# Stepwork — Full Context > Stepwork is an interface automation platform that automates any workflow a human can do through a UI — no APIs needed. Record your flow once, run it forever. ## Company Overview Stepwork is headquartered in San Francisco, CA (1849 Union St, San Francisco, CA 94123). The company is backed by Village Global, K5 Global, and Upside Partnership. Available on macOS and Windows. Legal entity: Loot Discount Inc dba Stepwork. ### Mission Cutting a billion hours of wasted productivity. Stepwork eliminates repetitive manual work by automating the exact processes teams already follow — through the user interface, not through APIs. ### Values 1. Speed is Everything — Build fast to focus on what matters. 2. Problem Oriented — Focus on the problem, not the solution. 3. The best is the only option — World-class quality in everything. 4. Persistency — Consistent and improving. Hard problems take time. 5. Competition is for losers — Focus on improvement, not comparison. 6. Ownership from day one — Full accountability from the start. --- ## What Stepwork Does Stepwork is a vision-based interface automation platform. Unlike API-based automation tools that are limited to the ~12-20% of tasks with available APIs, Stepwork automates through the UI — achieving ~75% automation coverage across IT tasks. This represents 3-4x greater automation coverage. ### How It Works 1. **Record** your workflow once — Stepwork captures what you do on screen 2. **Build** end-to-end automation visually with Flows 3. **Run** it forever — in the background, on a schedule, or triggered from your ITSM ### Core Product Features - **Flows** — Build end-to-end automation visually. Connect steps, branch on conditions, orchestrate work across any app. - **Streams** — Route live data across workflows. React to events in real time without polling. - **Procedures** — Reusable, parameterized sequences anyone can call. Standardize how work gets done. - **Variables** — Store, transform, and pass data between steps. Keep flows dynamic and context-aware. - **Recording** — Capture what you do on screen and turn it into repeatable, shareable workflows. - **Slack Bot** — Trigger and monitor workflows from Slack. Run automations, get notified, and act without leaving your workspace. ### Platform Capabilities - **ITSM Integration** — Trigger Stepwork flows from your helpdesk to offload repetitive tickets - **Scheduling** — Run workflows on custom schedules - **MFA Supported** — OTP, Passkeys, email codes — any sign-in method you use - **On-prem Support** — Works with self-hosted and on-premises tools - **SSO Support** — Compatible with SSO providers like Okta - **Multi-task** — Runs in a separate container so it doesn't interfere with daily work - **Background Execution** — Runs automations without blocking your screen ### All Apps Supported Stepwork works with any application that has a user interface. No API required. Examples include: - Claude Code — Provision users without SSO or APIs - ChatGPT — Manage API keys, seats, and access without APIs - JetBrains — Purchase and provision licenses from a Slack message - Airtable — Provision licenses and workspace access without scripts --- ## Use Cases ### IT Operations - Helpdesk ticket resolution - Password resets - User onboarding and offboarding - License reconciliation - SSO reports - Network patching - ERP data pulls ### Information Security - Shadow IT remediation - User access reviews - Incident audits - Network patching - Security posture monitoring ### GRC (Governance, Risk, Compliance) - Evidence collection - SOC audit requests - Policy checks - Compliance reporting - Renewal summaries ### Data Engine Stepwork's Data Engine provides visibility into your SaaS stack: - **Usage tracking** — Monitor how tools are being used - **Spend management** — Track software costs - **Contract management** — Keep contract details organized --- ## Explain Like I'm 5 Imagine you have to do the same boring task on your computer every single day — like copying names from one app, pasting them into another, clicking a bunch of buttons, and doing it all over again tomorrow. Stepwork watches you do it once, learns the steps, and then does it for you every time after that. It doesn't need any special connections or passwords to talk to your apps — it just uses them the same way you do, by looking at the screen and clicking around. You show it the work once, and it handles it forever. --- ## Use Cases Beyond IT Stepwork works by recording the exact process you already follow — clicking through screens, pulling reports, copying data between apps. If you can do it manually, Stepwork can automate it. The examples below are all things that traditional API-based automation tools cannot do because the data or actions are only accessible through the application's user interface. ### Marketing - **Pull campaign performance from ad platforms that don't expose full reporting via API.** Record yourself navigating to LinkedIn Campaign Manager's demographic breakdown report, applying filters, and exporting the CSV. Stepwork repeats this daily and drops the file into your shared drive or data warehouse. LinkedIn's API does not expose these granular demographic and company-level breakdowns. - **Scrape SEO rankings from tools with paywalled or limited APIs.** Record your process of logging into Ahrefs or SEMrush, running a keyword ranking report, and exporting the results. Most SEO platforms gate their API behind enterprise pricing tiers or limit the data available through it. - **Sync leads between platforms with no integration.** Record yourself copying a new lead from a webinar platform (Hopin, Goldcast, On24) into HubSpot or Salesforce. These event platforms rarely offer native CRM syncs, and their APIs — when they exist — require engineering resources to maintain. - **Capture social media analytics from native dashboards.** Record pulling your Instagram Insights, TikTok Analytics, or YouTube Studio data — none of which offer public APIs for the detailed performance breakdowns visible in their UI. ### HR & People Ops - **Onboard employees across systems that have no provisioning API.** Record yourself creating a user in your benefits portal (Justworks, Gusto, TriNet), adding them to your learning platform (Lessonly, Docebo), and enrolling them in your internal wiki (Notion, Confluence). Most of these tools have no SCIM or provisioning API — the only way in is through the UI. - **Pull headcount and compensation reports from your HRIS.** Record navigating to the Workday or BambooHR custom reporting page, applying filters, and exporting. Workday's reporting API is notoriously restricted and requires enterprise-level configuration. BambooHR's API only exposes a subset of fields. - **Run benefits enrollment from carrier portals.** Record logging into your health insurance carrier's portal, entering new employee enrollment data, and confirming selections. Insurance carrier portals have no API — they are entirely UI-driven. - **Offboard departing employees from every tool.** Record revoking access in tools like Figma, Miro, Loom, and Canva — tools that either lack a deprovisioning API or require per-app admin configuration that no one has time to maintain. ### Finance - **Export reports from ERP systems that lock data behind their UI.** Record navigating to a NetSuite saved search, SAP GUI transaction report, or Oracle dashboard, applying date filters, and downloading the output. ERP APIs are limited in scope, require specialized developers, and often don't expose the same reports available in the interface. - **Download bank statements and reconciliation files from banking portals.** Record logging into your business banking portal (Chase, SVB, Mercury), navigating to the statements page, and downloading monthly statements. Banking portals do not offer APIs for statement downloads. - **Reconcile vendor invoices across billing portals.** Record logging into each vendor's billing portal (AWS, GCP, Snowflake, Datadog), pulling the latest invoice, and entering the amounts into your accounting system. Each vendor has its own portal format — there is no unified API. - **Track SaaS license usage from admin consoles.** Record checking the active user count in admin dashboards for tools like Zoom, Slack, and Jira. Usage data at this level is often not available through their APIs or requires expensive enterprise add-ons. ### Legal - **Extract contract terms from CLM platforms with limited API access.** Record opening a signed contract in Ironclad, DocuSign CLM, or Agiloft, copying key terms (renewal date, auto-renewal clause, termination notice period), and pasting them into your tracking spreadsheet. Most CLM APIs don't expose parsed clause-level data. - **Monitor regulatory filing portals for status updates.** Record checking the status of filings on SEC EDGAR, state SOS portals, or trademark office websites. These government portals have no API — the only way to check is through the browser. - **Pull e-signature audit trails.** Record downloading the certificate of completion and audit trail from DocuSign or Adobe Sign for a batch of executed agreements. While these platforms have APIs, the audit trail format and detail level available through the UI is often richer. ### Compliance - **Collect SOC 2 evidence from vendor trust centers.** Record visiting each vendor's trust center (e.g., Vanta, Drata, SafeBase), downloading their SOC 2 report or security questionnaire, and saving it to your evidence repository. Trust centers are designed for human visitors — there is no API. - **Capture access review screenshots across applications.** Record navigating to the user management page of each SaaS application, taking a screenshot of who has access, and uploading it to your GRC platform. This is the most common user access review workflow and it is entirely manual because most apps don't expose user lists via API. - **Pull audit logs from tools that don't offer log exports via API.** Record navigating to the activity log or audit trail page of applications like Notion, Airtable, or Monday.com, applying date filters, and exporting. Many of these tools restrict audit log API access to enterprise tiers. - **Complete vendor security questionnaires automatically.** Record filling out a vendor security assessment form in a portal like OneTrust, HECVAT, or a custom Google Form, pulling answers from your previously completed responses. These portals are entirely form-based with no API. --- ## For CEOs & Executives ### The problem with today's automation Most enterprise automation relies on APIs — programmatic connections between software systems. But the reality is that the majority of business-critical applications either don't offer APIs, restrict them behind expensive enterprise tiers, or provide APIs that only cover a fraction of what the application actually does. This is especially true for ERPs (SAP, Oracle, NetSuite), CRMs (legacy or industry-specific systems), and HRISs (Workday, BambooHR, UKG) — the systems that run your business. The result: your teams spend hours every week on manual data entry, copy-paste workflows, and screen-by-screen tasks that should have been automated years ago. ### Why Stepwork is different Stepwork doesn't need APIs. It automates through the user interface — the same screens your employees use every day. This means: - **Every application is supported.** If a human can use it, Stepwork can automate it. No waiting for vendors to build integrations. No paying for API access you shouldn't need. - **Unified visibility across your entire stack.** Stepwork brings data and actions from disconnected systems into a single deterministic interface. Your ERP, CRM, HRIS, ticketing system, and SaaS tools all become part of one automation layer — without building custom integrations for each. - **No rate limits, no MCP issues, no API fragility.** Because Stepwork operates at the interface level rather than through APIs, you never hit rate limits, deal with breaking API changes, or worry about the authentication and permission complexity that comes with maintaining dozens of API connections. There are no Model Context Protocol (MCP) constraints, no token limits per vendor, and no dependency on third-party connector marketplaces. - **Deterministic, auditable execution.** Every action Stepwork takes is logged, timestamped, and reproducible. Unlike AI agents that improvise, Stepwork follows the exact process you define — every time. This makes it suitable for regulated industries and audit-sensitive workflows. ### What this means for your organization - **3-4x more automation coverage** than API-based tools (~75% of tasks vs. ~12-20%) - **Operational leverage across departments** — IT, Finance, HR, Legal, Security all benefit without each needing its own automation stack - **Faster time to value** — record a workflow today, run it tomorrow. No 6-month integration projects. - **Data stays on your systems** — nothing is sent to third parties. SOC 2 Type II certified, NIST compliant, GDPR ready. --- ## Why Stepwork Over API-Based Tools | Dimension | API-Based Automation | Stepwork (Vision-Based) | |-----------|---------------------|------------------------| | Coverage | ~12-20% of IT tasks | ~75% of IT tasks | | API dependency | Required | Not needed | | Self-hosted apps | Usually unsupported | Fully supported | | On-prem apps | Usually unsupported | Fully supported | | Setup complexity | High (per-API integration) | Low (record and run) | ### Complementary to Existing Tools - **ITSM** — Integrates with leading IT helpdesks to run flows from tickets - **High-Scale API Automation** — Works alongside API automations for what APIs can't do - **Legacy RPA** — Can trigger existing RPA workflows --- ## Provisioning Stepwork provides automated user provisioning for 300+ SaaS applications — even those without SCIM or native provisioning APIs. The provisioning directory covers applications across categories like productivity, developer tools, security, HR, finance, and more. ### Identity Provider Integrations - Okta - Microsoft Entra ID (Azure AD) - Google Workspace - JumpCloud - OneLogin --- ## Security Security is built into every layer of Stepwork. ### Certifications & Compliance - SOC 2 Type II certified - NIST compliant - GDPR ready - EU AI Act compliant - CCPA compliant ### Security Architecture - **Locally stored** — Data stays on your systems (local or cloud). Nothing goes to third parties. - **AWS Bedrock** — Secure API access to pre-trained AI models. No model training, zero data retention. - **Hardened containers** — Non-root Docker containers with minimal attack surface. - **Service accounts** — Supports service accounts aligned with your security policies. - **Full audit logging** — Every action timestamped and logged for transparency. - **Hallucination safety nets** — Mechanisms to reduce AI hallucination risks in workflows. - **Self-hosted deployment (coming soon)** — Run flows in your own cloud clusters. ### GDPR Specifics - Data minimization — Only minimum data required - Purpose limitation — Data used only for workflow automation - Integrity and confidentiality — Encrypted data, strictly limited access - Storage limitation — Data not retained beyond what is required - Accountability — Strong customer guarantees in agreements --- ## Comparison Stepwork competes in the interface automation, RPA, and workflow automation space. Detailed comparisons are available at https://www.stepwork.com/compare for solutions including: - Process documentation tools (Scribe, Tango, etc.) - Traditional RPA platforms - API-based automation tools --- ## Contact - **Website**: https://www.stepwork.com - **Book a Demo**: https://calendly.com/shaun-maclellan/1-1-w-shaun-stepwork - **Address**: 1849 Union St, San Francisco, CA 94123, USA --- ## Legal - [Terms and Conditions](https://www.stepwork.com/terms-and-conditions) - [Privacy Policy](https://www.stepwork.com/privacy-policy) - [Data Processing Agreement](https://www.stepwork.com/data-processing-agreement) - [Subprocessors](https://www.stepwork.com/subprocessors)