What does Vantage not capture?
Vantage never captures microphone audio or camera feed. The agent has no mic/camera permissions and never requests them. It does not capture password-field typing. It focuses on activity records — keystroke aggregates, browser context, app focus, screenshots at scoped intervals — sized to support institutional review with tenant-level policy and retention.
What does Vantage capture?
Depending on your organization's configuration: focused apps and active windows, typed text in normal fields, browser URLs and visible page text, periodic screenshots during active use, device health and offline signals, and derived records (segments, sessions, activity cards, alerts, exports, operator notes, audit logs).
How is monitoring disclosed to users?
The deploying organization discloses monitoring through its acceptable-use policy or workplace handbook. Vantage keeps runtime notices quiet so work is not interrupted — the agent has no menu-bar UI by default. Disclosure is the organization's responsibility; we provide template policy language for both workplace and institutional deployments.
Who controls the data?
Your organization controls policy, access, retention, and use. Vantage processes the data on the organization's documented instruction under the customer agreement and Data Processing Agreement.
Where does our data live?
Data is stored in AWS us-east-1 by default. Tenant data is isolated by Postgres row-level security and org-prefixed object storage. Other regions are available on request. Data is encrypted in transit and at rest.
What happens when a user leaves the organization?
Devices can be unenrolled, access can be removed, and retained records follow the deletion or retention policy your organization selected. We support full org-wide deletion. Most customers default to a 90-day retention window for derived records; raw spans expire faster.
How long does deployment take?
Pilot deployment is designed for a small IT-led cohort first (typically 10–30 devices, 2–3 weeks), then a broader rollout after policy, enrollment, and support flows are confirmed. The agent installs via your MDM. We provide an enrollment-code system so each install is bound to a specific seat.
What does it cost?
Per-seat, billed annually. Pilot cohorts priced individually based on scope, retention, and rollout size. No self-serve checkout — sales is a conversation with the founder. Request pilot access and we'll quote you within two business days.
How is this different from web-filtering tools?
Filtering tools block or allow in real-time. Vantage creates a record for review after something important happens, with cards that cite the source context. They're complementary — many customers run both. The category we replace is “post-incident forensics done by hand in a hurry.”
Can we self-host?
Not at launch. Vantage runs as a multi-tenant SaaS on AWS with per-tenant data isolation. Self-host is on the v2 roadmap for organizations with data-residency requirements that hosted deployment cannot meet. Talk to us about specific constraints.
What about iOS, Windows, ChromeOS?
macOS-native only at launch. The agent is Swift, deeply integrated with macOS Endpoint Security and AppKit. Other platforms are evaluated case-by-case for v2 — start a conversation if your fleet mix needs them.
Will the agent slow down the device?
Designed not to. The Swift agent runs at low priority with bounded CPU and memory budgets. Capture batches are uploaded during idle windows or off-hours when possible. We publish per-device performance footprint in pilot reports.
Is this spyware?
No. Spyware operates without the device owner's knowledge or consent. Vantage is deployed openly by the organization that owns the device, with end-user disclosure through your acceptable-use policy or handbook. We don't market to the surveillance industry — our customers are organizations that need a record they can review responsibly.