Workplace Privacy

Bossware: What Employee Monitoring Software Actually Sees

July 1, 2026 8 min read Haven Team

The remote-work shift didn't just move desks home. It moved an entire category of software into people's living rooms: tools built to answer, in granular and continuous detail, the question an office used to answer just by having a manager walk past your desk.


Employee monitoring software, sometimes called "bossware" by the people it watches, is now a mature product category. Vendors like Teramind, ActivTrak, Hubstaff, and Time Doctor compete on how much activity they can capture, and Microsoft's Viva Insights and similar suites bring lighter-weight versions of the same idea into tools people already use for work. The capability gap between what these tools can do and what most employees assume they do is wide.

What's actually being captured

Depending on the product and configuration, workplace monitoring can include periodic screenshots (often every few minutes, sometimes on every window switch), keystroke logging, application and website usage timing, webcam snapshots at intervals, idle-time detection based on mouse and keyboard activity, and in some products, algorithmic "productivity scores" derived from all of the above. Some tools log the content of chat and email within corporate apps; others limit themselves to metadata: which app was open, for how long, whether the user was active.

The distinction between those two matters. Metadata-only monitoring (time in app, active versus idle) is a different privacy proposition than content monitoring (reading the actual text of messages or capturing keystrokes verbatim, which can include personal passwords typed into an unrelated tab during a work session).

What the law actually requires

In the United States, workplace monitoring law is a patchwork, not a single standard. A handful of states, including Connecticut, Delaware, and New York, require employers to give employees written notice before deploying electronic monitoring, though the specifics of what counts as adequate notice vary. Most states have no such requirement at all. Federally, the National Labor Relations Board's general counsel issued guidance in 2022 taking the position that aggressive electronic monitoring and algorithmic management can interfere with employees' rights to organize and discuss working conditions, but that's guidance shaping enforcement priorities, not a binding statute.

The baseline to know

On a device or account your employer owns or provisions, you should assume you have close to no expectation of privacy in the United States, notice requirements aside. Consent is frequently baked into the employment agreement or IT acceptable-use policy you signed on day one, which most people don't read closely enough to know includes monitoring language.

Where the boundary actually sits

The harder question for hybrid and remote workers is what happens on personal devices and personal time. A company-issued laptop is squarely the employer's to monitor. A personal phone used to check work email through a mobile device management profile is murkier: the MDM software the employer requires can often see more of the device than employees realize, sometimes including location, installed apps, and the ability to remotely wipe the device, even though it's not company property.

Scenario Realistic exposure
Company-issued laptop, VPN required High. Screenshots, keystrokes, and full network traffic through the corporate VPN are all technically visible to the employer.
Personal phone with a work email profile Moderate. Depends heavily on whether it's full MDM or a lighter app-level container; full MDM can see far more than most employees assume.
Personal laptop used only to log into a browser-based work portal Lower, limited mostly to what's visible inside that browser session.
Personal device with no work software installed at all Effectively no employer visibility, absent something unusual like a compromised network you don't control.

The US patchwork versus the EU's works-council model

The contrast with Europe is instructive. Under GDPR, employee monitoring generally requires a documented legal basis and a proportionality analysis, and in countries like Germany, deploying a new monitoring system typically requires the consent of the works council, an elected body of employee representatives with a statutory right of co-determination over exactly this kind of workplace technology decision. That's a structurally different process from the US default, where an employer can generally roll out a new monitoring tool unilaterally, subject only to whatever state notice law happens to apply.

The practical effect is that the same monitoring product, sold by the same vendor, often ships with meaningfully different default configurations for European customers than American ones, not because the vendor wanted to build two products, but because one market has a legal mechanism forcing the conversation before deployment and the other mostly doesn't.

What to actually do about it

The underlying pattern is one that shows up across a lot of workplace and consumer software: the line between "this tool helps manage a team" and "this tool surveils a person" is drawn by configuration choices most people never see, similar to how mobile app permissions quietly expand from what a feature needs to what a company decides to collect. Knowing where that line actually sits on your own devices is the useful part; assuming the worst or the best without checking is where most people go wrong.

Where Haven fits

None of this is about Haven specifically. It's a reminder that "install this on your device" and "trust this with your communications" are two different requests, and the gap between them is exactly where products like workplace monitoring tools live. The same scrutiny applies whether it's an employer-mandated agent or a messaging app: what can the software actually see, and did you actually agree to that, or just to using the account.

Try Haven free for 15 days

Encrypted email and chat in one app. No credit card required.

Get Started →