Do not rely on Habitable for a real legal matter yet. Independent security and cryptography review, housing-law review, a real partner evaluation, recorded human screen-reader testing, and signed native distribution remain open.

Integrity is narrower than truth

Technical checks can support

  • whether packaged files match their recorded SHA-256 hashes;
  • whether the bundle signature validates against the included public identity;
  • whether supported timestamp-token signatures and message imprints validate;
  • whether the custody log is internally consistent and references known records.

They do not establish

  • what a capture depicts, where it was made, or whether it is complete;
  • who controlled a signing key or whether that person had authority;
  • that a timestamp authority is trusted by a particular recipient;
  • the accuracy, legal significance, or outcome of any housing claim.

Implemented and test-gated in the repository

  • Local encrypted vault storage; the static public site does not host case data.
  • Original capture preservation, content hashing, custody events, and signed bundles.
  • RFC 3161 timestamp support, including an explicit awaiting-timestamp state.
  • A whole-unit export boundary and a packet disclosure statement covering optional originals and metadata handling.
  • HTML designed for accessibility and covered by automated browser checks, a print-oriented PDF, a machine-readable bundle, and a separate verifier.
  • English and Spanish app interfaces with automated structural and browser accessibility checks.

These are implementation statements, not assurances about a particular device, operator, transfer, authority, recipient, or legal forum. Review the current automated test runs and source rather than relying on this summary alone.

Open gates before real-data use

  • Independent security and cryptography review. The project publishes a threat model and tests, but no independent assessment has been completed.
  • Housing-law and recipient-workflow review. No project statement determines how a court, agency, legal-aid program, union, or inspector should treat a packet.
  • Real partner evaluation. No tenant union, legal-aid organization, or government agency outcome is claimed. The current sample and tests use synthetic data.
  • Human accessibility validation. Automated axe, keyboard, structure, and localization checks exist; recorded human NVDA, VoiceOver, cognitive, and field-use results remain open.
  • Signed distribution and update operations. The Python workflow is intended for technical evaluation. Consumer-grade signed native packages and a supported update channel are not available.

Threats the tool cannot remove

  • A compromised or unlocked device can expose data before or after encryption.
  • A weak, reused, shared, lost, or coerced passphrase can defeat the intended access boundary.
  • Operators can enter inaccurate descriptions, omit events, misidentify sources, or capture misleading context.
  • Recipients can copy, redistribute, screenshot, or retain an export beyond the sender’s control.
  • File names, transfer timing, backups, printer queues, and external tools can reveal metadata outside the vault.
  • Local-only software does not eliminate retaliation, surveillance, coercion, subpoena, discovery, or physical-safety risks.

Read the detailed threat model, security policy, and legal boundaries.

Public-site and disclosure boundaries

The GitHub Pages site is static. It provides documentation and synthetic artifacts; it has no form for collecting evidence. GitHub itself records ordinary request data under its own policies when someone visits the site or repository.

Never publish a case to get support. GitHub issues, discussions, pull requests, and repository files are public. Do not submit tenant names, addresses, photos, messages, allegations, keys, evidence, packet files, or case details.

The review hub routes non-sensitive technical feedback to public tasks or Discussions, organization interest to a private no-case-data contact, and vulnerabilities to private reporting. None is an evidence-transfer channel.

Within the app, a deliberate export can still disclose sensitive material. Review the entire whole-unit packet and its disclosure statement, including whether sealed originals are embedded and how metadata is handled. If the whole-unit scope is too broad, do not export: issue/date selection is currently blocked. Choose a safe transfer channel and assume every recipient can make additional copies.

A responsible evaluation sequence

  1. Read the method and threat model. Confirm that the claimed protections address the risks you actually face.
  2. Use a fictional scenario. Do not import or adapt a real tenant’s details, even if names are changed.
  3. Test disclosure and transfer. Look for unintended copies, metadata, confusing status language, and recipient misunderstanding.
  4. Bring independent reviewers. Security, cryptography, accessibility, organizing, inspection, and legal expertise answer different questions.
  5. Record a stop decision. If a gate is not met, remain on synthetic data. A feature demonstration is not evidence that the operational system is safe.