Privacy policy

Privacy policy

The plain-English version of what Vantage collects, why, where the limits are, and how the organization stays in control.

Vantage is high-detail monitoring software for organization-managed Macs. The privacy story should be direct: organizations use Vantage when they need a reviewable activity record, and the people being monitored deserve to understand what is collected, who can see it, how long it is kept, and what Vantage does not collect.

This Privacy Policy covers the Vantage marketing site and Vantage deployments for organizations. For deployed customers, the organization is the controller of the data and Vantage acts as the processor under the customer agreement and Data Processing Addendum.

1. Who we are

Vantage is operated by Vantage Inc. and Cruce Saunders. Until the dedicated privacy mailbox is live, privacy questions can be sent to cruce.saunders@alpha.school.

2. What we collect

The exact configuration is set by the customer before rollout, but Vantage can collect the following from an enrolled Mac:

On the marketing site, we collect information you intentionally submit through the request-access form: name, work email, organization, role, and optional notes about your use case.

3. How we collect it

Vantage starts with the organization, not with an individual installing monitoring on their own. A Vantage operator prepares enrollment, the organization's administrator distributes the Mac agent or enrollment instructions through an approved channel, and the enrolled device begins collecting the activity types enabled by the organization's policy.

The Mac agent captures activity on-device, temporarily stores pending data in an encrypted local cache if needed, and uploads the data over encrypted connections to Vantage infrastructure on AWS. Organizations can use manual installation or managed-device deployment. Some configurations require macOS permissions such as Screen Recording, Accessibility, Input Monitoring, Full Disk Access, browser-extension approval, or system-extension approval.

4. Who has access

Within a customer organization, access is limited to the administrators the customer designates for a need-to-know role. That might include an operations lead, technology director, compliance lead, HR lead, or another approved administrator. It does not automatically include every team member, IT staff person, or unrelated third party.

Vantage staff may access customer content only for a support case, investigation, or operational need that the customer has authorized in writing. Support access is logged. Vantage does not sell customer data, use it for advertising, or allow unrelated third parties to browse customer records.

5. Where data is stored

Vantage stores deployment data in AWS in the United States, with the default region in us-east-1. Data is encrypted in transit between the Mac agent and Vantage services, and encrypted at rest in Vantage databases, object storage, queues, and backups. Operational logs are designed for system health and support; they should not contain captured content, user names, screenshots, or other sensitive data.

6. How long we keep it

Default retention is tiered by sensitivity. Raw captured records are retained for up to 365 days, screenshot frames are retained for up to 90 days, and processed records such as timelines, activity cards, exports, audit logs, and customer-approved summaries may be retained indefinitely unless the customer chooses a shorter period or requests deletion.

Customers may request export, preservation, or deletion under their agreement and applicable law. Deletion covers Vantage-held records and backups under Vantage control, subject to the backup lifecycle in the customer agreement. It does not automatically delete copies a customer exported and stored outside Vantage.

7. What we do not collect

Vantage has hard product boundaries. Vantage does not collect:

One important limit: if sensitive content is visible on the monitored screen, a screenshot-based system may capture what is visible. That can include private messages, health information, family context, or other non-work content if it appears on an enrolled Mac. Vantage reduces that risk with customer-controlled exclusions, password-field handling, access controls, and short retention for the most sensitive raw data.

8. Your rights and customer responsibilities

The customer organization remains responsible for lawful notice, consent where required, end-user disclosure, acceptable-use policy, access decisions, and how records are used. Vantage processes data only on the customer's instruction under the contract and DPA.

End users and other data subjects may request access, export, correction, or deletion through the customer organization that controls the account. Vantage supports those requests on the customer's instruction, including exporting records, deleting records, correcting or annotating misleading processed records, and preserving records when legally required.

9. Cookies and analytics on this site

The Vantage marketing site uses Plausible Analytics to understand basic page traffic. Plausible is privacy-focused and anonymous: no Google Analytics, no behavioral ad pixels, no session replay, no cross-site tracking, and no third-party advertising trackers.

10. Contact

For privacy questions, customer DPA requests, or data-rights routing, email cruce.saunders@alpha.school. We expect to move privacy requests to privacy@vantage-tracking.com later.

11. Changes to this policy

We will update this policy when our product, subprocessors, retention practices, or legal commitments materially change. For deployed customers, Vantage will provide notice at least 30 days before material changes take effect, unless a shorter timeline is required for security, legal, or operational reasons.