required for activation step

Download Access for IT Testing

IT departments can access installers for testing using the product key:
https://www.steadymouse.com/downloads/

Select license type and enter product key to download installers for any version/platform testing.

Compatibility Notes

Gaming Support:

• Partial game compatibility — see Gaming page for details
• Used successfully for aim stabilization in some games (e.g., Overwatch)
• Software operates at user-space level, not kernel level
• No anti-cheat conflicts reported

Support Resources:

• Comprehensive troubleshooting resources available in manual and FAQ
• Direct developer support via email for deployment or compatibility concerns
• Debug logs provide detailed diagnostics for troubleshooting
• No reports of data loss, security vulnerabilities, or system instability

Assistive Technology Classification

SteadyMouse is purpose-built assistive technology designed from the ground up to accommodate users with hand tremor conditions.

Government Recognition

Department of Veterans Affairs - Technical Reference Model (TRM)

SteadyMouse is officially listed in the VA Technical Reference Model:

• Tool ID: 11407
• Vendor: Steady Mouse LLC
• Decision Date: June 16, 2025
• Decision Source: TRM Management Group
• Decision Process: One-VA TRM v25.6
• Public Reference: VA TRM Tool Page

This listing is publicly accessible and can be independently verified by IT departments and security teams.

Official VA TRM Description

SteadyMouse is accessibility software installed locally on a personal computer (PC) which enables users with Parkinson's disease and Essential Tremor to use a computer mouse. This technology both rejects tremor shaking motion before it reaches the cursor, and blocks accidental button clicks before unintended actions are caused. This technology provides controls allowing the user to configure these features to fit personal tremor characteristics. SteadyMouse is designed to work with all common mouse types.

This technology does not contain a database.

Technology/Standard Usage Requirements

Users must ensure their use of this technology/standard is consistent with VA policies and standards, including, but not limited to, VA Handbooks 6102 and 6500; VA Directives 6004, 6513, and 6517; and National Institute of Standards and Technology (NIST) standards, including Federal Information Processing Standards (FIPS). Users must ensure sensitive data is properly protected in compliance with all VA regulations.

Section 508 Compliance Status

Important Note: This technology has not been assessed by the Section 508 Office. The implementer of this technology has the responsibility to ensure the version deployed is 508-compliant. Section 508 compliance may be reviewed by the Section 508 Office and appropriate remedial action required if necessary. For additional information or assistance regarding Section 508, contact the Section 508 Office at Section508@va.gov.

Third-Party Expert Recognition

SteadyMouse has been recognized and featured by leading medical, accessibility, and assistive technology organizations:

Medical & Healthcare Organizations:

• Parkinson's UK - Featured in 2025 Tech Guide as recommended essential tremor aid
• Stanford Parkinson's Community Outreach - 2022 feature highlighting accessibility and cost-effectiveness for individuals with Parkinson's disease

Assistive Technology Centers:

• MonTECH (Montana Assistive Technology Program) - 2020 demonstration video showcasing real-time tremor reduction capabilities

Digital Health Recognition:

• Medical Futurist - 2024 reference among digital health tools for tremor management

ADA Accommodation Requests

When filing ADA accommodation requests, you may reference:

1. Company Registration: SteadyMouse, LLC is a registered vendor with sam.gov
2. VA Recognition: Listed in VA Technical Reference Model (Tool ID: 11407) — publicly verifiable at VA TRM
3. Purpose: Medical assistive technology for Essential Tremor, Parkinson's, MS
4. Security: Can operate in fully air-gapped mode after one-time activation
5. This document: Provides technical and security details for IT review

Supporting Documentation Available

Upon request, SteadyMouse, LLC can provide:

• Evaluation licenses for testing
• Direct correspondence with IT departments
• Technical clarification on any security concerns
• VirusTotal scan reports
• Release notes and version history

Contact for ADA Requests

• Email: admin-essential-tremor-filtering@steadymouse.com
• Subject: "ADA Accommodation - [Company Name]"
• Include: Any specific security questionnaires or requirements from your IT department

Data Collected

At Purchase (via Gumroad)

• Name, email, license type, purchase price, product key
• Timestamp, state, ZIP code
• Full details: Gumroad Privacy Policy

At Activation

• Software version
• License information and Product Key
• Anonymized computer identification number (hash)
• Windows OS version and preferred language

Transmitted via TLS 1.2+ encrypted connection.

During Operation

• Local debug log: Kept on user's computer, never transmitted unless user emails for support
• No telemetry: No usage tracking, analytics, or behavioral data collection
• No automatic reporting: Software does not "phone home" after activation

Data Storage & Retention

• Retention Period: Indefinitely unless deletion requested
• Deletion Requests: Honored upon request via email
• GDPR/CCPA: No formal GDPR compliance program, but data deletion requests are honored
• Storage Locations: Customer data on US soil (Google Workspace, Digital Ocean, Gumroad). Business email via Fastmail (Australian company, US-based servers).

Customer Communication

• Method: Email only
• Frequency: Purchase confirmation, optional update reminders
• Opt-out: Update reminders can be dismissed/skipped

Incident Handling

All aspects of incident response are managed directly by the founder, Benjamin Gottemoller. While there are no formalized written procedures, the response process includes:

1. Monitoring: Continuous monitoring for potential security issues
2. Assessment: Impact analysis of any identified issues
3. Containment: Prompt action to contain and resolve issues
4. Notification: Direct notification of affected parties if necessary
5. Transparency: Clear communication about incident nature and resolution

Breach Notification

In the event of a data breach:

• Customers notified via email after analysis
• Notification includes: data types affected, timing, circumstances
• Only users with confirmed data access are notified

Customer Communication Channel

• Primary link to users: Email
• Post-activation security: Software operates offline, making exploitation difficult
• Updates: Security updates bundled with regular dependency updates
• User protection: Standard users cannot modify installation without admin rights

Secure Development Environment

• Code storage: Encrypted repositories
• Version control: Git tracking of all changes
• Build environment: Clean Windows VM with only essential development tooling
• Dependencies: Carefully screened, limited to handful of major well-known libraries
• Code signing: All releases cryptographically signed
• Scanning: All releases uploaded to VirusTotal

Development Process

• Developer: Benjamin Gottemoller (sole developer)
• Education: UIUC Computer Engineering B.S., embedded firmware specialty
• Location: Princeville, Illinois, USA
• Testing: Manual testing every release and continuously during development
• Code review: Internal review process
• Quality assurance: Thousands of assertion checks and tests in codebase to prevent bad releases
• User feedback: Direct email feedback drives bug fixes

Release Management

• Release notes: Release Notes
• Update cadence: No fixed schedule, driven by features and bug fixes
• Security updates: Dependencies updated at each release, including security patches
• Version support: Current major version fully supported; older versions receive limited support

Code Integrity

• Repository security: Encrypted repos with strict access control
• Build verification: Compiled and signed in isolated clean environment
• Release verification: VirusTotal scan published for every release
• Publisher verification: Code signing proves authenticity and detects tampering

Company Details

SteadyMouse, LLC
10013 W. Legion Hall Rd.
Princeville, IL 61559
United States

Founded: 2005 (Incorporated 2016)
Jurisdiction: Illinois

Email Contacts

• Founder: ben-essential-tremor-filtering@steadymouse.com
• Support: support-essential-tremor-filtering@steadymouse.com
• Sales & Licensing: sales-essential-tremor-filtering@steadymouse.com
• Security Questions: dev-essential-tremor-filtering@steadymouse.com
• Bug Reports: bugs-essential-tremor-filtering@steadymouse.com

Online Resources

• Website: steadymouse.com
• Manual: User Manual
• FAQ: Frequently Asked Questions
• EULA: End User License Agreement
• Privacy Policy: Privacy Policy
• Service Status: Service Uptime Dashboard
• Reddit Community: /r/steadymouse

Social Media

• Twitter: @steadymouse
• Instagram: @steadymouse
• Facebook: SteadyMouse

Deployment Checklist for Locked-Down Environments

• Download installer from official website or purchase email
• Verify installer edition matches license edition (SteadyMouse 2 vs. SteadyMouse X)
• Scan installer with internal security tools
• Verify code signature
• Cross-reference VirusTotal report
• Test installation in isolated VM
• Configure firewall rules to block application internet access
• Perform manual browser activation (instructions)
• Verify functionality with firewall active
• Document configuration for deployment
• Deploy to end user system
• Provide user training on toggle key (Num Lock) and basic features