Privacy Policy — Faro Track
Last updated: July 17, 2026
Centinelo (“Centinelo,” “we,” “us,” or “our”) provides Faro Track, a white-label local marketing software platform (“Service”) used by healthcare practices and other local businesses (“Customers”) to manage their online visibility, reviews, social media, and patient/client communications. This Privacy Policy explains how we collect, use, and protect information when Customers and their end users (“you”) interact with the Service.
This policy applies to farotrack.com and its subdomains, any white-label domain or subdomain running the Faro Track platform on behalf of a Customer, and the Faro Track dashboard application.
1. Who This Policy Covers
- Customers: businesses (e.g., dental and medical practices) that subscribe to Faro Track and connect their own Google, Meta (Facebook/Instagram), and other third-party accounts to the Service.
- Customer's staff/users: individuals the Customer authorizes to access their Faro Track dashboard.
- End consumers: individuals who interact with a Customer's public-facing marketing (e.g., someone who submits a lead form on a Customer's Facebook Page, or receives an SMS appointment reminder from a Customer).
Faro Track is a business-to-business (B2B) platform. We act as a data processor / service provider on behalf of our Customers for most personal data described below; the Customer is typically the data controller with respect to their own end consumers' data.
2. Information We Collect
2.1 Information Customers provide directly.
- Business account information: legal business name, contact name, email, phone, billing address.
- Content Customers upload or create: social media posts, images, review response templates, messaging templates.
2.2 Information from connected third-party accounts (via OAuth). When a Customer connects their own Google or Meta accounts to Faro Track, we access only the data necessary to provide the specific features the Customer enables:
| Source | Data accessed | Purpose |
|---|---|---|
| Google Search Console | Search performance data (queries, clicks, impressions, indexing status) for domains the Customer owns and has verified | Local SEO reporting and recommendations |
| Google Analytics (GA4) | Website traffic and conversion data for properties the Customer owns | Marketing performance reporting |
| Google Business Profile | Business listing information, reviews, Q&A, insights/metrics, posts | Listing management, review monitoring, and posting on the Customer's behalf |
| Meta (Facebook Pages / Instagram) | Page/Profile content, leads submitted through the Customer's Lead Ads forms, Instagram messages sent to the Customer's account, publishing permissions | Lead delivery, social content publishing, and message management on the Customer's behalf |
We only request the minimum scopes needed for the features a Customer actively uses, and access is authorized directly by the Customer (or their authorized staff) through each provider's own consent screen. Customers can revoke this access at any time through their Google Account permissions page, Meta Business Settings, or by disconnecting the integration inside Faro Track.
2.3 Information collected automatically.
- Usage data (pages visited within the Faro Track dashboard, feature usage, log data, IP address, device/browser type) for security, debugging, and product improvement.
- Cookies and similar technologies for authentication (session management) and basic analytics. We do not use third-party advertising cookies on the Faro Track dashboard.
2.4 End-consumer data collected on behalf of Customers. Through features Customers enable, Faro Track may process, on the Customer's behalf:
- Contact information submitted via lead forms (name, email, phone, and the specific inquiry).
- Appointment-related SMS/call metadata for reminders, missed-call text-back, and review requests.
- Publicly available online reviews and mentions related to the Customer's business.
We do not independently market to these end consumers; we act under the Customer's instructions and consent records (see Section 6, TCPA/Consent).
3. How We Use Information
We use the information described above to:
- Operate, maintain, and improve the Service.
- Generate reports and recommendations for Customers (SEO visibility, review sentiment, lead performance).
- Enable Customers to publish content and respond to messages/reviews through connected accounts.
- Send transactional notifications the Customer configures (e.g., new-lead alerts, appointment reminders) to the Customer's own contacts.
- Provide customer support and troubleshoot the Service.
- Maintain security, prevent fraud, and comply with legal obligations.
We do not sell personal data. We do not use data obtained through Google APIs to serve ads, and we do not use it for any purpose beyond providing and improving the specific Faro Track features the Customer has enabled (see Section 5, Limited Use).
4. How We Share Information
We share information only:
- With subprocessors who help us operate the Service (e.g., cloud hosting, SMS/voice delivery, AI-assisted drafting of content for human review, and infrastructure providers), each bound by confidentiality and data protection obligations. We do not publicly name these vendors in this policy because they are interchangeable subprocessors under our infrastructure; a current subprocessor list is available on request.
- Back to the Customer whose account the data relates to (e.g., leads captured through their Meta Lead Ads flow into their own Faro Track dashboard).
- As required by law, or to protect the rights, safety, and property of Centinelo, our Customers, or others.
- In connection with a business transaction (merger, acquisition, or sale of assets), with notice to affected Customers where required.
We never share data obtained via Google or Meta APIs with third parties for their own independent use, and never for advertising purposes.
5. Google API Services — Limited Use Disclosure
Faro Track's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only access Google user data (Search Console, Google Analytics, Google Business Profile) that a Customer explicitly authorizes through Google's own OAuth consent screen.
- We use this data solely to provide and improve the user-facing features of Faro Track that the Customer has enabled — never for advertising.
- We do not allow humans to read this data except: (a) with the Customer's affirmative consent for a specific support request, (b) as necessary for security purposes (e.g., investigating abuse), (c) to comply with applicable law, or (d) in aggregated and anonymized form for internal operations.
- We do not transfer this data to third parties except as necessary to provide or improve the Service (subject to the same restrictions), to comply with law, as part of an approved business transfer, or with the Customer's explicit consent.
6. SMS, Calls, and Consent (TCPA)
Where Faro Track is used to send SMS messages or place automated calls on a Customer's behalf, the Customer is responsible for obtaining Prior Express Written Consent (PEWC) from their own patients/clients before enabling these features, and for honoring opt-out requests (e.g., replying STOP) within legally required timeframes. Faro Track logs consent timestamps and opt-out events to support the Customer's compliance obligations. Message and data rates may apply to end consumers per their carrier plan.
SMS subscriber data — no sale or sharing. Mobile phone numbers and SMS opt-in/consent data collected in connection with text messaging programs will not be sold or shared with third parties for their own marketing or promotional purposes. This data is used solely to deliver the messaging services the subscriber consented to.
7. Health Information
Faro Track is not designed to receive, store, or process Protected Health Information (PHI) as defined by HIPAA, and Customers are contractually required not to submit clinical/treatment details through lead forms, messaging templates, or any other feature. Where a Customer is a HIPAA-covered entity, the parties may need a separate Business Associate Agreement (BAA) covering any component that touches PHI; as of the date of this policy, Centinelo does not offer a signed BAA, and Customers must not transmit PHI through the Service.
8. Data Retention and Deletion
We retain Customer and end-consumer data for as long as the Customer's subscription is active, plus a limited retention period after offboarding (see the Customer's Terms of Service) to allow data export and to comply with legal obligations. Lead data received through a Customer's connected advertising forms (e.g., Meta Lead Ads) is stored in that Customer's private workspace, is accessible only to that Customer's authorized staff, is never shared across customer accounts, and is deleted upon the Customer's request or at the end of the post-offboarding retention period, whichever comes first. When a messaging platform notifies us that an end user deleted a message, our stored copy of that message is deleted as well. Customers may request deletion of their data, and end consumers may contact the relevant Customer (business) directly to exercise applicable privacy rights; we support Customers in fulfilling these requests.
9. Your Rights
Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data (e.g., under CCPA/CPRA for California residents, or other applicable state privacy laws). If you are an end consumer of one of our Customers, please contact that business directly, as they control the underlying data. If you are a Customer, contact us using the details below.
10. Security
We use industry-standard technical and organizational measures (encryption in transit and at rest for sensitive credentials, access controls, tenant data isolation) to protect information. No method of transmission or storage is 100% secure.
11. Children's Privacy
The Service is not directed to individuals under 18, and we do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date, and where required, Customers will be notified directly.
13. Contact Us
For privacy questions or requests, contact us at info@centinelo.com.