Powerful monitoring you can defend in any audit
SpyTrax is engineered for transparent, consent-based monitoring. Encryption, isolation, and employee data rights are built into the core — not added later.
Defense in depth, end to end
Encryption everywhere
AES-256-GCM on the on-device queue and TLS for all agent traffic. Screenshots are integrity-verified with SHA-256 end to end.
Multi-tenant isolation
Row-level tenant isolation on every table, with admin-revocable device tokens and full RBAC across five roles.
Privacy by design
First-run employee consent, regex privacy masks for window titles & URLs, optional blur mode, and configurable retention.
Employee data rights
One-click GDPR data export and right-to-erasure with a 30-day grace window — built in, not bolted on.
Tamper resistance
Binary self-hash verification at startup and a watchdog supervisor that auto-restarts the agent on crash.
Immutable audit trail
Every admin action is logged with actor and timestamp, giving you a defensible record for any review.
We capture metadata — never private content
SpyTrax records counts, durations, and titles to measure work and detect risk. The genuinely private stuff is excluded by design.
Explicitly never collected
- ✕Actual keystrokes or typed text
- ✕Passwords
- ✕Banking & financial page content
- ✕Private / incognito browsing
- ✕Camera or microphone audio
- ✕Personal photos & documents
- ✕SMS / iMessage content
- ✕Location / GPS
- ✕Biometric data
Aligned with the frameworks your auditors care about
GDPR
EU General Data Protection Regulation — consent, export & erasure.
DPDP Act 2023
India Digital Personal Data Protection — data-principal rights.
SOC 2 Type II
Audit logs, MFA & immutable logging controls.
ISO 27001
Log aggregation, retention & access governance.
Employee data rights, built in
Monitoring that respects your people
Talk to our team about a deployment that meets your compliance requirements.