Code Signing Policy – Super Productivity

Last updated: January 15, 2026

Overview

Super Productivity Windows releases are digitally signed to ensure authenticity and integrity. Code signing helps you verify that:

1. The software genuinely comes from the Super Productivity project
2. The code has not been tampered with since it was signed
3. You can trust the source of the application

Certificate Information

How to Verify

Windows

1. Right-click the downloaded .exe file
2. Select Properties
3. Go to the Digital Signatures tab
4. Select the signature and click Details
5. Verify the signer is “SignPath Foundation”

Command Line

# PowerShell
Get-AuthenticodeSignature "Super Productivity Setup.exe"

Why SignPath Foundation?

Super Productivity is a free and open-source project. SignPath Foundation provides code signing certificates to qualifying open-source projects at no cost, allowing us to:

• Eliminate Windows SmartScreen warnings
• Provide verified, trusted downloads
• Maintain the security of our release process

Build Verification

All signed releases are built through our automated CI/CD pipeline:

• Build System: GitHub Actions
• Source Repository: github.com/super-productivity/super-productivity
• Origin Verification: SignPath verifies that signed binaries originate from our official repository

Team Roles

Security Practices

• Private signing keys are stored in SignPath’s Hardware Security Module (HSM)
• All signing requests require manual approval
• Binaries are verified to originate from our official GitHub repository
• Timestamps ensure signatures remain valid even after certificate expiration

Reporting Issues

If you encounter a signed binary that you believe is malicious or has been tampered with:

1. Do not run the file
2. Report to: contact@super-productivity.com
3. Include the file hash (SHA256) and download source

Other Platforms

Free code signing provided by SignPath.io, certificate by SignPath Foundation.