Limitations when using data encryption in StaffCounter

Enabling encryption in your account significantly enhances data security both on the server and on local devices. Log files and screenshots are stored in encrypted form, ensuring that sensitive information remains inaccessible even in the event of unauthorized access.

However, using encryption introduces certain limitations. Here are the key points to consider:

  1. If encryption is enabled, it must be confirmed for all devices with the new version of the StaffCounter agent. Otherwise, the agent will switch to “careful monitoring” mode: it will stop collecting sensitive data such as web addresses, typed text, and screenshots, and will only log the names of running applications. This serves as a signal for the administrator to confirm encryption for the device.
  2. Disabling encryption is not supported. This design protects data from server administrators and developers. Once enabled, encryption cannot be disabled from the administrative side. Monitoring agents will continue sending encrypted data using the generated key until uninstalled. If you need to disable encryption, please contact support.
  3. Backups downloaded from the Backup section contain encrypted data. A dedicated decryption tool is currently in development and will require your account password for access.
  4. Email reports also contain encrypted data. A decryption module for mail clients is under development and will be available soon.
  5. If your account uses agents of different versions, and some do not support encryption, certain applications may appear twice in reports. For example, Google Chrome will be shown once from unencrypted logs (as “Chrome”) and once from encrypted logs (as an alphanumeric code). The server processes both, but only decrypts and displays the encrypted entry as “Chrome” when viewed by an authorized user. This results in two separate entries: one for encrypted and one for non-encrypted data.
  6. Resetting your password via Forgot Password changes the encryption keys. Previously encrypted data becomes unreadable. Agents will begin sending data encrypted with the new key, which will be decrypted normally in the dashboard. If you have a backup of your encryption keys, you can restore them to access old data.