This is a template, not legal advice
This document describes, in general terms, how Argos works and what data it processes. It does not replace advice from a lawyer. Every company deploying Argos is responsible for adapting this policy — and its own internal privacy notice — to the laws of its country and its particular situation.
Scope of this policy
This policy applies to the Argos software (the agent installed on each Windows machine and the web control panel) as operated by Centinelo, the company that develops and commercializes the product.
Argos is a business-to-business (B2B) tool: it's installed by companies and clinics on the machines they themselves own, to monitor their own fleet. Argos is not aimed at the general public and is not installed on personal devices without the company's authorization.
Who is responsible for the data
In most cases, the company that contracts Argos (the "Customer") is the data controller for its own equipment and the people who use it. Centinelo acts as data processor: we process the data only to provide the service, following the Customer's instructions.
This means that if you're an employee of a company using Argos, your point of contact for exercising your rights over this data is your employer — not Centinelo directly. If you're the Customer, this policy serves as a base for drafting the privacy notice you give your own team.
What data Argos collects
Argos collects technical and operational data from the monitored equipment, grouped into a few categories. The full, detailed catalog, field by field, lives on the data page; here we summarize the categories:
- Identity and inventory: hostname, operating system, agent version, local IP address, assigned Windows user.
- Live resources: CPU, RAM, and disk usage, to catch bottlenecks before they become a support ticket.
- Installed hardware and software: device model, disks, running programs and services, useful for auditing and inventory.
- Security: antivirus, firewall, and disk-encryption (BitLocker) status, to catch exposed machines.
- Presence and activity: whether the machine is online, active, or idle (AFK), and time spent per application, never the content of what's typed or said.
- Screenshots: only if the Customer explicitly enables that policy for a group of machines, with configurable retention and access.
- System events: connect/disconnect, network changes, security alerts.
What Argos does not collect
- Keystroke content: there is no text keylogging.
- The content of personal emails, chats, or messages.
- Passwords or the data a user types into forms.
- Activity on personal devices that aren't owned by the company.
What we use this data for
- Running the control panel: showing fleet status in real time to the operators the Customer authorized.
- Information security: alerting on a disabled antivirus, an unencrypted disk, or outdated software.
- Technical support and remote control: letting an authorized operator assist a machine when the Customer requests it.
- Service continuity: keeping the agent updated, with signature verification before installing any update.
- Billing: counting active machines against the Customer's contracted license.
Legal basis for processing
For the Customer (the company), processing is typically grounded in performance of the license agreement with Centinelo and its legitimate interest in protecting its information assets.
For the people who use the monitored equipment, the most common legal basis is the employer's legitimate interest in security and operational continuity, always subject to the monitoring being transparent, proportionate, and for a declared purpose — the three principles we develop in the responsible monitoring guide.
How long data is kept
- Operational telemetry (CPU, RAM, presence): the recent history needed for charts and alerts is kept; the Customer sets the retention window in their plan.
- Screenshots: retention configurable by the Customer, typically from days to a few weeks — never indefinite by default.
- Access audit logs (who viewed what screen, and when): kept longer than the screenshots themselves, because they're the proof that access was controlled.
- When the service is canceled, the Customer's data is deleted from the appliance or exported as agreed in the service contract.
Who the information is shared with
Argos does not sell data to third parties or use it for advertising purposes. The data lives on the infrastructure the Customer chooses (their own server, a dedicated appliance, or Centinelo's managed cloud) and is only accessible to the operators the Customer itself authorized via roles (RBAC).
The only third parties involved are infrastructure providers strictly necessary to operate the service (for example, hosting or notification delivery), bound by confidentiality agreements.
Your rights over this data
If you're a person whose work equipment is monitored with Argos, you have the right to access, rectify, cancel, or object to the processing of your personal data, plus the equivalent rights under your local law — for example, data-subject rights under Brazil's LGPD.
To exercise them, the right channel is your employer (the Customer operating Argos), who is the data controller. If you're a company evaluating or using Argos and need support handling this kind of request, contact us.
How we protect this data
- Encrypted communication between the agent and the server.
- Per-agent tokens, individually revocable if a machine is lost or removed from the fleet.
- Role-based access control (RBAC): each operator sees only the machines and sections assigned to them.
- Audit log of screen access and remote sessions.
- Two-factor authentication (TOTP) available for operator accounts.
Minors
Argos is designed to monitor work equipment in business environments. It is not directed at minors and is not offered for monitoring personal devices belonging to children or teenagers.
Changes to this policy
We may update this policy as the product or applicable regulations change. The "last updated" date at the top reflects the current version. Relevant changes are communicated to the Customer through the usual contact channels.
Contact
For questions about this policy or how Centinelo processes data as a data processor, write to us through the support channels listed on the pricing page.