Legal

Privacy Policy — Faro Track

Last updated: July 17, 2026

Centinelo (“Centinelo,” “we,” “us,” or “our”) provides Faro Track, a white-label local marketing software platform (“Service”) used by healthcare practices and other local businesses (“Customers”) to manage their online visibility, reviews, social media, and patient/client communications. This Privacy Policy explains how we collect, use, and protect information when Customers and their end users (“you”) interact with the Service.

This policy applies to farotrack.com and its subdomains, any white-label domain or subdomain running the Faro Track platform on behalf of a Customer, and the Faro Track dashboard application.

1. Who This Policy Covers

Faro Track is a business-to-business (B2B) platform. We act as a data processor / service provider on behalf of our Customers for most personal data described below; the Customer is typically the data controller with respect to their own end consumers' data.

2. Information We Collect

2.1 Information Customers provide directly.

2.2 Information from connected third-party accounts (via OAuth). When a Customer connects their own Google or Meta accounts to Faro Track, we access only the data necessary to provide the specific features the Customer enables:

SourceData accessedPurpose
Google Search ConsoleSearch performance data (queries, clicks, impressions, indexing status) for domains the Customer owns and has verifiedLocal SEO reporting and recommendations
Google Analytics (GA4)Website traffic and conversion data for properties the Customer ownsMarketing performance reporting
Google Business ProfileBusiness listing information, reviews, Q&A, insights/metrics, postsListing management, review monitoring, and posting on the Customer's behalf
Meta (Facebook Pages / Instagram)Page/Profile content, leads submitted through the Customer's Lead Ads forms, Instagram messages sent to the Customer's account, publishing permissionsLead delivery, social content publishing, and message management on the Customer's behalf

We only request the minimum scopes needed for the features a Customer actively uses, and access is authorized directly by the Customer (or their authorized staff) through each provider's own consent screen. Customers can revoke this access at any time through their Google Account permissions page, Meta Business Settings, or by disconnecting the integration inside Faro Track.

2.3 Information collected automatically.

2.4 End-consumer data collected on behalf of Customers. Through features Customers enable, Faro Track may process, on the Customer's behalf:

We do not independently market to these end consumers; we act under the Customer's instructions and consent records (see Section 6, TCPA/Consent).

3. How We Use Information

We use the information described above to:

We do not sell personal data. We do not use data obtained through Google APIs to serve ads, and we do not use it for any purpose beyond providing and improving the specific Faro Track features the Customer has enabled (see Section 5, Limited Use).

4. How We Share Information

We share information only:

We never share data obtained via Google or Meta APIs with third parties for their own independent use, and never for advertising purposes.

5. Google API Services — Limited Use Disclosure

Faro Track's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

6. SMS, Calls, and Consent (TCPA)

Where Faro Track is used to send SMS messages or place automated calls on a Customer's behalf, the Customer is responsible for obtaining Prior Express Written Consent (PEWC) from their own patients/clients before enabling these features, and for honoring opt-out requests (e.g., replying STOP) within legally required timeframes. Faro Track logs consent timestamps and opt-out events to support the Customer's compliance obligations. Message and data rates may apply to end consumers per their carrier plan.

SMS subscriber data — no sale or sharing. Mobile phone numbers and SMS opt-in/consent data collected in connection with text messaging programs will not be sold or shared with third parties for their own marketing or promotional purposes. This data is used solely to deliver the messaging services the subscriber consented to.

7. Health Information

Faro Track is not designed to receive, store, or process Protected Health Information (PHI) as defined by HIPAA, and Customers are contractually required not to submit clinical/treatment details through lead forms, messaging templates, or any other feature. Where a Customer is a HIPAA-covered entity, the parties may need a separate Business Associate Agreement (BAA) covering any component that touches PHI; as of the date of this policy, Centinelo does not offer a signed BAA, and Customers must not transmit PHI through the Service.

8. Data Retention and Deletion

We retain Customer and end-consumer data for as long as the Customer's subscription is active, plus a limited retention period after offboarding (see the Customer's Terms of Service) to allow data export and to comply with legal obligations. Lead data received through a Customer's connected advertising forms (e.g., Meta Lead Ads) is stored in that Customer's private workspace, is accessible only to that Customer's authorized staff, is never shared across customer accounts, and is deleted upon the Customer's request or at the end of the post-offboarding retention period, whichever comes first. When a messaging platform notifies us that an end user deleted a message, our stored copy of that message is deleted as well. Customers may request deletion of their data, and end consumers may contact the relevant Customer (business) directly to exercise applicable privacy rights; we support Customers in fulfilling these requests.

9. Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data (e.g., under CCPA/CPRA for California residents, or other applicable state privacy laws). If you are an end consumer of one of our Customers, please contact that business directly, as they control the underlying data. If you are a Customer, contact us using the details below.

10. Security

We use industry-standard technical and organizational measures (encryption in transit and at rest for sensitive credentials, access controls, tenant data isolation) to protect information. No method of transmission or storage is 100% secure.

11. Children's Privacy

The Service is not directed to individuals under 18, and we do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date, and where required, Customers will be notified directly.

13. Contact Us

For privacy questions or requests, contact us at info@centinelo.com.