Back to Legal Hub
Legal

Platform Privacy Policy

Effective date: April 16, 2026 · Sentinel CX Pro LLC

1. Scope

This Privacy Policy applies when an individual accesses or uses Sentinel CX Pro with an active account, requests support related to access or security, acts as an administrator for a customer organization, receives transactional account communications, or otherwise interacts with application features that process personal data.

This policy does not grant any consumer-facing product rights beyond those required by applicable law, and it does not apply to third-party services that operate independently and are governed by their own notices.

2. Information We Collect

2.1 Account and Identity Information

Name, business email address, organization name, role, login identifier, and administrator-assigned account status.

Authentication and security data, including one-time login events, multi-factor authentication enrollment status, verification attempts, recovery requests, device and browser session details, Internet Protocol address, approximate location derived from network telemetry, and security event logs.

2.2 Platform Usage Information

Application event logs, feature usage, timestamps, error reports, audit logs, support history, and account preferences.

Technical information such as browser type, operating system, referral information, cookie or similar session identifiers used for secure sign-in and fraud prevention, and network diagnostics.

2.3 Customer and Location-Related Information

Business location profiles, public review data from supported sources, review response workflows, performance metrics, and user-generated or administrator-generated configuration data.

Artificial intelligence generated response drafts and related prompts, instructions, or moderation signals created within the platform.

2.3.1 Google User Data

When a customer adds Sentinel CX Pro as a manager on one or more of their Google Business Profile locations, the application accesses, uses, stores, and shares Google user data associated with those locations as described below. Sentinel CX Pro accesses Google Business Profile data through the Google Business Profile API using its own authenticated Google account, acting in the manager role granted by the customer. Sentinel CX Pro's use of Google user data is subject to the Google API Services User Data Policy, including the Limited Use requirements, available at https://developers.google.com/terms/api-services-user-data-policy.

OAuth scope and partner platform identity. Sentinel CX Pro authenticates to the Google Business Profile API using the OAuth 2.0 scope https://www.googleapis.com/auth/business.manage. This is the scope Google requires for partner platforms that read and write Google Business Profile data on behalf of authorized accounts. Sentinel CX Pro identifies itself to Google and to authorizing customers as the partner platform requesting access. Where a customer's authorized user additionally signs in to Sentinel CX Pro using their Google Account for identity or single sign-on purposes, Sentinel CX Pro requests only the basic identity scopes necessary for that sign-in.

Scope of operations. Subject to the manager permissions granted by the customer, Sentinel CX Pro uses the Google Business Profile API to perform the following operations at the direction of, and on behalf of, the customer's authorized users:

  • read and synchronize business location profiles, verification status, and operating information;
  • read customer reviews, review metadata, and review history;
  • publish review responses that the customer's authorized user has reviewed and approved, including responses initially drafted with AI assistance;
  • create and update Google Posts (announcements, offers, events) authored or approved by the customer's authorized user;
  • create and update menu items and food-and-beverage details for applicable business categories, as entered or approved by the customer's authorized user;
  • update business profile fields, including hours, attributes, service areas, and photos, as entered, uploaded, or approved by the customer's authorized user;
  • read business performance insights, metrics, and analytics for reporting to authorized users within the customer organization.

All write operations to a customer's Google Business Profile are initiated by an authorized human user within the Sentinel CX Pro interface. Sentinel CX Pro does not autonomously create posts, modify menus, upload photos, or alter profile fields without authorized user direction.

Google user data we access. Business location profiles managed by the authorizing customer, location verification status and operating information, customer reviews and review metadata associated with those locations, review reply content authored through the platform, Google Posts content created or managed through the platform, menu items and food-and-beverage details for applicable business categories, business profile field data including hours, attributes, service areas, and photos, business performance insights and metrics returned by the Google Business Profile API, and the account, location, and resource identifiers necessary for API operation. Sentinel CX Pro requests only the operations and scopes reasonably necessary to provide the features authorized by the customer.

How we use Google user data. To generate sentiment analysis, reporting, and customer experience intelligence for the authorizing organization; to draft AI-assisted review responses that are presented to authorized human users for review, edit, and approval before publication; to publish review responses, Google Posts, menu updates, profile field updates, and photo uploads on the customer's behalf when initiated by an authorized human user; to provide operational dashboards and performance reporting to authorized users within the same customer organization; and to maintain service security, abuse prevention, and audit logs.

How we store Google user data. Google user data is stored within Sentinel CX Pro's cloud infrastructure, encrypted in transit and at rest, and segregated by customer tenant. Access is restricted to authorized personnel and systems on a need-to-know basis. Google user data is retained for the duration of the active customer relationship and the connected manager authorization, and is deleted, de-identified, or securely disposed of within a commercially reasonable period after authorization is removed or the customer relationship ends, subject to legal, contractual, backup, and security log retention requirements.

How we share Google user data. Google user data may be processed by cloud infrastructure, database, and application delivery providers necessary to operate the service, and by artificial intelligence service providers engaged to generate analysis outputs and response drafts under customer instruction, in each case under written terms that restrict their use of the data to providing services to Sentinel CX Pro. Sentinel CX Pro does not transfer Google user data to third parties for advertising, marketing, independent commercial purposes, or any purpose unrelated to providing the user-facing features authorized by the customer, except as necessary to comply with applicable law or to protect against fraud, abuse, or security risks.

No AI model training on Google user data. Sentinel CX Pro does not use Google user data to develop, improve, or train generalized or foundation artificial intelligence or machine learning models. Sentinel CX Pro engages artificial intelligence service providers under written terms that prohibit those providers from using Google user data, or any customer data submitted by Sentinel CX Pro, to train their own models. Where AI providers offer zero-data-retention configurations for the relevant API, Sentinel CX Pro uses those configurations. Additional information about Sentinel CX Pro's artificial intelligence practices is available in the AI Disclosure Policy at www.sentinelcxpro.com/legal/ai.

Customer responsibilities and Google's privacy policy. Customers who grant Sentinel CX Pro manager access to a Google Business Profile location are responsible for ensuring they have authority to do so under their agreement with Google. Google's own handling of personal data is governed by the Google Privacy Policy at https://policies.google.com/privacy.

Offline access and token storage. Sentinel CX Pro maintains persistent ("offline access") OAuth 2.0 refresh and access tokens for its authenticated Google account so that the application can perform authorized actions — including syncing reviews, publishing approved review responses, posting approved Google Posts, updating menus and profile fields, and refreshing analytics — outside of an interactive Google sign-in session. Refresh tokens and access tokens are stored encrypted at rest within Sentinel CX Pro's cloud infrastructure, are accessible only to authorized service components on a need-to-know basis, are excluded from application logs and error reports, are rotated according to the OAuth 2.0 refresh-token flow and provider expiration policies, and are revoked and deleted when the underlying authorization is removed, when Google returns an invalid-grant response, or when a customer is offboarded.

Removing access. A customer may remove Sentinel CX Pro's access to a Google Business Profile location at any time by removing Sentinel CX Pro as a manager of that location through the Google Business Profile management interface at https://business.google.com, or by contacting privacy@sentinelcxpro.com. If a customer's authorized user has additionally signed in to Sentinel CX Pro using their personal Google Account, that user may revoke Sentinel CX Pro's access to their Google Account at any time through their Google Account permissions page at https://myaccount.google.com/permissions. When manager access is removed and any associated Google Account authorizations are revoked, Sentinel CX Pro will cease accessing the affected Google user data, will delete the associated OAuth 2.0 refresh and access tokens, and will delete or de-identify the affected Google user data within a commercially reasonable period, subject to legal, contractual, backup, and security log retention requirements.

2.4 Communications and Support Information

Messages sent to support, account access inquiries, identity verification information reasonably required to restore access, and records of responses.

2.5 Sensitive Personal Information

Sentinel CX Pro does not intentionally request highly sensitive categories of personal data for ordinary product use. Users and administrators should not submit unnecessary sensitive data through reviews, prompts, support tickets, or free-text fields.

3. How We Use Information

  • Provide, secure, authenticate, maintain, and improve the application and related services.
  • Create and manage accounts, enable multi-factor authentication, detect fraud, investigate suspicious activity, and enforce access controls.
  • Process customer instructions, generate analytics, create response drafts, support review intelligence workflows, and maintain system integrity.
  • Communicate with users and administrators about login activity, account changes, service updates, support requests, billing matters, and legal notices.
  • Comply with law, respond to lawful requests, enforce contracts, preserve evidence, and protect Sentinel CX Pro LLC, its customers, users, and the public.

4. Legal Bases for Processing

For individuals in the European Economic Area, United Kingdom, and other jurisdictions that require a lawful basis, Sentinel CX Pro processes personal data on one or more of the following grounds:

  • Performance of a contract when processing is necessary to provide access to the application, maintain accounts, support customer instructions, and administer the service.
  • Legitimate interests when processing is necessary for information security, fraud prevention, product improvement, enterprise account management, internal administration, support, and defense of legal claims, provided such interests are not overridden by applicable rights.
  • Compliance with legal obligations when processing is required by law, regulation, court order, tax obligation, or lawful governmental request.
  • Consent where required by law for specific processing activities.

Information transparency obligations are described in Article 13 of the General Data Protection Regulation at https://gdpr-info.eu/art-13-gdpr/.

5. How We Disclose Information

Sentinel CX Pro may disclose personal data to the following categories of recipients as reasonably necessary to provide the service:

  • Cloud hosting, infrastructure, database, and application delivery providers.
  • Authentication, identity, session management, and account security providers.
  • Transactional communication and email delivery providers.
  • Application support, monitoring, logging, and incident response providers.
  • Artificial intelligence and machine learning service providers used to generate or process drafting and analysis outputs under customer instruction.
  • Professional advisers, auditors, insurers, and corporate counterparties where reasonably necessary.
  • Governmental authorities, regulators, law enforcement, courts, or other third parties where required by law or necessary to protect rights, security, or property.

Sentinel CX Pro does not sell personal information in exchange for monetary consideration. Sentinel CX Pro does not share personal information for cross-context behavioral advertising.

Where Sentinel CX Pro engages processors on behalf of customer organizations, sub-processing will be governed by written terms consistent with Article 28 of the General Data Protection Regulation, available at https://gdpr-info.eu/art-28-gdpr/.

5.1 Limited Use of Google User Data

Sentinel CX Pro's use and transfer to any other application of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Sentinel CX Pro uses Google user data only to provide or improve user-facing features that are prominent in the Sentinel CX Pro user interface and that the customer has authorized.
  • Sentinel CX Pro does not use Google user data to serve advertisements, including personalized, retargeted, or interest-based advertisements.
  • Sentinel CX Pro does not transfer Google user data to third parties except (i) as necessary to provide or improve the user-facing features described above, (ii) for security purposes such as investigating abuse, (iii) to comply with applicable law, or (iv) as part of a merger, acquisition, or sale of assets with notice to affected customers.
  • Sentinel CX Pro does not allow humans to read Google user data unless (i) the customer has provided affirmative consent for specific data, (ii) it is necessary for security purposes such as investigating abuse, (iii) it is necessary to comply with applicable law, or (iv) the data has been aggregated and anonymized and is used for internal operations.

The Google API Services User Data Policy is available at https://developers.google.com/terms/api-services-user-data-policy.

6. Cookies and Similar Technologies

The application may use cookies, session tokens, local browser storage equivalents, and similar technologies that are strictly necessary for sign-in, session continuity, fraud prevention, load balancing, interface preferences, and security monitoring. Sentinel CX Pro does not use cookies for unrelated advertising on the login page or within the authenticated application.

If additional non-essential analytics or tracking technologies are enabled in a manner that requires consent under applicable law, Sentinel CX Pro will present an appropriate notice or consent mechanism before those technologies are activated where legally required.

7. Data Retention

Sentinel CX Pro retains personal data for as long as reasonably necessary to provide the application, maintain security logs, satisfy contractual commitments, preserve evidence for disputes, meet legal obligations, and support legitimate business operations. Retention periods vary based on the nature of the data, customer instructions, legal requirements, system backup schedules, and security needs.

When personal data is no longer required, Sentinel CX Pro will delete, de-identify, or securely dispose of it within a commercially reasonable period, subject to legal, technical, contractual, and archival constraints.

8. Privacy Rights and Regional Disclosures

8.1 California Rights (CCPA/CPRA)

California residents may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. Those rights may include the right to know, access, correct, delete, and obtain information about categories of personal information collected, sources, purposes, categories of recipients, and retention criteria, subject to statutory exceptions. California privacy policy notice expectations are summarized by the California Privacy Protection Agency at https://cppa.ca.gov/pdf/general_notices.pdf.

Sentinel CX Pro does not sell personal information in exchange for money. Sentinel CX Pro does not share personal information for cross-context behavioral advertising through the login page or core authenticated application experience. If Sentinel CX Pro ever engages in regulated sale or sharing activity, required notices and opt-out mechanisms will be provided.

8.2 Texas Rights (TDPSA)

Texas residents may have rights under the Texas Data Privacy and Security Act, including rights to access, correct, delete, and obtain a copy of certain personal data, and to appeal a denial of a rights request where applicable. The Texas Attorney General provides consumer guidance at https://www.texasattorneygeneral.gov/consumer-protection.

8.3 Colorado Rights

Colorado residents may have rights under the Colorado Privacy Act and the Colorado AI Act (SB 24-205), including rights to access, correct, delete, and opt out of certain data processing, as well as the right to information about consequential decisions made or substantially influenced by artificial intelligence systems. The Colorado Attorney General provides guidance at https://coag.gov/ai/.

8.4 European Rights (GDPR)

Individuals in the European Economic Area and United Kingdom may have rights to access, rectify, erase, restrict, object, withdraw consent where processing is based on consent, and lodge a complaint with a supervisory authority, subject to applicable law and exceptions. Where artificial intelligence features are used, individuals may have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects, subject to the exceptions in Article 22 of the General Data Protection Regulation.

8.5 Data Portability

Where required by applicable law, including GDPR Article 20, you may have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

8.6 Authorized Agents

California residents may designate an authorized agent to submit privacy requests on their behalf. We may require the authorized agent to provide written proof of authorization and may verify the identity of the consumer directly.

8.7 Non-Discrimination

We will not discriminate against you for exercising your privacy rights. We will not deny services, charge different prices, or provide a different quality of service because you exercised a privacy right.

8.8 Submitting Requests

Privacy requests may be submitted by emailing privacy@sentinelcxpro.com. Sentinel CX Pro may take reasonable steps to verify identity, authority, and tenant relationship before completing a request. Where Sentinel CX Pro acts as a processor for a customer organization, the request may be directed to the relevant customer controller.

9. International Data Transfers

Personal data may be processed in the United States and other countries where Sentinel CX Pro LLC, its affiliates, customers, or service providers operate. Where required by applicable law, Sentinel CX Pro will use appropriate transfer safeguards, which may include contractual protections such as Standard Contractual Clauses approved by the European Commission.

10. Security

Sentinel CX Pro applies administrative, technical, and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and unauthorized access. Security measures include authentication controls, access restrictions, encryption, logging, environment protections, vendor management, and incident response procedures. No method of transmission or storage can be guaranteed to be completely secure.

11. Artificial Intelligence Features and Transparency

Sentinel CX Pro includes features that use artificial intelligence to generate draft text, analysis outputs, classifications, and workflow recommendations. Artificial intelligence outputs are probabilistic, may require human review, and should not be treated as guaranteed accurate or complete without appropriate user validation.

When users interact with features that produce artificial intelligence generated content, the application identifies those outputs as AI-assisted. Users remain responsible for all content they publish, approve, or rely upon. Sentinel CX Pro does not represent that artificial intelligence features are error-free, unbiased, or suitable for unlawful, deceptive, or non-compliant use.

Sentinel CX Pro does not use artificial intelligence to make fully automated consequential decisions about individuals without human oversight. Where artificial intelligence features assist in analysis or recommendations, those outputs are presented to authorized users for review and discretionary action.

Businesses should ensure that human users review generated content before publication, especially where public replies, brand statements, legal assertions, regulated claims, or customer communications are involved. The Federal Trade Commission has emphasized that deceptive or unsubstantiated artificial intelligence claims are unlawful, including in guidance published at https://www.ftc.gov/industry/technology/artificial-intelligence.

12. Children

Sentinel CX Pro is designed for business use and is not directed to children under the age of sixteen. Sentinel CX Pro does not knowingly collect personal data from children through the application login or authenticated service. If Sentinel CX Pro becomes aware that personal data from a child has been collected without appropriate authorization, it will take reasonable steps to delete the data.

13. Changes to This Policy

Sentinel CX Pro may update this Privacy Policy from time to time. Material changes will be communicated through the application or by other appropriate means before the updated policy takes effect. Where required by law or contract, Sentinel CX Pro will provide advance notice of material changes. Continued use of the application after the effective date of an updated policy constitutes acknowledgment of the revised policy to the extent permitted by law.

14. Contact

Sentinel CX Pro LLC Texas, United States