Trust & security / What we store and what we don't

Built to be reviewed, not just trusted.

Every scope, timesheet, screen capture, approval, and payout is logged and reviewable. Card and bank details never touch our servers. Below is exactly what we do, what we don't, and how we handle the edge cases.

Provider-hosted card setup
Provider-hosted payouts
Audit-logged decisions
Unlimited free replacements
01Data handling

What we store, where, and for how long.

No surprises about what lives on our servers. Sensitive payment and identity material stays with the regulated providers that own it.

We store
  • Account, profile, and onboarding state for clients and contractors.
  • Role scopes, applications, candidate decisions, and audit trails.
  • Tracked work-time, weekly timesheets, evidence references, approvals, and weekly reports.
  • Wallet balances and ledger entries for earned-work amounts in transit through Anastasis.
  • Notifications, support tickets, and dispute records.
We don't store
  • Raw card numbers, CVV, or full PAN. Card setup is hosted by our PCI-compliant payments provider; we keep brand, last4, and readiness status only.
  • Contractor bank account numbers, CLABE, SWIFT, or IBAN. External withdrawals live with our payout provider; Anastasis only stores the connection state.
  • Government-ID images outside the verification provider's enclave. Identity documents are uploaded directly to the provider's hosted flow.
  • Personal device contents, file system access, or keystrokes. The desktop tracker captures application focus and periodic activity captures only.
Where it lives
  • Application data: encrypted-at-rest in our managed database, accessed only through audited endpoints.
  • Screen captures: short-lived signed-URL reads, 15-minute expiry, never embedded directly in the page.
  • Card data: our payments provider (PCI DSS Level 1).
  • Contractor bank/FX/cards: our payout provider (regulated money-movement provider).
Retention
  • Active engagements: data retained for the life of the engagement plus seven years for tax and audit obligations.
  • Closed engagements: profile, timesheets, and audit trails retained per contract; activity captures pruned after 90 days unless a dispute is open.
  • Deletion requests: client and contractor data can be redacted on request, subject to legal retention requirements.
02Time tracking & screen activity

What the desktop tracker captures — and what it never does.

Built so contractors can sign on without giving up the rest of their machine, and so clients can verify work without a privacy panic from the operator's side.

Captures
  • Active application name and rough category (browser, code editor, email, etc.).
  • Periodic screen activity captures during a tracked session, attached to the timesheet for client review.
  • Idle / break detection so non-work time isn't billed.
Never captures
  • Keystrokes or page contents.
  • Microphone, webcam, or location.
  • Anything when the tracker is paused or stopped.
  • Personal browser windows or applications outside the tracked session.

Screen activity captures are evidence for the weekly timesheet review, not surveillance. They are visible to the named client approver during the review window and to Anastasis support if a dispute is opened, then archived per the retention policy above.

03Billing & payouts

Money moves on a documented cadence, not on a vibe.

The weekly cycle is the same for every client and every operator. Approval cutoff Monday. Charge Tuesday. Payout target Friday for funded, approved hours.

Sunday end-of-week

Contractor submits

Auto-built timesheet from tracked work plus any explained adjustments. Status moves DRAFT → PENDING.

Monday 11:59 PM client TZ

Client approves

Named approver reviews each row, evidence, and notes. Anything not declined or disputed by the deadline auto-approves.

Tuesday

Client charged

Our payments provider runs the weekly charge against the client's card on file. Anastasis sees the result, never the card number itself.

Friday target

Contractor paid

Approved net (gross minus the 15% platform fee) is sent to the contractor's connected payout account. The payout provider owns downstream bank withdrawal, cards, and FX.

Pricing
  • Free for companies. No retainer, no placement fee, no platform subscription.
  • 15% from contractor earnings. Disclosed before application, surfaced in every payout statement.
  • No upcharge on tools. Time tracking, screenshot activity, admin portal, and weekly reports are included.
Failed charges
  • If the Tuesday charge fails, the client receives an immediate failure notification and the role's publish gate re-locks until the card is updated.
  • Contractor payouts already in transit settle normally; the next cycle is paused until billing recovers.
  • No penalty fees on either side — the system pauses, it doesn't punish.
04Disputes & replacements

Documented record, not he-said-she-said.

Every scope, timesheet, approval, and report is audit-logged. If a dispute opens, it's adjudicated against the record. Most resolve in under 48 hours.

Timesheet disputes

If a client declines a row or asks for adjustment, the contractor sees the reason and can revise. Anastasis support is included in any thread the client or contractor escalates. Funds in transit hold until resolution.

Client walkthrough →

Contractor walkthrough →

Replacement guarantee

If an operator isn't a fit — ever, not just in the first 30 days — we rematch at no cost. No capped window, no placement fee, no "credit" games. The previous engagement closes cleanly with the documented record intact.

05Who can see what

Role-scoped access, end-to-end.

No "admin sees everything" buckets. Each role on the platform sees only what its job requires.

Client

The candidates applying to your roles, their packets, your own engagements, your timesheets and approvals queue, your billing status. No view into other clients' data, no view into a contractor's other engagements.

Contractor

Your own profile, applications, engagements, timesheets, evidence, payouts, and notifications. No view into other contractors' applications or rates, no view into a client's other operators.

Anastasis admin

The minimum needed to run vetting, dispute adjudication, and payout reconciliation. Every admin action is audit-logged and surfaced in the affected user's activity history.

Anything else worth putting in writing?

Ask. We'll add it here.

If a security, data-handling, or process question matters to your decision and isn't covered above, send it over — we'll either answer in the next call or document it on this page.

Talk to us → Read the FAQ first