Enterprise & ADA Documentation

SteadyMouse is assistive technology software designed to help users with Essential Tremor, Parkinson's disease, and Multiple Sclerosis use a computer mouse effectively. This document provides security, compliance, and deployment information for enterprise IT departments and organizations processing ADA (Americans with Disabilities Act) accommodation requests.

Key Points for Security Review

• Currently operates in user space via Windows API (no driver installation required)
• One-time online activation required (can be done via browser for air-gapped systems)
• Operates 100% offline after activation with no feature limitations
• Can be fully firewalled with no loss of functionality
• Registered vendor with sam.gov and VA TRM (Tool ID: 11407)
• SCCM/silent installation supported with product key preloading
• Code signed releases (dual SHA1/SHA256) with cryptographic verification
• Regular VirusTotal scanning of all releases

Question	Answer
Does it require admin rights?	Only for installation. Runs with user rights afterward.
Does it use a driver?	No. Uses standard user mode Windows API calls.
Can it run fully offline?	Yes. 100% offline after one-time activation.
Can it be firewalled?	Yes. Use manual browser activation method. No feature loss.
What data is collected?	License info, OS version, anonymized computer ID at activation only.
Does it phone home?	Only during activation and optional update checks. Can be blocked.
PCI-DSS compliance?	Payment processors (Gumroad/QuickBooks) handle all card data.
Where is data stored?	US soil only (Google Workspace, Digital Ocean, Gumroad).
AI components?	No.
Open source?	No. Proprietary closed source.
Code signing?	Yes. All releases are cryptographically signed.
Virus scanning?	Yes. All releases published to VirusTotal.
Known conflicts?	Minimal. Auto-disables in remote desktop sessions. Only supports some games.
Commercial use allowed?	Yes. Same pricing as personal use.
Evaluation available?	Yes. Full unrestricted license on honor system.
VA TRM listed?	Yes. Tool ID 11407, approved via One-VA TRM v25.6.
Section 508 compliant?	Not assessed by Section 508 Office. Implementer responsible for verification.
Contains database?	No.
SCCM supported?	Yes. InnoSetup installer with silent install flags.
Installer format?	InnoSetup executable (not MSI). Supports /VERYSILENT /NORESTART flags.
Product key preloading?	Yes. Use --set_product_key command-line parameter.
Debug logs available?	Yes. Per-user logs in AppData\Roaming\SteadyMouse\steadymouse.log.

Registration & Certifications

Government Registration:

• Registered entity with sam.gov
• Listed in VA Technical Reference Model (TRM): Tool ID 11407

Payment Processing:
SteadyMouse, LLC does NOT process, store, or transmit cardholder data. All payment processing is handled by PCI-DSS compliant third parties:

• Primary: Gumroad (Privacy Policy)
• Purchase Orders/Invoicing: Intuit QuickBooks

Security Scanning

All releases are scanned and published to VirusTotal. Example reports:

• Installer Scan Report 1
• Installer Scan Report 2

Code Signing

All releases are cryptographically signed to:

• Verify publisher authenticity
• Detect any post-release modification
• Prevent tampering

No AI Components

The software does NOT incorporate any AI (Artificial Intelligence) components.

How It Works

• No Driver Required: Operates entirely in user space via Microsoft Windows API
• Admin Rights: Required only for installation to C:\Program Files (x86)\SteadyMouse
• Runtime Privileges: Runs with standard user rights after installation
• Core Mechanism: Uses Windows OS Mouse APIs (above driver layer) to intercept mouse data stream
• Language: Written in C++ for efficiency and minimal resource usage

External Dependencies

The Windows desktop application makes calls to:

• steadymouse.com API: One-time license activation, optional update checks
• No other external APIs during normal operation

Server infrastructure uses:

• Gumroad APIs: Payment processing
• Google Workspace APIs: Business operations

Data Storage

Local (Development & Backup): Encrypted storage only for development, testing, and backup purposes.

Cloud Services:

• Digital Ocean (NYC3 and SFO3 regions)
• Google Workspace (2FA enabled, name-based access)
• Fastmail
• Gumroad

All production servers run recent Ubuntu LTS with daily security updates.

Operating Systems

• Windows 11, 10, 8.1, 8, 7, Vista, XP (SP3)
• Windows Server 2016, 2012
• Both 64-bit and 32-bit architectures supported

Hardware Compatibility

Works with all standard mouse types:

• Wired USB mice
• Wireless/Bluetooth mice
• Trackpads
• Trackballs (e.g., Contour RollerMouse)
• Pointing sticks
• Wacom tablets (experimental)

Virtual Environments

• Works in Parallels and VMWare Fusion with minor configuration adjustments
• Remote Desktop: Operates on the LOCAL Windows client, automatically disables if installed on the remote session

Connectivity Summary

Required for activation only. 100% offline operation after activation.

Network Details

• Protocol: HTTPS
• Port: 443
• Endpoint: steadymouse.com and auth.steadymouse.com API server
• TLS Version: TLS 1.2+

Activation Methods

Option 1: Standard Activation (Internet Required)

One-time connection to activation servers during first launch.

Data exchanged during activation:

• Software version
• License information and Product Key
• Anonymized computer identification number (hash)
• Windows OS version and preferred language

Reference: Manual - Simple Activation

Option 2: Manual Browser Activation (Air-Gapped Systems)

For fully firewalled or air-gapped environments:

1. User accesses steadymouse.com from any device with internet
2. Enters product key via browser
3. Receives confirmation code
4. Enters code into offline installation

No feature limitations with this method.
Reference: Manual - Manual Activation

Update Checks (Optional)

• Every 6 months, software reminds user to optionally check for updates
• User can easily skip this check
• If firewalled, updates can be downloaded manually from website

Firewall Recommendation

For maximum security: Firewall the application completely after activation. This ensures zero internet communication while maintaining full functionality.

Commercial & Workplace Use

Commercial use is permitted using the same license tiers as personal use. The EULA is flexible to accommodate workplace deployments.

License Tiers

License Type	Price	Description
SteadyMouse 2	$43 USD	Current version (2.x) and all minor updates. Does not include major upgrades (3.0+).
SteadyMouse X	$127 USD	Lifetime access to all future major and minor versions.

Installation Rights

Each license permits:

• Installation on multiple computers for a given user: Details
• Use by purchaser, employees, subsidiary staff, or IT consultants performing internal business functions
• Both "multiple computers per person" and "multiple users per computer" scenarios

Volume Purchasing

• Purchase Orders: Accepted for orders of 5+ licenses
• Invoicing: Available via Intuit QuickBooks
• Payment: Electronic funds transfer (USD)

ADA Accommodation Pricing

Pricing is the same for workplace/ADA accommodation use as for personal use.

EULA Reference

Full licensing terms: EULA

Support Channels

• Primary: Email (support@steadymouse.com)
• Phone: Not available
• Self-Service: Comprehensive manual, FAQ, and Reddit community

Response Time

• Typical response: 1 business day
• Priority: All users receive equal access to support
• Volume licenses: Higher priority during high-traffic periods

Evaluation Licenses

• Type: Full, unrestricted licenses
• Duration: Honor system
• Purpose: IT testing, analysis, packaging, security review
• Request: Contact sales@steadymouse.com

Money-Back Guarantee

• Duration: 70 days from purchase
• Process: Simple refund via email request
• Reminder: Automated email sent at day 25

Option 1: Fully Firewalled Installation

Best for: High-security environments with strict data protection requirements

1. Download installer from steadymouse.com
2. Transfer installer to target system (USB, internal network, etc.)
3. Install with admin rights
4. Configure firewall to block all steadymouse.exe internet access
5. Activate using manual browser method
6. Result: Zero application internet communication after one-time browser activation, full functionality

Option 2: Remote Desktop Isolation

Best for: Environments requiring additional layers of isolation

• Install SteadyMouse on LOCAL Windows PC (where user physically sits)
• Use Windows Remote Desktop to access remote PC with sensitive data
• Result: Assistive technology runs locally, only mouse/keyboard inputs pass to remote device
• Behavior: SteadyMouse automatically disables when focus is on remote desktop session

Option 3: Standard Installation with Limited Internet

Best for: Environments allowing occasional internet access

1. Install with admin rights
2. Allow one-time activation via HTTPS (port 443)
3. Optionally allow semi-annual update checks
4. Otherwise normal operation

Installation Testing

Request an evaluation license for:

• Security analysis and penetration testing
• Packaging and deployment testing
• Integration testing with existing security tools
• Validation of firewall configurations

Installer Format & Code Signing

Installer Type: InnoSetup executable (not MSI)

Code Signing:

• Dual signed with SHA1 and SHA256 algorithms
• Certificate: COMODO RSA EV Code Signing Certificate
• Issued to: "SteadyMouse, LLC"

Note: While not a native MSI installer, multiple organizations have successfully packaged SteadyMouse for silent installation via SCCM/Microsoft System Center Configuration Manager.

Silent Installation Commands

The installer supports standard InnoSetup command-line parameters:

# Completely silent installation (no UI)
SteadyMouseInstaller.exe /VERYSILENT /NORESTART

# Silent with UI visible
SteadyMouseInstaller.exe /SILENT /NORESTART

# Skip VC++ Runtime installation (if already present)
SteadyMouseInstaller.exe /VERYSILENT /SKIP_VCRUNTIME=true

# Control startup and desktop icon tasks
SteadyMouseInstaller.exe /VERYSILENT /TASKS="desktopicon,!startup_justme"

# Combination example for enterprise deployment
SteadyMouseInstaller.exe /VERYSILENT /NORESTART /SKIP_VCRUNTIME=true /TASKS="!desktopicon,!startup_justme"

Available Tasks:

• desktopicon - Create desktop shortcut
• startup_justme - Launch at Windows startup for current user
• Prefix with ! to deselect (e.g., !desktopicon)

Full InnoSetup Documentation: Command Line Parameters

Product Key Preloading

IT departments can preload the product key before user's first launch:

# Preload product key for user
SteadyMouse.exe --set_product_key=XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX --basic_update_and_quit

Key Requirements:

• Must be in standard format: XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX
• Does NOT trigger activation, only stores the key for easier activation later
• User will still need to complete activation on first launch

Typical SCCM Deployment Sequence:

1. Silent install: SteadyMouseInstaller.exe /VERYSILENT /NORESTART
2. Preload key: SteadyMouse.exe --set_product_key=XXXX-XXXX-XXXX-XXXX --basic_update_and_quit
3. User activates via browser (manual activation method) on first launch

Multi-User Environments & Shared Machines

How Activation Works

Activation automatically configures for both per-user and per-machine use.

App Data Storage:

1. User-specific: C:\Users\<USERNAME>\AppData\Roaming\SteadyMouse\settings.xml
2. Machine-wide: C:\ProgramData\SteadyMouse\settings.xml
3. Read-only Machine-wide: C:\Program Files (x86)\SteadyMouse\defaults.xml

At startup, SteadyMouse loads activation data in layers:

1. defaults.xml loads first (read-only machine-wide defaults from Program Files)
2. settings.xml in ProgramData loads second (machine-wide settings)
3. settings.xml in user AppData loads third (user-specific overrides)

If valid activation confirmation code exists in any file, software is activated.

When a user activates SteadyMouse, the software automatically writes activation data to both user-specific and machine-wide locations, enabling all users on the PC to benefit from a single activation.

Troubleshooting & Debug Logs

Each user account has its own debug log:

C:\Users\<USERNAME>\AppData\Roaming\SteadyMouse\steadymouse.log

What it contains:

• Application startup and shutdown events
• Settings loading and errors
• Activation attempts and results
• Runtime errors and warnings

Access instructions: Manual - Debug Log

Validation Steps for IT Departments

1. Download installer: Access via product key at Downloads or from purchase receipt email
2. Verify code signature: Right-click installer → Properties → Digital Signatures. Confirm: "SteadyMouse, LLC" with COMODO RSA EV Certificate
3. Test silent installation: SteadyMouseInstaller.exe /VERYSILENT /NORESTART
4. Preload product key (optional): SteadyMouse.exe --set_product_key=XXXX-XXXX-XXXX-XXXX --basic_update_and_quit
5. Test activation: Launch application as test user, complete manual browser activation, verify activation in settings
6. Test multi-user activation (if applicable): Log in as second user account on same PC, launch SteadyMouse, verify activation is present
7. Configure firewall (if required): Block SteadyMouse.exe internet access, verify functionality remains intact

Activation Limits

Per Product Key: Maximum 30 successful activations to accommodate PC replacements and multiple machines.

Assistive Technology Classification

SteadyMouse is purpose-built assistive technology designed from the ground up to accommodate users with hand tremor conditions.

Government Recognition

Department of Veterans Affairs - Technical Reference Model (TRM)

SteadyMouse is officially listed in the VA Technical Reference Model:

• Tool ID: 11407
• Vendor: Steady Mouse LLC
• Decision Date: June 16, 2025
• Decision Source: TRM Management Group
• Decision Process: One-VA TRM v25.6
• Public Reference: VA TRM Tool Page

This listing is publicly accessible and can be independently verified by IT departments and security teams.

Official VA TRM Description

SteadyMouse is accessibility software installed locally on a personal computer (PC) which enables users with Parkinson's disease and Essential Tremor to use a computer mouse. This technology both rejects tremor shaking motion before it reaches the cursor, and blocks accidental button clicks before unintended actions are caused. This technology provides controls allowing the user to configure these features to fit personal tremor characteristics. SteadyMouse is designed to work with all common mouse types.

This technology does not contain a database.

Technology/Standard Usage Requirements

Users must ensure their use of this technology/standard is consistent with VA policies and standards, including, but not limited to, VA Handbooks 6102 and 6500; VA Directives 6004, 6513, and 6517; and National Institute of Standards and Technology (NIST) standards, including Federal Information Processing Standards (FIPS). Users must ensure sensitive data is properly protected in compliance with all VA regulations.

Section 508 Compliance Status

Important Note: This technology has not been assessed by the Section 508 Office. The implementer of this technology has the responsibility to ensure the version deployed is 508-compliant. Section 508 compliance may be reviewed by the Section 508 Office and appropriate remedial action required if necessary. For additional information or assistance regarding Section 508, contact the Section 508 Office at Section508@va.gov.

Third-Party Expert Recognition

SteadyMouse has been recognized and featured by leading medical, accessibility, and assistive technology organizations:

Medical & Healthcare Organizations:

• Parkinson's UK - Featured in 2025 Tech Guide as recommended essential tremor aid
• Stanford Parkinson's Community Outreach - 2022 feature highlighting accessibility and cost-effectiveness for individuals with Parkinson's disease

Assistive Technology Centers:

• MonTECH (Montana Assistive Technology Program) - 2020 demonstration video showcasing real-time tremor reduction capabilities

Digital Health Recognition:

• Medical Futurist - 2024 reference among digital health tools for tremor management

ADA Accommodation Requests

When filing ADA accommodation requests, you may reference:

1. Company Registration: SteadyMouse, LLC is a registered vendor with sam.gov
2. VA Recognition: Listed in VA Technical Reference Model (Tool ID: 11407) — publicly verifiable at VA TRM
3. Purpose: Medical assistive technology for Essential Tremor, Parkinson's, MS
4. Security: Can operate in fully air-gapped mode after one-time activation
5. This document: Provides technical and security details for IT review

Supporting Documentation Available

Upon request, SteadyMouse, LLC can provide:

• Evaluation licenses for testing
• Direct correspondence with IT departments
• Technical clarification on any security concerns
• VirusTotal scan reports
• Release notes and version history

Contact for ADA Requests

• Email: admin@steadymouse.com
• Subject: "ADA Accommodation - [Company Name]"
• Include: Any specific security questionnaires or requirements from your IT department

Data Collected

At Purchase (via Gumroad)

• Name, email, license type, purchase price, product key
• Timestamp, state, ZIP code
• Full details: Gumroad Privacy Policy

At Activation

• Software version
• License information and Product Key
• Anonymized computer identification number (hash)
• Windows OS version and preferred language

Transmitted via TLS 1.2+ encrypted connection.

During Operation

• Local debug log: Kept on user's computer, never transmitted unless user emails for support
• No telemetry: No usage tracking, analytics, or behavioral data collection
• No automatic reporting: Software does not "phone home" after activation

Data Storage & Retention

• Retention Period: Indefinitely unless deletion requested
• Deletion Requests: Honored upon request via email
• GDPR/CCPA: No formal GDPR compliance program, but data deletion requests are honored
• Storage Locations: All data stored on US soil (Google Workspace, Digital Ocean, Gumroad)

Customer Communication

• Method: Email only
• Frequency: Purchase confirmation, optional update reminders
• Opt-out: Update reminders can be dismissed/skipped

Incident Handling

All aspects of incident response are managed directly by the founder, Benjamin Gottemoller. While there are no formalized written procedures, the response process includes:

1. Monitoring: Continuous monitoring for potential security issues
2. Assessment: Impact analysis of any identified issues
3. Containment: Prompt action to contain and resolve issues
4. Notification: Direct notification of affected parties if necessary
5. Transparency: Clear communication about incident nature and resolution

Breach Notification

In the event of a data breach:

• Customers notified via email after analysis
• Notification includes: data types affected, timing, circumstances
• Only users with confirmed data access are notified

Customer Communication Channel

• Primary link to users: Email
• Post-activation security: Software operates offline, making exploitation difficult
• Updates: Security updates bundled with regular dependency updates
• User protection: Standard users cannot modify installation without admin rights

Secure Development Environment

• Code storage: Encrypted repositories
• Version control: Git tracking of all changes
• Build environment: Clean Windows VM with only essential development tooling
• Dependencies: Carefully screened, limited to handful of major well-known libraries
• Code signing: All releases cryptographically signed
• Scanning: All releases uploaded to VirusTotal

Development Process

• Developer: Benjamin Gottemoller (sole developer)
• Education: UIUC Computer Engineering B.S., embedded firmware specialty
• Location: Princeville, Illinois, USA
• Testing: Manual testing every release and continuously during development
• Code review: Internal review process
• Quality assurance: Thousands of assertion checks and tests in codebase to prevent bad releases
• User feedback: Direct email feedback drives bug fixes

Release Management

• Release notes: Release Notes
• Update cadence: No fixed schedule, driven by features and bug fixes
• Security updates: Dependencies updated at each release, including security patches
• Version support: Current major version fully supported; older versions receive limited support

Code Integrity

• Repository security: Encrypted repos with strict access control
• Build verification: Compiled and signed in isolated clean environment
• Release verification: VirusTotal scan published for every release
• Publisher verification: Code signing proves authenticity and detects tampering

Company Details

SteadyMouse, LLC
10013 W. Legion Hall Rd.
Princeville, IL 61559
United States

Founded: 2005 (Incorporated 2016)
Jurisdiction: Illinois

Email Contacts

• Founder: ben@steadymouse.com
• Support: support@steadymouse.com
• Sales & Licensing: sales@steadymouse.com
• Security Questions: dev@steadymouse.com
• Bug Reports: bugs@steadymouse.com

Online Resources

• Website: steadymouse.com
• Manual: User Manual
• FAQ: Frequently Asked Questions
• EULA: End User License Agreement
• Reddit Community: /r/steadymouse

Social Media

• Twitter: @steadymouse
• Instagram: @steadymouse
• Facebook: SteadyMouse

Deployment Checklist for Locked-Down Environments

• Download installer from official website or purchase email
• Scan installer with internal security tools
• Verify code signature
• Cross-reference VirusTotal report
• Test installation in isolated VM
• Configure firewall rules to block application internet access
• Perform manual browser activation (instructions)
• Verify functionality with firewall active
• Document configuration for deployment
• Deploy to end user system
• Provide user training on toggle key (Num Lock) and basic features