MDM Transparency
Data Privacy is Our Priority
We believe in complete transparency about what our MDM solution can and cannot do. Your employees' privacy matters.
Our Commitment to Privacy
Mobile Device Management (MDM) is built into Apple and Microsoft operating systems. The capabilities are predefined by the OS vendor, not by MDM providers like us. This means we can only do what the protocol allows, and we've chosen to implement only what's necessary for security.
What We Don't Collect
We respect employee privacy. These are things we explicitly cannot and will never access.
Personal Files
We never access, scan, or read your personal documents, photos, or any files on your device.
Browsing History
Your web browsing activity and history remain completely private to you.
Keystrokes
We do not monitor, log, or record any keystrokes or text you type.
Screen Content
We cannot take screenshots, record your screen, or view what you're working on.
Camera & Microphone
We have no access to your webcam, microphone, or any audio/video recordings.
Location History
We do not store your device location history or movement patterns.
What We Collect
We collect only the minimum data necessary for device security, inventory management, and compliance monitoring.
Device Information
Serial number, model, OS version, hardware specifications, and current country-level location for inventory management.
Security Status
Disk encryption status, screen lock configuration, and security policy compliance.
Installed Applications
List of installed applications including browser extensions to identify unauthorized or vulnerable software.
Network Configuration
Wi-Fi and VPN settings to ensure secure network connections.
What We Can Do: Fleet Management & Remote Actions
These are the security actions available to your IT team. All actions are logged and auditable.
Remote Lock
Lock a lost or stolen device to prevent unauthorized access to company data.
Remote Wipe
Erase company data from a device that's been lost, stolen, or when an employee leaves.
Security Policy Enforcement
Push and enforce security configurations like encryption requirements and password policies.
What We Cannot Do: No Remote Script Execution
We deliberately chose not to support remote script execution, which means we cannot execute custom code on your employees' devices. This is designed to improve your security.
Remote script execution turns any MDM into a high-value target. If an MDM server with this capability were to be compromised, attackers could instantly deploy malware to every enrolled device.
By not building this feature, we significantly reduce your company's attack surface.
Examples of what we cannot do:
- Run arbitrary shell commands or scripts on devices
- Install software silently without user consent
- Access or modify files on the device
- Deploy custom agents or monitoring tools
How We Protect Your Data
Security isn't just what we sell, it's how we operate.
Encrypted at Rest & In Transit
All device data is encrypted using AES-256 at rest and TLS 1.3 in transit. Your data is protected at every step.
Role-Based Access Control
Only authorized administrators can access device management features. All actions are logged and auditable.
SOC 2 Type II & ISO 27001 Certified
We maintain SOC 2 Type II and ISO 27001 certifications, demonstrating our commitment to security, availability, and confidentiality.
Data Minimization
We only collect what's necessary for security and compliance. No personal data, no surveillance, no overreach.
Employee Visibility & Control
Employees can always see what's installed on their device and what permissions have been granted.
On macOS
Go to System Settings → Privacy & Security → Profiles to see all installed MDM profiles and the permissions they grant.
On Windows
Go to Settings → Accounts → Access work or school to view MDM enrollment details and managed policies.
Questions About Our MDM?
We're happy to walk you through exactly how our MDM works and answer any questions about data collection and privacy.