Summary
Tabletop Incident Runner is a local-first exercise workspace for security trainers, incident leads, and operations teams running tabletop drills. Build Inject Timeline records, generate a Tabletop After-Action Report, and export Markdown, JSON, CSV, and print HTML evidence from the browser-side workspace. It is intentionally scoped to local planning and report ownership, not a full enterprise platform or AI prediction engine.
Tabletop Incident Runner is designed as a local-first browser app. The app does not require an account, does not use advertising SDKs, does not include analytics tracking, and does not sell personal information.
Information you access, enter, type, paste, or import
The app can access only the files, text, rows, notes, images, documents, plans, or other information that you choose to enter, type, paste, import, or open in the browser during your session. This may include personal information if you decide to place it in the app. The app uses that information only to provide the visible workflow, calculations, warnings, previews, reports, exports, or downloads shown inside the app.
How the app uses data
Data is processed in the browser to create the app's local result. Depending on the product workflow, that result may include generated plans, reports, labels, cleaned files, evidence summaries, CSV/JSON/Markdown exports, printable HTML, or other files that you explicitly choose to export. The app does not upload your working data to a PanGalactic server.
Local storage and session data
Some workflows may store saved recipes, templates, workspace settings, or saved local cases in browser local storage when you choose a save action. Local storage stays on the device and browser profile you are using. You can clear, delete, remove, or overwrite saved local data through the app controls where provided, or by clearing site data in your browser.
Exports and user control
You control whether anything is exported. Exported files are created only when you press a download, print, copy, or export control. You are responsible for where you save, share, or upload exported files after they leave the app. The app never overwrites your original files unless a browser or operating-system save dialog is used by you outside the app's control.
Sharing and disclosure
PanGalactic does not sell, rent, disclose, or share your local app content with advertisers, analytics providers, or data brokers. The app may load its own static files from the published PWA host so that the application can run, but the working content you enter into the app is not sent to that host by the app workflow.
Security
The app is delivered over HTTPS and is built to avoid cloud upload for the working data. Local-first processing reduces server exposure, but it does not replace device security. Protect your Windows account, browser profile, downloads folder, exported files, and backups if the data you enter is private or sensitive.
Product-specific workflow
- Three-surface inject timeline workspace
- Template starter: Ransomware payment clock
- Add, remove one, clear all, reset, save, load, and delete local records
- Tabletop After-Action Report with Markdown, JSON, CSV, print HTML, and clipboard copy exports
- Stale-output invalidation after workspace edits
- System/Light/Dark theme and Rich/Plain surface controls
- Privacy, support, and feedback pages with return path
Children, sensitive data, and professional judgement
The app is a utility for organizing local information and exports. It is not a legal, medical, financial, safety, or professional advice service unless a specific app screen says otherwise, and even then it is only a documentation aid. Review any exported result before relying on it, especially when it contains health, student, household, financial, or emergency information.
Contact
Questions, privacy requests, or support messages can be sent to valentinojavi94@gmail.com.
Last updated: 2026-05-25.