Limitations when using data encryption in StaffCounter

If you enable encryption in your account, you will increase the level of data security both on the server and on the local computer. Log files and screenshots will now be stored in encrypted form, and even in case of unauthorized access, it will be impossible to extract information from them.

However, using encryption introduces certain limitations to the service. Here are the main points you should pay attention to:

  1. If encryption is enabled in the account, it must be confirmed for all devices where a StaffCounter agent version supporting encryption is installed. Otherwise, StaffCounter will switch to “careful monitoring” mode: it will stop collecting data containing personal information — such as web addresses, text and screenshots — and will only register the names of running applications. This will serve as a signal to the administrator/HR that encryption must be confirmed for this device.
  2. Disabling encryption is not supported. This protects data from server administrators and developers. Encryption also cannot be disabled from the administrative side. Therefore, once monitoring agents receive the encryption key (generated based on the password), they will continue sending encrypted data until the agent is uninstalled. If you need to disable encryption, please contact support.
  3. A backup downloaded from the Backup section will also contain encrypted data. To access this data, extract the ZIP archive and decrypt each file individually through Reports → Files and Notifications. There you will find the Open Encrypted File command. Decrypt backup files using Open Encrypted File command
  4. Email reports will also contain encrypted data. Each email will include a link to the decrypted report. It will open in a new browser tab. It is important that you are logged in to your StaffCounter account in that browser.
  5. If the account uses agents of different generations, and some do not support encryption, some applications may appear twice in reports. For example, Google Chrome may appear once without encryption and once encrypted (stored on the server as an alphanumeric code). The server will process both, but only the encrypted entry will be decrypted and displayed again as “Chrome” for the authorized manager in the browser. Thus, the same Chrome application will appear separately for agents with encryption and agents without encryption.
  6. If you change your password using Forgot password, the encryption keys will also change. All previously encrypted data will become unreadable. After receiving the new key, agents will start sending data encrypted with the new key, and this data will be successfully decrypted on the server. If you have a backup of your encryption keys, you can restore them — and then the old encrypted data will also become readable.