Workforce visibility for MSPs
Know how the day was actually spent — without the theatre.
SnitchOS shows you active windows, idle gaps, app and website usage, and a minute-by-minute screenshot timeline across every Windows endpoint you manage. Multi-tenant from the first row. Signed installer. Disclosed by default.
The problem
Timesheets tell you what people wrote down. SnitchOS tells you what happened.
Per-seat monitoring tools were built to sell licenses one employee at a time. For an MSP running dozens of client tenants, that pricing punishes growth and the tooling assumes a single company. You end up with a separate console per customer and a bill that scales with every seat you monitor.
SnitchOS starts from the MSP: one platform across every customer, isolation enforced at the database and storage layers, and a price that tracks the handful of people who log in to read the data — never the workforce being measured.
See the real workday
Active window, idle vs. active, app and website time, and a screenshot timeline that reconciles to the same clock.
One console, every tenant
Switch clients in the sidebar. Every query is tenant-scoped; managers see only the customers you grant them.
Priced for how you grow
$100 per admin, per month. Add client tenants and endpoints without adding cost.
Defensible by design
Counts, not keystrokes. Visible service. Lawful-disclosure posture baked into how it collects.
What ships today
A full monitoring platform, not a feature preview.
Everything below is in production right now. The parts that aren't live yet live on the roadmap, not here.
Real-time visibility
What's on screen, who's at the keyboard, right now.
A live board refreshes every 30 seconds with each person's status, current app or site, and today's productive split — per tenant and across your whole book of business.
- Active-window timeline sampled every ~10 seconds
- Idle vs. active detection so idle time isn't credited to the foreground app
- Minute-by-minute screenshot timeline, perceptual-hash deduped and idle-skipped
- Multi-monitor capture and per-user attribution across RDP and fast-user-switching
Productivity intelligence
Turn raw activity into something you can brief a customer on.
Every app and site is classified productive, neutral, or unproductive — sensible defaults out of the box, overridable per tenant. Then it rolls up into the reports your customers' managers actually read.
- Productive / neutral / unproductive scoring with per-tenant rules
- Summary, daily attendance grid, category trends, and work-hours reports
- Goals and benchmarks that show distance-to-target, not raw minutes
- PDF and CSV exports for the compliance-evidence pull an auditor asks for
Apps, websites & AI
Where the hours — and the license spend — actually go.
Ranked application and website usage per tenant, with drill-down to the users behind every hour. A dedicated view tracks time spent in AI assistants, matched by app and domain.
- Top executables and URL hosts with productivity badges and CSV export
- AI-assistant usage: Claude, ChatGPT, Copilot, Cursor and more, per user and tenant
- Uncategorized review queue to classify the long tail in one place
- Microsoft 365 off-device analytics — Entra sign-ins, Teams and Outlook by device class
Alerts & compliance
Push what needs attention. Archive the rest for the auditor.
Per-tenant alarm rules fire on the signals that matter and route to NotifyBell or your webhook. Every admin action lands in an append-only audit log with three-year retention.
- Rules for agent-not-reporting, denied-app use, off-hours activity and idle-SLA breaches
- Alarm log with full payload and acknowledge state for compliance review
- Schedule adherence against per-user and per-tenant shifts
- SOC 2-aligned audit trail with actor, IP, target and outcome on every mutation
How it works
From RMM push to a full dashboard in about a minute.
Deploy through your RMM
Download a per-customer install script with the tenant ID and fleet key baked in. Push it silently via NinjaOne, Datto, ConnectWise, Intune or GPO. No per-machine arguments.
The endpoint samples quietly
A signed LocalSystem service records active window, idle state, app and URL, input counts, and a deduped screenshot each minute — then batches to the API over TLS every 60 seconds.
You read the dashboard
Devices appear within about a minute. Watch the live board, run reports, set alarms, and hand your customer a branded weekly digest — all scoped to the right tenant.
Where we draw the line
What SnitchOS deliberately does not do.
Monitoring software is legally sensitive and heuristically suspicious to antivirus. The restraint is the product.
It is not a keylogger
Input is counted, never recorded — keystroke_count, mouse_click_count, mouse_distance_px. The keys you press never leave the endpoint.
It is not a rootkit
The service is visible in Task Manager as SnitchOSAgent and a local admin can uninstall it. MSPs need that for support.
It does not read content
No clipboard, no file contents, no message bodies, no audio, no webcam, no saved passwords. Screenshots are visual frames only.
It does not store URL secrets
Only scheme, host and path are kept. Query strings and fragments are stripped on the endpoint and again on ingest, so SSO tokens are never saved.
How we sit
Against the per-seat workforce-analytics tools.
The incumbents are priced by monitored seat and gated by tier. SnitchOS ships one full feature set to every tenant and bills the admins, not the workforce.
| Capability | Typical per-seat tool | SnitchOS |
|---|---|---|
| Pricing model | $10–19 per monitored user, per month, tier-gated | $100 per admin, per month — unlimited endpoints, users & tenants |
| Feature tiers | Alarms, coaching, impact analysis behind upsell tiers | Every feature, every tenant, no tiers |
| Multi-tenant | A paid add-on or a separate console per customer | Native — one login across all client tenants |
| RMM deployment | Generic MSI plus manual per-customer wiring | Per-tenant signed script, fleet key baked in |
| Browser URLs | Often the full URL, including query string | host + path only; queries stripped at the endpoint |
| Admin login | Local passwords on by default | Microsoft Entra SSO only |
| Audit retention | Variable; long retention often a paid tier | 3 years, append-only (SOC 2 CC7.2) |
| Tenant isolation | Application layer | Database row + object-store key + API scope |
| Installer signing | Sometimes unsigned or delayed | Azure Trusted Signing, CN=Shield Management Inc |
| Data location | Vendor SaaS cloud | Self-hosted on MSP-controlled infrastructure |
Pricing
One number. No per-seat math.
SnitchOS is $100 per active admin, per month. Monitored endpoints, users and client tenants are unlimited and never billed. Your cost tracks the people who log in to read the data — not the workforce you measure.
Billed automatically each month. Add or deactivate admin seats anytime.
- Unlimited monitored endpoints and users
- Unlimited client tenants, isolated
- Every feature — no upsell tiers
- Signed installer, SSO, 3-year audit log
Security & trust
Built to survive your customers' security review.
You are reselling this to companies that will ask hard questions. The answers are already documented.
SOC 2 readiness
A full Trust Services Criteria control mapping with evidence collection underway. Honest status: readiness, not a completed attestation.
Three-layer isolation
Every row carries a tenant ID, every object-store key is tenant-prefixed, and every API call is scope-checked. Cross-tenant access returns 404.
Signed, verified updates
MSI and all agent binaries are signed by Azure Trusted Signing as CN=Shield Management Inc, and self-updates verify publisher, hash and a signed manifest before touching SYSTEM.
SSO only
Microsoft Entra sign-in with PKCE and an immutable object-ID binding. Local passwords were removed in v0.3. No self-service provisioning.
Append-only audit log
Every authenticated mutation is recorded with actor, IP, user-agent, target and outcome, retained three years for CC7.2.
Retention with an end date
Screenshots live hot for 30 days, cold through day 365, then hard-delete. Data is disposed on tenant offboarding.
Why we built SnitchOS
“We ran the incumbent tools across our own clients and hated the bill and the per-customer sprawl. SnitchOS is the platform we wished existed: one login, every tenant, priced by the people who actually read the reports.”
The SnitchOS team · built inside Shield Management, an MSP, for MSPs
Deploys through the tools you already run
Book a demo
See it on your own fleet.
Tell us a little about your MSP and we'll cut you a per-tenant installer with a 30-day pilot key. One endpoint, one hour — you'll know whether it fits.
- No per-seat contract to sign for the pilot
- Works alongside your existing RMM and PSA
- We'll walk you through deployment and reporting live
Prefer email? sales@snitchos.com