Trust & Verification
Proof-of-Human hiring.
Your data stays yours.
AI accelerates our dispatch. Humans own every decision. Candidates own their data. Employers get verified workers — not optimistic resumes. Here is the exact infrastructure that makes all of that true.
Platform controls
Eight signals. Every one verifiable.
PDPL-Aware Privacy Posture
Privacy controls are mapped against Jordan PDPL expectations, including consent tracking, data minimization, and documented ownership for processing activity reviews.
Data Residency
Candidate data stays in region. We do not move personal data across jurisdictions without explicit consent and a documented lawful basis.
Enterprise Auth via Clerk
SOC 2 Type II upstream authentication. WebAuthn passkeys, enforced MFA on operator surfaces, and short-lived JWTs that rotate on every refresh.
Rate Limiting & Bot Shield
Upstash Redis sliding-window counters across all public APIs. Arcjet bot detection and shield rules intercept automated probing at the edge before it reaches application logic.
Full Audit Trail
Every state transition — application received, stage change, interview scheduled, offer issued — is append-only and timestamped. Seven-year retention as standard.
Encrypted at Rest & in Transit
TLS 1.3 enforced in transit. AES-256 at rest via managed Neon Postgres. Secrets live in Railway environment layer only — zero plaintext in the repo.
Privacy-Ready Architecture
Lawful basis documented per processing activity. DSAR workflow live. Subprocessor registry published at /security/subprocessors for procurement review.
AI Disclosure Standards
Every AI-assisted decision is logged, disclosed to the candidate, and overridable by a human reviewer. No autonomous accept or reject without a human in the loop.
Production Claude usage — receipts
Six months of paid usage. Accelerating.
We do not evaluate Claude. We run production workloads on it. 17 paid receipts, USD 1,076+ over 6 months, accelerating 2.4x March to April. Here is the ledger.
| Month | Spend (USD) | Notes |
|---|---|---|
November 2025 | USD 213 | Max plan 20x — first subscription |
January 2026 | USD 20 | Claude Pro |
February 2026 | USD 88 | Six prepaid usage top-ups |
March 2026 | USD 220 | Upgraded back to Max 20x plus top-up |
April 2026 (MTD) | USD 535 | Seven receipts, on pace for 1,000+ |
- Max 20x plan active — paid monthly subscription, not credits.
- Multiple payment methods on file — real billing ownership.
- Subscription restored within hours when it lapsed — operations depend on it.
Claude-powered workflow evidence is documented internally; no final public partner status is asserted here.
Data handling
What we collect, why, and who sees it.
What we collect
Name, contact details, work history, credentials, and skills provided directly by the applicant. Nothing inferred from third-party data brokers.
Why we collect it
To match qualified field-service technicians with verified open work orders. No secondary use for advertising, profiling, or resale.
Who sees it
Only employers with an active, verified work order relevant to the candidate's skills and geography. Access is scoped and logged.
How long we keep it
Active profiles retained while the candidate is in-platform. Inactive profiles purged on request or after 24 months of inactivity, whichever comes first.
Your rights
Access, correction, deletion, and portability on request. Email privacy@steadywrk.app with subject "DSAR" and we respond within 72 hours.
Verification pipeline
Four steps. Every worker. No exceptions.
01
Identity Check
Government-issued ID verified against applicant-provided details. Liveness detection confirms the person submitting is the document holder.
02
Credential Audit
Trade licenses, certifications, and union cards checked against issuing authority records. Expiry dates tracked and surfaced to dispatchers in real time.
03
Skills Assessment
Structured competency review against industry-standard trade classifications. Results scored and stored against the applicant record — never inferred from CV text alone.
04
Background Review
Criminal history and employment verification through a vetted third-party provider. Results disclosed to the applicant before any employer-facing decision is made.
Need the full technical spec? See the verification pipeline →
Built different
How we compare.
Traditional platforms optimize for volume. We optimize for trust. Here is what that difference looks like in practice.
| Feature | STEADYWRK | Traditional platforms |
|---|---|---|
Worker Verification Multi-layer identity, credential, and background check before first dispatch | 4-step pipeline, every worker, no exceptions | Self-reported or spot-checked on complaint |
Credential Tracking Trade licenses and certifications checked against issuing authority records | Real-time expiry alerts, issuer-verified | Document upload only — not verified |
Data Ownership Who controls the applicant and employer data | Client owns their data. No resale. No cross-profiling. | Platform retains full rights to aggregate and monetize |
Audit Trail Append-only log of every decision, stage change, and dispatch event | Seven-year retention, full state-transition log | Activity log with limited retention and export |
AI Disclosure Transparency on where AI makes or influences decisions | Every AI action logged, disclosed, and human-overridable | Algorithmic scoring with no disclosure obligation |
Compliance Posture Regulatory frameworks in scope | PDPL-aware privacy posture, TCPA, A2P 10DLC, EU AI Act awareness | Varies — typically US-only frameworks |
Enterprise Auth Authentication standards for operator surfaces | SOC 2 Type II upstream, WebAuthn passkeys, enforced MFA | Username/password with optional 2FA |
Pricing Transparency Visibility into fees and markups | No hidden markups. Published rate structure. | Broker spread on every placement — often undisclosed |
See it in action.
15 minutes. A live work order. Verified technician dispatched. No slides.