End Defend
LoginRequest Demo
Resource Center

Privacy-Policy

End Defend Inc. ("we", "us", or "our") is a fundamentally committed to protecting the privacy of both our enterprise administrators and their downstream employees. Unlike legacy endpoint monitoring tools, our Shadow IT Discovery engine prioritizes data minimization and organizational telemetry over personal surveillance.

1. Data We Collect

As an enterprise security vendor, we process information on behalf of our corporate clients (the "Data Controllers"). We collect the following categories of data explicitly for security and risk intelligence:

  • Network Telemetry: High-level domain requests, SNI headers, and protocol metadata to identify Unsanctioned SaaS and AI applications.
  • Endpoint Metadata: Operating system versions, IP aggregates, and machine identifiers necessary for applying Corporate Access Policies.
  • Administrative Data: Names, corporate emails, and authentication logs of IT Administrators utilizing the End Defend dashboard.

2. Screen Recording and Visual Data Collection

To provide comprehensive Data Loss Prevention (DLP) and employee auditing capabilities for our enterprise clients, the End Defend macOS and Windows Connector applications utilize screen recording functionality under the following strict guidelines:

  • Collection: The application collects static image captures (screenshots) of the user's active desktop environment at defined intervals (e.g., every 15 minutes) as configured by the deploying organization. We do not record continuous video or audio.
  • Purpose and Use: This visual telemetry is collected strictly for enforcing corporate Data Loss Prevention (DLP) policies, investigating security incidents, and providing authorized productivity auditing trails for company administrators.
  • Disclosure and Sharing: Screen recording data is strictly confidential. It is never shared with, sold to, or disclosed to any third-party advertisers or external data brokers.
  • Retention and Storage: The collected screenshots are securely transmitted via strict HTTPS protocols and stored in an isolated, tenant-specific Google Cloud Storage architecture. Retention periods are entirely governed by the deploying enterprise's internal data retention policies.

3. What We DO NOT Collect

We firmly believe in boundary-driven security. We do not engage in:

  • Kernel-level keystroke logging (Keylogging).
  • SSL decryption of personal or financial traffic.
  • Unprompted, silent visual recordings lacking explicit policy violation triggers or outside of the administrator-defined intervals.

4. Data Residency and Isolation

Every enterprise client is assigned a cryptographically isolated database schema. Tenant data cannot cross-pollinate, ensuring absolute compliance with regional data sovereignty laws (including GDPR and CCPA). Access to tenant data is tightly restricted and entirely governed by the deploying organization.