Workforce visibility for MSPs

Know how the day was actually spent — without the theatre.

SnitchOS shows you active windows, idle gaps, app and website usage, and a minute-by-minute screenshot timeline across every Windows endpoint you manage. Multi-tenant from the first row. Signed installer. Disclosed by default.

Signed by Azure Trusted Signing Microsoft Entra SSO Not a keylogger
New device enrolled · 38s ago
~60s
From RMM push to first data in the dashboard
Unlimited
Endpoints, users & client tenants per plan
3-yr
Append-only audit trail (SOC 2 CC7.2)
1/min
Deduplicated screenshot timeline, idle-skipped

The problem

Timesheets tell you what people wrote down. SnitchOS tells you what happened.

Per-seat monitoring tools were built to sell licenses one employee at a time. For an MSP running dozens of client tenants, that pricing punishes growth and the tooling assumes a single company. You end up with a separate console per customer and a bill that scales with every seat you monitor.

SnitchOS starts from the MSP: one platform across every customer, isolation enforced at the database and storage layers, and a price that tracks the handful of people who log in to read the data — never the workforce being measured.

See the real workday

Active window, idle vs. active, app and website time, and a screenshot timeline that reconciles to the same clock.

One console, every tenant

Switch clients in the sidebar. Every query is tenant-scoped; managers see only the customers you grant them.

Priced for how you grow

$100 per admin, per month. Add client tenants and endpoints without adding cost.

Defensible by design

Counts, not keystrokes. Visible service. Lawful-disclosure posture baked into how it collects.

What ships today

A full monitoring platform, not a feature preview.

Everything below is in production right now. The parts that aren't live yet live on the roadmap, not here.

Real-time visibility

What's on screen, who's at the keyboard, right now.

A live board refreshes every 30 seconds with each person's status, current app or site, and today's productive split — per tenant and across your whole book of business.

  • Active-window timeline sampled every ~10 seconds
  • Idle vs. active detection so idle time isn't credited to the foreground app
  • Minute-by-minute screenshot timeline, perceptual-hash deduped and idle-skipped
  • Multi-monitor capture and per-user attribution across RDP and fast-user-switching

Productivity intelligence

Turn raw activity into something you can brief a customer on.

Every app and site is classified productive, neutral, or unproductive — sensible defaults out of the box, overridable per tenant. Then it rolls up into the reports your customers' managers actually read.

  • Productive / neutral / unproductive scoring with per-tenant rules
  • Summary, daily attendance grid, category trends, and work-hours reports
  • Goals and benchmarks that show distance-to-target, not raw minutes
  • PDF and CSV exports for the compliance-evidence pull an auditor asks for

Apps, websites & AI

Where the hours — and the license spend — actually go.

Ranked application and website usage per tenant, with drill-down to the users behind every hour. A dedicated view tracks time spent in AI assistants, matched by app and domain.

  • Top executables and URL hosts with productivity badges and CSV export
  • AI-assistant usage: Claude, ChatGPT, Copilot, Cursor and more, per user and tenant
  • Uncategorized review queue to classify the long tail in one place
  • Microsoft 365 off-device analytics — Entra sign-ins, Teams and Outlook by device class

Alerts & compliance

Push what needs attention. Archive the rest for the auditor.

Per-tenant alarm rules fire on the signals that matter and route to NotifyBell or your webhook. Every admin action lands in an append-only audit log with three-year retention.

  • Rules for agent-not-reporting, denied-app use, off-hours activity and idle-SLA breaches
  • Alarm log with full payload and acknowledge state for compliance review
  • Schedule adherence against per-user and per-tenant shifts
  • SOC 2-aligned audit trail with actor, IP, target and outcome on every mutation

How it works

From RMM push to a full dashboard in about a minute.

STEP 01

Deploy through your RMM

Download a per-customer install script with the tenant ID and fleet key baked in. Push it silently via NinjaOne, Datto, ConnectWise, Intune or GPO. No per-machine arguments.

STEP 02

The endpoint samples quietly

A signed LocalSystem service records active window, idle state, app and URL, input counts, and a deduped screenshot each minute — then batches to the API over TLS every 60 seconds.

STEP 03

You read the dashboard

Devices appear within about a minute. Watch the live board, run reports, set alarms, and hand your customer a branded weekly digest — all scoped to the right tenant.

Where we draw the line

What SnitchOS deliberately does not do.

Monitoring software is legally sensitive and heuristically suspicious to antivirus. The restraint is the product.

It is not a keylogger

Input is counted, never recorded — keystroke_count, mouse_click_count, mouse_distance_px. The keys you press never leave the endpoint.

It is not a rootkit

The service is visible in Task Manager as SnitchOSAgent and a local admin can uninstall it. MSPs need that for support.

It does not read content

No clipboard, no file contents, no message bodies, no audio, no webcam, no saved passwords. Screenshots are visual frames only.

It does not store URL secrets

Only scheme, host and path are kept. Query strings and fragments are stripped on the endpoint and again on ingest, so SSO tokens are never saved.

SnitchOS is for company-owned, MSP-managed endpoints with appropriate employee notice. It is not for personal devices, and it is not designed to be undetectable. See the Trust Center for our data-handling and disclosure posture.

How we sit

Against the per-seat workforce-analytics tools.

The incumbents are priced by monitored seat and gated by tier. SnitchOS ships one full feature set to every tenant and bills the admins, not the workforce.

Feature and pricing comparison between typical per-seat employee-monitoring tools and SnitchOS.
CapabilityTypical per-seat toolSnitchOS
Pricing model$10–19 per monitored user, per month, tier-gated$100 per admin, per month — unlimited endpoints, users & tenants
Feature tiersAlarms, coaching, impact analysis behind upsell tiersEvery feature, every tenant, no tiers
Multi-tenantA paid add-on or a separate console per customerNative — one login across all client tenants
RMM deploymentGeneric MSI plus manual per-customer wiringPer-tenant signed script, fleet key baked in
Browser URLsOften the full URL, including query stringhost + path only; queries stripped at the endpoint
Admin loginLocal passwords on by defaultMicrosoft Entra SSO only
Audit retentionVariable; long retention often a paid tier3 years, append-only (SOC 2 CC7.2)
Tenant isolationApplication layerDatabase row + object-store key + API scope
Installer signingSometimes unsigned or delayedAzure Trusted Signing, CN=Shield Management Inc
Data locationVendor SaaS cloudSelf-hosted on MSP-controlled infrastructure

Pricing

One number. No per-seat math.

SnitchOS is $100 per active admin, per month. Monitored endpoints, users and client tenants are unlimited and never billed. Your cost tracks the people who log in to read the data — not the workforce you measure.

Security & trust

Built to survive your customers' security review.

You are reselling this to companies that will ask hard questions. The answers are already documented.

SOC 2 readiness

A full Trust Services Criteria control mapping with evidence collection underway. Honest status: readiness, not a completed attestation.

Three-layer isolation

Every row carries a tenant ID, every object-store key is tenant-prefixed, and every API call is scope-checked. Cross-tenant access returns 404.

Signed, verified updates

MSI and all agent binaries are signed by Azure Trusted Signing as CN=Shield Management Inc, and self-updates verify publisher, hash and a signed manifest before touching SYSTEM.

SSO only

Microsoft Entra sign-in with PKCE and an immutable object-ID binding. Local passwords were removed in v0.3. No self-service provisioning.

Append-only audit log

Every authenticated mutation is recorded with actor, IP, user-agent, target and outcome, retained three years for CC7.2.

Retention with an end date

Screenshots live hot for 30 days, cold through day 365, then hard-delete. Data is disposed on tenant offboarding.

Why we built SnitchOS

“We ran the incumbent tools across our own clients and hated the bill and the per-customer sprawl. SnitchOS is the platform we wished existed: one login, every tenant, priced by the people who actually read the reports.”

The SnitchOS team · built inside Shield Management, an MSP, for MSPs

Deploys through the tools you already run

NinjaOne Datto RMM ConnectWise Kaseya N-able Intune & GPO

Book a demo

See it on your own fleet.

Tell us a little about your MSP and we'll cut you a per-tenant installer with a 30-day pilot key. One endpoint, one hour — you'll know whether it fits.

  • No per-seat contract to sign for the pilot
  • Works alongside your existing RMM and PSA
  • We'll walk you through deployment and reporting live

Prefer email? sales@snitchos.com

Please enter your name.
Enter a valid work email.
Please enter your company.

Submitting opens your email client with the details filled in — nothing is sent to a third party.