CAPTOR is engineered to make minimal calls to the public internet and Inkscreen services. This is very intentional. We want to provide our customers with the safest, most secure, most durable, and with the highest availability rate - managed camera app possible. This article describes all of the public internet traffic that you would potentially see from CAPTOR if you were to run a proxy service while the app is in use. 


Inkscreen License Server (REQUIRED) https://api.backendless.com/

CAPTOR is programmed to check the Inkscreen license server for a valid and available license when first launched, and then only after the license has expired (to check for a new license). If the license server is not accessible for some reason, the user would not be able to initially authenticate. CAPTOR does not need to access the license server after initial authentication and while the license is active, meaning the app can be used offline with no cellular or wifi service as long as the EMM auth protocols allow. 


We capture and retain a minimal amount of data in the Inkscreen license server. The data fields we retain include:

  • CAPTOR Username. This is a required appconfig, and the format is selected by the IT Admin.
  • Device Identifier. This allows us to track unique user limits per device. For example, the system may store "iPhone 14,7" which is the device identifier for an iPhone 14. 
  • Device Type. The system tracks whether the device is iOS or Android.
  • Created Time/Date. The system tracks the time and date the license was activated.


CAPTOR Compliance (OPTIONAL)  https://api.backendless.com/

This service is optional, and requires a double opt-in to establish. First the app config must include the key "compliance" and value "True". Secondly, the IT Admin must request via email to support[at]inkscreen[dot]com to enable the service on the server. Once both steps are complete, CAPTOR Compliance will begin logging and reporting potential DLP violation attempts (screenshots, screen recordings, sharing to unapproved apps, etc). The service records the following data:

  • CAPTOR Username
  • Event Type (Ex. screenshot)
  • Event Time and Date
  • Device Identifier (Ex. iPhone 14,7)
  • Event Location. Location data is only included if all of the following are true:  IT Admin has allowed Location Services to be request of user, the user has accepted the app request for location services, and the location data was accessible at the time of the event. 


CAPTOR Backup Service Protocols (OPTIONAL)

CAPTOR supports a variety of backup protocols that allow for content to be copied to a server or cloud service. These services are completely optional and controled by app configuration. Clearly when the services are enabled, there will be traffic from the app/device to the storage destination, however Inkscreen does not monitor or record any of this activity. 


App Analytics (OPTIONAL)  Legacy service: https://in.appcenter.ms Service since March 2025:  https://nom.telemetrydeck.com 

App analytics reporting is enabled by default, but can be disabled by app configuration. Analytics are never tracked by the customer or the user. Instead the data is aggregated and generic, allowing Inkscreen to have insight into, for example, how many users of a specific version of CAPTOR are in Germany, or how many times a specific feature was accessed overall. 


Crash Reporting (OPTIONAL)  Legacy service https://in.appcenter.ms Service since March 2025: https://(service-identifier)ingest.us.sentry.io

Crash reporting is enabled by default, but can be disabled by app configuration. Reports do not identify the app user in any way. This information is critical for Inkscreen to understand the app performance and stability. 


Use of Analytics and Crash Reporting Tools

CAPTOR uses services Sentry crash reporting and TelemetryDeck app analytics to collect data that helps the development team to:

• Understand how the app is used (user behavior and patterns)

• Detect and resolve technical issues (e.g. crashes)

 

Data Collected via TelemetryDeck Analytics

Personally identifiable information (PII) is not collected automatically. There is no direct link to the user’s name, email address, or account unless explicitly implemented.

Data collected includes:

• App instance ID (unique per installation)

• App launches, user sessions, first app open, updates

• Device model, OS version, and language

• Approximate geographic location of the user (see section Location Data and IP Address)

• Basic information about how the user interacts with app features

 

Data Collected via Sentry

Sentry also does not collect PII but provides detailed technical information about the user’s device and the app state at the time of a crash.

Data collected includes:

• Timestamp of the crash

• Device technical data (model, OS version, memory, storage)

• App version and state at the time of crash

• Stack trace (the line of code where the crash occurred)

• Whether the device was jailbroken/rooted

 

Location Data and IP Address

Sentry and TelemetryDeck temporarily use the device’s IP address to determine an approximate geographic location, such as Country or region.

• The IP address is not stored

• No precise GPS location is collected

• No location data is used for tracking outside of the app

This means that the user’s exact location cannot be traced, but the approximate location can still be combined with other types of content — such as photos showing sensitive or protected infrastructure — and therefore should be handled carefully.

 

Data Controller Responsibility

For data collected via TelemetryDeck and Sentry, TD and Sentry act as the data processor. CAPTOR (Inkscreen) has access to the analytics and crash data and uses it to improve and debug the app. The customer organization is the data controller for the data processed within the app, but does not have access to TD/Sentry data in the current configuration.

 


Microsoft Entra App Permissions (only applicable to CAPTOR for Intune apps)

Customers using CAPTOR for Intune (iOS and/or Android) are required to accept app permissions. This can be done by the Entra Admin and granted for all app users, or it can be left to the individual app user to accept. The permissions include:

  • Microsoft Graph profile View users' basic profile (required for MSAL)
  • Microsoft Graph offline_access Maintain access to data you have given it access to
  • Microsoft Graph Files.ReadWrite.AppFolder Have full access to the application's folder (preview) (required for basic functionality)
  • Microsoft Graph User.Read Sign in and read user profile (required for MSAL)
  • Microsoft Graph openid Sign users in (required for MSAL)
  • Microsoft Graph Files.ReadWrite Have full access to user files (Legacy permission for CAPTOR versions prior to January 2025. This can be revoked or denied if all users are on current or recent versions of CAPTOR)
  • Microsoft Mobile Application Management DeviceManagementManagedApps.ReadWrite Read and Write the User's App Management data (required for App Protectional Policy and MAM service)