Start for free

Your data, under your complete control.

Understand exactly what information is collected and how INGITE ensures security, transparency, and compliance.

Privacy Policy

This Privacy Policy explains how Ingite collects, uses, discloses, retains, and protects information in connection with its websites, cloud platform, agents, mobile applications, endpoint software, support services, and related products and services.

This Policy is intended for use in the United States and is designed to support compliance with applicable U.S. privacy, data security, consumer protection, employment, and state privacy laws, including, where applicable, the Federal Trade Commission Act, state consumer privacy laws, state data breach notification laws, electronic monitoring notice requirements, and laws such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, the Texas Data Privacy and Security Act, and similar U.S. state privacy laws.

Because U.S. privacy obligations vary by state, industry, data type, and use case, customers should review this Policy with qualified legal counsel before publication or deployment in their own environment.

1. Scope

This Policy applies to Ingite products and services, including, depending on the plan purchased and features enabled by the account administrator:

  • hardware and software inventory;
  • employee productivity and activity analytics;
  • endpoint security and endpoint monitoring;
  • digital forensic analysis;
  • remote access and remote support;
  • cloud-based software distribution and patch deployment;
  • device monitoring, alerts, automation, geolocation, geofencing, and movement alerts;
  • administrative dashboards, reports, logs, and support services.

Our products may operate across multiple platforms, including Windows, Linux, macOS, iOS, and Android, subject to operating system capabilities, permissions, mobile device management settings, customer configuration, and the subscribed plan.

2. Business Customer and End User Roles

Ingite generally provides enterprise software and cloud services to business customers. In many cases, the customer, employer, organization, or account owner determines which devices are monitored, which features are enabled, which users have access, and how information is used.

For information collected from managed or monitored devices, Ingite may act as a service provider, processor, vendor, or similar role on behalf of the customer, while the customer may act as the business, controller, employer, or organization responsible for giving required notices, obtaining required consents, defining lawful and appropriate purposes, and complying with applicable employment, labor, privacy, and monitoring laws.

Customers are responsible for ensuring that monitored devices are corporate-owned, authorized, or otherwise lawfully enrolled, and that employees, contractors, and other affected users receive legally sufficient notice before monitoring, geolocation, forensic, productivity, or remote access features are enabled.

3. Information We May Collect

Depending on the services used, plan purchased, settings enabled, device permissions, and operating system limitations, we may collect the following categories of information:

  • identifiers, such as name, business email address, username, account ID, employee or user ID, device name, agent ID, serial number, IP address, MAC address, domain, group, organizational unit, and related identifiers;
  • device and hardware information, such as manufacturer, model, operating system, OS version, processor, memory, storage, disk health, battery status, peripherals, ports, installed components, and performance metrics;
  • software inventory information, such as installed applications, versions, licenses, packages, patches, extensions, browsers, services, processes, installation history, update history, and removal history;
  • internet, network, and electronic activity information, such as application usage, website domain, URL, server name, window title, date and time of access, duration, active and idle time, network connection, IP address, and related event metadata;
  • productivity and workforce analytics information, such as time spent in applications or websites, active time, idle time, usage categories, productivity rules, session history, trend reports, and aggregated or comparative analytics configured by the administrator;
  • endpoint security information, such as malware events, suspicious activity, vulnerabilities, blocked activity, security posture, agent integrity, threat indicators, configuration status, connection events, and technical evidence;
  • digital forensic information, when enabled, such as file activity, file creation, modification, copy, deletion, execution, removable media activity, process activity, logs, screenshots, keystroke logging, user activity evidence, and other technical artifacts needed for authorized investigations;
  • remote access and support information, such as session logs, connection time, authorized user, accessed device, duration, permissions, technical actions performed, audit logs, and support request history;
  • software distribution information, such as packages deployed, versions, installation status, failures, success logs, deployment history, user, device, date, and time;
  • geolocation information, including precise or approximate location data when enabled and permitted, as described below;
  • alert and automation information, such as configured rules, triggering events, date, time, device, user, approximate or precise location when applicable, notification status, and action taken;
  • account, billing, and support information, such as name, email address, phone number, company, job title, credentials, access logs, billing records, support tickets, communications, and administrative settings.

Some features may involve sensitive personal information or sensitive data under certain U.S. state privacy laws, including precise geolocation, account credentials, contents or screenshots of communications or files, keystrokes, and information that may reveal employment activity or behavior. These features should be enabled only where lawful, necessary, proportionate, and properly disclosed.

4. Location Data, Geofencing, and Movement Alerts

When enabled by the customer and permitted by the device, our products may collect and process location data for legitimate business purposes such as device security, asset management, recovery of lost or stolen equipment, compliance, incident response, field operations, auditability, fraud prevention, and enforcement of approved organizational policies.

On mobile devices with GPS capability, such as iOS and Android smartphones or tablets, location may be collected through GPS, cellular networks, Wi-Fi, Bluetooth, device sensors, mobile device management services, or other location services made available by the operating system. Collection depends on device permissions, platform restrictions, connectivity, battery status, and customer configuration.

On devices without GPS, with GPS disabled, or where precise location is unavailable, location may be estimated using IP address, network information, Wi-Fi access point information, internet service provider data, or similar technical signals. IP-based geolocation is approximate and may identify a city, region, service provider, or estimated area, but it does not necessarily reflect the exact physical location of the device.

Geofencing allows an administrator to define virtual areas, such as an office, branch, warehouse, customer site, city, region, restricted area, or approved operational perimeter. When a device enters, exits, remains outside, or otherwise interacts with a configured geofence, the platform may generate logs, alerts, reports, notifications, or automated actions.

Movement alerts may include changes in location, movement outside expected areas, exit from an authorized zone, entry into a restricted zone, loss of location signal, network changes, unusual connection location, suspected unauthorized removal of equipment, or other administrator-defined events.

Location collection may occur in real time, periodically, on demand, when a security event occurs, during remote support, after a lost or stolen device report, or according to a policy configured by the administrator. Frequency, precision, and availability vary by platform, permission, connectivity, battery optimization, and product settings.

Precise geolocation may be considered sensitive personal information or sensitive data under certain state privacy laws. Customers are responsible for providing required notices, obtaining consent where required, honoring opt-out or limitation rights where applicable, and ensuring location monitoring is not excessive, discriminatory, retaliatory, or inconsistent with the stated purpose.

5. Product Plans and Collection Levels

Basic and Compliance plans generally collect technical information related to hardware, software, IP address, performance, compliance, inventory, and device status. These plans are not intended to collect detailed content about what a user accesses unless additional features are purchased, enabled, and lawfully configured.

Metering, Forensics, Ingite, or equivalent plans may collect events associated with actions performed on monitored devices, including application use, website access, file activity, session history, productivity indicators, security events, forensic artifacts, geolocation events, and related evidence, according to the plan, settings, permissions, and customer authorization.

When an application or website is used, an event may be generated and transmitted to our cloud platform. The event may include:

  • application name;
  • website name, domain, server, or URL;
  • date and time of use;
  • device name;
  • user associated with the action;
  • duration of activity;
  • IP address and network information;
  • approximate or precise location, when enabled;
  • category, policy, alert, or rule applied;
  • other technical information needed to provide the contracted feature.

6. Forensic and Advanced Monitoring Features

Forensics, Ingite, or equivalent plans may allow collection of business data and digital evidence through features such as keystroke logging, file activity monitoring, screenshots, process records, removable device activity, connection logs, installation events, execution events, endpoint security events, and related technical artifacts.

These features are intended for authorized business purposes such as incident investigation, data loss prevention, security operations, fraud investigation, compliance, legal hold, audit, and response to security threats. They are not intended for unlawful surveillance, unauthorized access, retaliation, discrimination, or monitoring outside the scope of proper notice and authorization.

Where technically feasible, sensitive monitoring features may be disabled by default and require administrator configuration, customer authorization, applicable permissions, and plan eligibility before collected information is displayed in the dashboard or used for reporting.

7. Purposes for Processing Information

We collect and process information to:

  • provide hardware and software inventory;
  • monitor device compliance, performance, and availability;
  • provide endpoint security and incident response support;
  • support digital forensic analysis and preservation of evidence;
  • measure application, website, and corporate resource usage;
  • support productivity policies and appropriate use of company equipment;
  • provide authorized remote access and technical support;
  • distribute, install, update, or remove software;
  • generate dashboards, reports, metrics, alerts, exports, and audit logs;
  • locate devices, recover assets, and support geofencing;
  • detect movement, policy deviations, risk, suspicious activity, and security events;
  • operate, secure, troubleshoot, and improve the cloud platform;
  • provide customer support, billing, account management, and communications;
  • comply with legal, contractual, regulatory, security, and law enforcement obligations.

8. How We Use Information

We use information collected from monitored devices to provide the features purchased by the customer, including dashboards, reports, alerts, activity history, charts, exports, forensic evidence, remote support, software deployment, and automation.

We do not sell monitored device data for monetary consideration. We do not use monitored device data for third-party behavioral advertising. We may use aggregated, deidentified, or technical usage statistics to improve product quality, security, stability, support, performance, and functionality, provided that such information does not reasonably identify an individual end user.

9. Disclosures of Information

We may disclose information:

  • to the customer, account owner, administrators, and authorized users designated by the customer;
  • to service providers, processors, contractors, hosting providers, security providers, support providers, communications providers, billing providers, and other vendors that help us operate the services;
  • when required by law, subpoena, court order, valid legal process, government request, or regulatory obligation;
  • to protect rights, safety, security, availability, and integrity of the platform, customers, users, or others;
  • to investigate fraud, security incidents, abuse, policy violations, or unauthorized activity;
  • in connection with a merger, acquisition, financing, corporate transaction, restructuring, or transfer of business assets, subject to appropriate protections;
  • with the customer’s instruction or authorization.

Vendors that process information on our behalf are required to protect the information and use it only for permitted purposes.

10. Data Retention

We retain information for as long as reasonably necessary to provide the services, maintain records, comply with legal obligations, resolve disputes, enforce agreements, preserve audit logs, support security investigations, and fulfill the purposes described in this Policy.

Retention periods may vary depending on the type of information, plan, customer configuration, contract terms, legal requirements, security needs, active disputes, investigations, or customer instructions. When information is no longer needed, it will be deleted, deidentified, aggregated, or otherwise handled in accordance with applicable law and our retention practices.

11. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect information against loss, theft, unauthorized access, disclosure, copying, misuse, alteration, and destruction.

Safeguards may include encryption in transit using HTTPS/TLS, protected storage, digital certificates, access controls, role-based permissions, authentication controls, audit logs, application signing, infrastructure review, operational security practices, monitoring, and other measures appropriate to the nature of the information and the risk.

No system can be guaranteed to be completely secure. Customers should also maintain appropriate security controls, including limiting administrator access, using strong passwords, enabling multi-factor authentication where available, reviewing permissions regularly, securing managed devices, and informing affected users appropriately.

12. U.S. State Privacy Rights

Depending on the state where a person resides and the role in which information is processed, certain individuals may have rights under applicable U.S. state privacy laws. These rights may include the right to:

  • confirm whether personal information is being processed;
  • access personal information;
  • correct inaccurate personal information;
  • delete personal information;
  • obtain a portable copy of personal information;
  • opt out of certain processing, such as sale, sharing for cross-context behavioral advertising, targeted advertising, or certain profiling, where applicable;
  • limit the use or disclosure of sensitive personal information, where applicable;
  • appeal a denied privacy request, where applicable;
  • be free from unlawful discrimination or retaliation for exercising privacy rights.

Because Ingite often processes monitored device data on behalf of a business customer, end users may need to submit requests directly to their employer, organization, or account administrator. If we receive a request relating to information we process on behalf of a customer, we may direct the requester to the customer or assist the customer in responding, as required by applicable law and contract.

13. California Privacy Notice

This section applies to California residents to the extent the CCPA/CPRA applies.

Categories of personal information we may collect include identifiers; commercial or account information; internet, network, and electronic activity information; geolocation data; professional or employment-related information; audio, electronic, visual, or similar information where enabled; inferences or analytics derived from product usage; and sensitive personal information where enabled, such as precise geolocation, account credentials, screenshots or content captured by authorized forensic features, and related security information.

We collect these categories from the customer, account administrators, users, devices, agents, operating systems, networks, support interactions, and service providers.

We use these categories for the business and commercial purposes described in this Policy, including providing and securing the services, supporting customers, maintaining accounts, performing analytics, auditing, preventing fraud, detecting security incidents, debugging, maintaining device inventory, enabling productivity analytics, providing forensic capabilities, distributing software, and complying with legal obligations.

We may disclose these categories to customers, administrators, service providers, contractors, professional advisors, authorities where legally required, and other parties described in this Policy.

We do not sell monitored device data for monetary consideration. We do not use monitored device data for third-party behavioral advertising. If any future activity is considered a “sale” or “sharing” under California law, we will provide required notices and opt-out mechanisms.

California residents may have the right to know, access, correct, delete, opt out of sale or sharing, limit use or disclosure of sensitive personal information, and be free from unlawful discrimination for exercising their rights. Requests involving monitored workplace or customer-controlled environments may need to be submitted to the relevant employer, organization, or customer.

14. Employment and Workplace Monitoring

Our products may be used by customers in workplace, contractor, field operations, or corporate device environments. Customers are solely responsible for complying with all applicable federal, state, and local laws governing employee monitoring, electronic communications, recording, consent, location tracking, wage and hour compliance, labor rights, anti-discrimination, retaliation, and workplace notice obligations.

Customers should provide clear, advance notice to affected users describing the categories of monitoring, the purposes of monitoring, whether location or precise location is collected, whether screenshots, keystrokes, file activity, remote access, or forensic features may be used, who may access the information, and how long information may be retained.

Customers should not use the services to monitor personal devices, off-duty activity, legally protected activity, privileged communications, union activity, medical information, or other sensitive contexts unless they have confirmed that the use is lawful, necessary, proportionate, and properly disclosed.

15. Children

Our services are intended for business and enterprise use and are not directed to children under 13. We do not knowingly collect personal information from children under 13 through our websites or services for consumer purposes. Customers must not use the services to collect information from children unless they have all required rights, consents, notices, and legal authority to do so.

16. International Data Transfers

Our cloud services may store or process information in the United States, Brazil, or other countries where we or our service providers operate. When information is transferred internationally, we use appropriate contractual, technical, and organizational measures designed to protect the information in accordance with applicable law.

17. Third-Party Websites and Services

Our websites or services may contain links or integrations with third-party websites, services, stores, or platforms that we do not operate. We are not responsible for the privacy, security, or content practices of independent third parties.

18. Choices and Limitations

Customers and users may be able to disable or limit certain collections through account settings, operating system permissions, mobile device settings, agent configuration, or contractual choices. Disabling agents, sensors, geolocation, monitoring, remote access, software distribution, or security features may prevent some services from functioning properly.

19. Changes to This Policy

We may update this Policy from time to time to reflect changes in our products, legal requirements, security practices, operations, or transparency commitments. If we make material changes, we may notify customers by email, in-product notice, website notice, telephone, contract update, or another appropriate method.

20. Contact

If you have questions about this Policy, privacy, security, data handling, or rights requests, please contact Ingite through our official support or privacy channels.

For requests involving a workplace or customer-controlled monitored environment, affected users should first contact their employer, organization, account owner, or administrator, because that entity generally determines the purposes and means of monitoring.