The boring truth, captured every 10 seconds.
Active-window timeline
Foreground process, window title, and Windows user — sampled every 10s. The screenshot reel reconciles to the same timeline.
Browser URLs, no extension
UI Automation reads the address bar from Chrome, Edge, Firefox, Brave, Vivaldi, and Arc. Query strings and OAuth tokens are stripped before they hit the database.
One screenshot per minute
JPEG quality 70, perceptual-hash dedup, idle-skip. Hot tier for 30 days; cold tier for the next 11 months; deleted on day 365.
Productive vs. unproductive
Sensible defaults out of the box — Office, IDEs, comms, browsers, games. Override per tenant in the dashboard.
Multi-tenant, isolated
Every row carries a tenant_id. Every object key starts with the tenant UUID. Cross-tenant access is a 404, not a 403 — we don't even confirm the other tenant exists.
Signed, silent install
WiX 4 MSI signed by Azure Trusted Signing. Push via your RMM — one .ps1 per customer, fleet enrollment key baked in, zero per-machine arguments.
What SnitchOS deliberately does not do.
- It is not a keylogger. Input is counted — never recorded.
keystroke_count,mouse_click_count,mouse_distance_px. Nothing else. - It is not a rootkit. The service is visible in Task Manager (
SnitchOSAgent) and uninstallable by a local administrator. By design — MSPs need that capability for support. - It does not collect audio, webcam imagery, file contents, or saved passwords. Not now, not later.
- It does not store URL query strings or fragments. Address-bar reads are normalised to
host + pathbefore they leave the endpoint. - It is not for personal devices. SnitchOS targets MSP-managed, company-owned endpoints with appropriate employee notice on the legal record.
Built the way you actually deliver service.
- One platform across every customer. Sign in once with your M365, switch tenants in the sidenav.
- Pricing scales with your fleet, not per-customer-seat-tier math.
- Tenant isolation is enforced at the DB, storage, and API layers — not just the dashboard.
- Per-tenant RMM bundles. Hand the ZIP to your engineer; they push it via ConnectWise / NinjaOne / Datto / Syncro / whatever you run.
- Built on industry standards: M365 SSO, signed MSI, audited architecture, 3-year audit-log retention for SOC 2.
Want to see it on your fleet?
Email and we'll cut you a per-tenant installer with a 30-day pilot key. One endpoint, one hour, you'll know whether it's right for you.