Legal

Data Processing Addendum

How Shield Management processes monitored endpoint data on your behalf when you license SnitchOS — the processor terms, security commitments, and the sub-processors we rely on.

Effective date: July 11, 2026 · Version 1.0 · Forms part of the SnitchOS Terms of Service.

This Addendum is a template provided for review by the Customer's and Shield's respective legal counsel. It is not legal advice and does not create an attorney-client relationship. Adapt it to your jurisdiction, your downstream client agreements, and your obligations to Monitored Users before you rely on it.

1. About this Addendum

This Data Processing Addendum (the “Addendum” or “DPA”) forms part of the agreement between Shield Management Inc (“Shield”, “we”, “us”) and the managed service provider that licenses the SnitchOS platform (the “Customer”, “you”) under the SnitchOS Terms of Service (the “Agreement”). It governs how Shield processes personal data on the Customer's behalf when the Customer uses SnitchOS to monitor company-owned Windows endpoints.

Where the Customer provides SnitchOS to its own downstream client organizations (“Client Tenants”), the Customer remains responsible under this Addendum for the instructions given to Shield and for the agreements it holds with those Client Tenants. If any term of this Addendum conflicts with the Agreement, this Addendum controls for matters of data protection.

2. Definitions

Capitalized terms not defined here have the meaning given in the Agreement or in applicable data protection law.

  • Applicable Data Protection Law — all privacy and data protection laws that apply to the processing under this Addendum, including the EU and UK General Data Protection Regulation (“GDPR”) and US state privacy laws such as the California Consumer Privacy Act as amended by the CPRA (“CCPA/CPRA”).
  • Client Tenant — an organization served by the Customer whose endpoints are monitored through the Customer's SnitchOS account.
  • Controller, Processor, Data Subject, Personal Data, Processing, and Personal Data Breach — as defined in the GDPR (or the equivalent concepts of “business”, “service provider”, and “consumer” under CCPA/CPRA).
  • Monitored User — an end-user employee of the Customer or a Client Tenant whose company-owned device is monitored by the SnitchOS agent.
  • Endpoint Data — the Personal Data described in Section 4.2 that SnitchOS collects from monitored endpoints and connected sources.
  • Sub-processor — a third party engaged by Shield to process Endpoint Data on our behalf.

3. Roles of the parties

For the processing of Endpoint Data:

  • The Customer — or the relevant Client Tenant, where the Customer acts on its behalf — is the Controller. The Controller determines the purposes and means of monitoring, decides which endpoints to enroll, sets the productivity and retention rules, and is responsible for the lawful basis of the monitoring.
  • Shield is the Processor. We process Endpoint Data only on the Customer's documented instructions and only to provide and support the SnitchOS platform.

Under CCPA/CPRA, Shield acts as a service provider. We do not sell or share Endpoint Data, we do not retain, use, or disclose it for any purpose other than performing the services, and we do not combine it with data from other sources except as permitted by law to provide the service.

4. Scope and processing instructions

4.1 Documented instructions

Shield processes Endpoint Data only to deliver, maintain, secure, and support SnitchOS, and only as instructed by the Customer. The Customer's instructions are set out in this Addendum, the Agreement, and the configuration choices the Customer makes in the dashboard — for example, which endpoints are enrolled, how apps and sites are classified, retention windows, and which optional data sources are connected. If Shield believes an instruction infringes Applicable Data Protection Law, we will inform the Customer without undue delay.

4.2 Data we process

The subject matter of the processing is workforce activity monitoring on company-owned, MSP-managed Windows devices. The nature and purpose is to sample device activity, produce productivity analytics, and retain a reviewable record. The categories of Data Subjects are Monitored Users and the Customer's administrators. The categories of Personal Data are:

  • Active-window metadata — the foreground process name and window title;
  • Idle and active state, and application and website usage. For websites, only the scheme, host, and path are stored — URL query strings and fragments are stripped on the endpoint and again on server-side ingest;
  • Input activity as counts only — keystroke, mouse-click, and mouse-distance totals. The content of keystrokes is never recorded;
  • Screenshots captured at up to one frame per minute, deduplicated and skipped while idle;
  • Device and operating-system metadata (hostname, OS version, agent version, logged-in session);
  • Administrator identity through Microsoft Entra sign-in (name, work email, and the immutable Entra object ID); and
  • Only if the Customer connects it: Microsoft 365 Graph usage signals — Entra sign-ins and Teams and Outlook usage by device class.

4.3 Data we do not collect

SnitchOS is not a keylogger and is engineered to avoid content capture. It does not collect the content of keystrokes, clipboard contents, file contents, message bodies, audio, webcam imagery, saved passwords, or URL query strings and fragments. Special categories of Personal Data are not intentionally collected; the Customer must not configure monitoring in a way that targets them.

5. Confidentiality

Shield treats Endpoint Data as the Customer's confidential information. Personnel authorized to process Endpoint Data are bound by written confidentiality obligations, are granted access on a least-privilege basis, and receive access only to the extent needed to operate and support the service. Confidentiality obligations survive the end of employment or engagement.

6. Security measures

Shield maintains technical and organizational measures appropriate to the risk, aligned with the AICPA Trust Services Criteria. These measures are the subject of an ongoing SOC 2 readiness effort with evidence collection underway; they are not a completed SOC 2 attestation. Current measures include:

  • Encryption in transit — endpoint-to-API and administrator traffic is protected with TLS 1.3.
  • Tenant isolation — every record carries a tenant identifier, every object-storage key is tenant-prefixed, and every API call is scope-checked. Cross-tenant access is refused.
  • Signed agent and updates — the MSI and agent binaries are code-signed by Azure Trusted Signing as CN=Shield Management Inc, and updates verify publisher, hash, and a signed manifest before applying.
  • Authentication — administrator access is through Microsoft Entra single sign-on only; local passwords are not used.
  • Append-only audit log — every authenticated mutation is recorded with actor, IP address, target, and outcome, retained for three years.
  • Access control and disposal — least-privilege administrative access and scheduled hard-deletion of expired data.

Off-site backups are encrypted in transit to the backup target. They are not encrypted at rest at the backup location; the Customer should account for this when assessing residual risk.

7. Sub-processing

7.1 Authorized sub-processors

The Customer authorizes Shield to engage the Sub-processors listed below to process Endpoint Data. Each Sub-processor is bound by a written contract imposing data protection obligations no less protective than those in this Addendum, and Shield remains responsible for their performance. SnitchOS itself is hosted by Shield on Shield-controlled infrastructure; the Sub-processors below support billing, authentication, alerting, and the underlying hosting environment.

Name Purpose Location
Stripe, Inc. Payment processing for administrator subscription billing. Stripe receives billing and payment details, not Endpoint Data. United States
Microsoft Corporation Microsoft Entra ID for administrator single sign-on, and — only where the Customer connects it — Microsoft 365 Graph for off-device usage analytics. United States / global (Microsoft data centers)
NotifyBell Operational alerting and notification delivery for configured alarm rules and platform health. United States
Data-center / hosting provider Underlying compute, storage, and network for the dedicated SnitchOS instance operated by Shield. United States

7.2 Changes to sub-processors

Shield will give the Customer prior notice of any intended addition or replacement of a Sub-processor, giving the Customer a reasonable opportunity to object on legitimate data protection grounds. If the Customer objects and the parties cannot resolve the concern, the Customer may terminate the affected portion of the service as its exclusive remedy. The list above is the current, authoritative record and is updated when it changes.

8. Assistance with data-subject requests

Taking into account the nature of the processing, Shield will provide reasonable assistance through appropriate technical and organizational measures to help the Customer respond to requests from Data Subjects to exercise their rights — including access, correction, deletion, restriction, and portability — under Applicable Data Protection Law. Where a Monitored User contacts Shield directly, we will refer them to the Customer and will not respond on the Customer's behalf except on the Customer's instructions.

9. Personal data breach notification

Shield will notify the Customer without undue delay, and in any event within seventy-two (72) hours, after becoming aware of a Personal Data Breach affecting Endpoint Data. The notification will describe, to the extent known, the nature of the breach, the categories and approximate volume of data and Data Subjects affected, the likely consequences, and the measures taken or proposed to address it. Shield will reasonably cooperate with the Customer to support the Customer's own notification obligations to regulators and Data Subjects. Notification is not an acknowledgement of fault.

10. Audits and information

Shield will make available to the Customer the information reasonably necessary to demonstrate compliance with this Addendum, including its security documentation and, when available, its SOC 2 report. Where the Customer reasonably requires an audit beyond that information, the parties will agree in advance on scope, timing, and cost; audits take place no more than once per year (except where required by a supervisory authority or following a Personal Data Breach), during business hours, under confidentiality, and without unreasonable disruption to Shield's operations or other customers.

11. Return and deletion of data

On termination or expiry of the Agreement, and at the Customer's choice, Shield will return or delete Endpoint Data. Absent a contrary instruction, Endpoint Data for an offboarded tenant is purged from the platform. Screenshots are retained hot for 30 days, moved to cold storage through day 365, and then hard-deleted. The append-only audit log is retained for three years. Shield may retain data for longer only where required by law, and while retained it remains subject to this Addendum.

12. International data transfers

Where the Customer's use of SnitchOS involves a transfer of Personal Data from the European Economic Area, the United Kingdom, or Switzerland to a country without an adequacy decision, the parties agree that the applicable European Commission Standard Contractual Clauses (and the UK International Data Transfer Addendum, where relevant) are incorporated by reference and apply to that transfer, with the Customer as data exporter and Shield as data importer. Shield will assist with transfer impact assessments and implement supplementary measures where reasonably required.

13. Employee-monitoring notice (Customer responsibility)

SnitchOS is intended for company-owned, MSP-managed endpoints. The Customer — and, where applicable, its Client Tenants — is solely responsible for establishing a lawful basis for the monitoring and for providing any notice or obtaining any consent required from Monitored Users under Applicable Data Protection Law and employment law. Several US states, including New York, Connecticut, and Delaware, require advance written notice of electronic monitoring; other jurisdictions impose consent or works-council obligations. Shield provides the tooling to monitor and to disclose; it does not determine the Customer's legal basis and does not provide employee notices on the Customer's behalf. See the Trust Center and Acceptable Use Policy for related commitments.

14. Liability

Each party's liability arising out of or related to this Addendum, whether in contract, tort, or otherwise, is subject to the limitations and exclusions of liability set out in the Agreement. Nothing in this Addendum limits either party's liability where such limitation is not permitted by Applicable Data Protection Law.

15. Contact

For privacy matters and Data-Subject-request assistance, contact privacy@snitchos.com. For legal notices under this Addendum, contact legal@snitchos.com. For operational and support questions, contact support@snitchos.com. See also our Privacy Policy.

Trust & compliance

Reselling SnitchOS to security-conscious clients?

The data-handling answers your customers will ask for are already documented. Read the Trust Center, or see the platform on your own fleet.

Privacy questions? privacy@snitchos.com