Privacy-First Geotracking: Senturo’s New Approach to Protect Devices While Respecting Privacy

For IT leaders managing mobile device fleets today, balancing device security and data privacy is no longer optional.

Organizations must be able to:

• Protect valuable device assets
• Safeguard sensitive data
• Maintain accountability over large, distributed device fleets

All while respecting the privacy expectations of students, employees, and contractors.

Traditionally, tools for tracking devices forced an all-or-nothing choice:

• Enable always-visible tracking, which could raise privacy concerns and compliance risks, or
• Disable tracking entirely, sacrificing critical visibility needed for mobile device management, compliance enforcement, data protection, and loss prevention.

Privacy-First Geotracking from Senturo changes that. Now available as an optional feature, Privacy-First Geotracking empowers organizations to maintain full device protection while ensuring that location data is only revealed under controlled, policy-driven conditions.

Key takeaways

• Most device-tracking tools force a binary choice: either always-visible location or no tracking at all. Privacy-First Geotracking adds a third path.
• Three configurable levels: always-on visibility (Level 1), location revealed only when a device is reported missing (Level 2), or dual-admin approval required to access location data (Level 3).
• Background protections, including geofencing, IP fencing, and phone-home policies, remain active at all levels regardless of visibility settings.
• Available for all Senturo customers on request. Level changes are handled by the Senturo team at the backend, not as an in-app toggle.

Why Privacy-First Geotracking?

Every organization that issues corporate-owned devices, whether to students, employees, or contractors, has a legitimate responsibility to manage those assets effectively:

• Recover misplaced or stolen devices quickly
• Maintain accurate asset records for financial accountability and compliance reporting
• Protect sensitive data that resides on or flows through mobile devices
• Enforce geo-compliance policies, especially in regulated industries
• Detect unusual patterns that may signal policy violations or security risks

Yet growing privacy expectations and frameworks like GDPR, HIPAA, FERPA, and SOC 2 demand a more nuanced approach to device tracking.

Senturo’s Privacy-First Geotracking provides this balance, giving IT teams flexible control over when and how location data is surfaced, while background protections remain fully active at all times.

How Privacy-First Geotracking Works

Privacy-First Geotracking offers a tiered approach, giving organizations clear, configurable options to match their governance and privacy policies.

Senturo manages this configuration on the backend; levels are set on request through the Senturo team, ensuring that no single admin can unilaterally change privacy levels in the app.

Level 1 (Default): No Restrictions

• Full real-time location visibility for IT admins.
• Ideal for organizations that require continuous oversight of device locations (e.g. highly regulated environments or internal security policies).
• This level matches Senturo’s existing baseline functionality.

Level 2: Missing Mode Activation

• Location data is collected but obfuscated by default, not visible to IT admins during normal operations.
• When a device is reported missing:
  
  • The system automatically reveals the device’s last known location and location history to authorized admins.
  • Admins can immediately trigger advanced recovery actions (remote lock, wipe, or messaging).
• Enables fast recovery while maintaining privacy during day-to-day usage.

Level 3: Admin Sign-Off Workflow

• Location data is collected but hidden by default.
• If an admin requests access to location data (for example, during a compliance review or investigation), a second admin must approve the request before data is revealed.
• This dual-approval model provides the highest level of transparency and governance, ideal for privacy-sensitive environments.

What stays active at all levels

Regardless of which privacy level is selected, these background protections remain fully enforced:

• Geofencing: devices trigger alerts and automated actions when they cross defined boundaries
• IP fencing: devices connecting from unauthorized networks are flagged or locked
• Agent phone-home policies: the Senturo agent continues checking in, maintaining the ability to act immediately if a device is reported missing

Privacy settings control when location data is visible to admins. They do not reduce the platform's ability to protect the device itself.

‍

‍

‍

Use Cases Across Industries

K-12 & Higher Education

Schools often manage large fleets of mobile devices, sometimes tens of thousands for students and staff, with small IT teams responsible for asset accountability and security.

Privacy-First Geotracking allows these teams to:

• Maintain device visibility across their entire fleet.
• Respect student and staff privacy by ensuring location data is only surfaced under strict, policy-driven conditions.
• This is particularly relevant as 1:1 device programs expand and ESSER funding has now expired, placing greater emphasis on preserving device value and ensuring accountability with reduced budgets.

Healthcare

Healthcare organizations must protect mobile devices that access or store Protected Health Information (PHI), while also complying with stringent privacy regulations.

Privacy-First Geotracking helps:

• Enforce geo-compliance policies (e.g., devices must remain within designated facilities).
• Maintain audit trails for compliance reporting.
• Recover devices without creating perceptions of constant employee surveillance.

Field Services

For field services companies with distributed, mobile workforces, Privacy-First Geotracking enables:

• Full fleet visibility and geo-compliance enforcement.
• Recovery of misplaced or stolen field devices.
• Respectful handling of employee privacy when devices are used off-hours or in mixed personal/professional contexts.

Regulated & Compliance-Driven Industries

Law firms, financial services, government contractors, and media companies often require:

• Detailed tracking for audit and compliance.
• Clear policies to protect employee privacy.
• Transparent governance to support standards like ISO 27001, SOC 2, and GDPR.

Privacy-First Geotracking delivers these capabilities, enabling organizations to demonstrate trustworthiness and compliance while securing mobile assets.

Key Benefits

• Balance visibility and privacy: Configurable levels let IT teams match location visibility to their governance policies without compromising device protection.
• Protect mobile assets throughout the device lifecycle: Geofencing, IP fencing, and phone-home policies stay active regardless of privacy level.
• Support compliance: GDPR, HIPAA, FERPA, SOC 2, and ISO 27001: tiered visibility and dual-approval workflows provide the audit trail documentation regulators look for.
• Foster user trust: Transparent, policy-driven location access reduces employee and student concern about constant surveillance.
• Enable scalable fleet management: MacOS, Windows, iOS, Android, and Chrome OSv Chrome OS: works with all Senturo-supported device types. No changes to MDM configuration required.

‍

How to Activate Privacy-First Geotracking

Privacy-First Geotracking is available to all Senturo customers as an optional feature. To activate it:

• Contact the Senturo team at sales@senturo.com or via your account manager to request activation.
• Specify which level (1, 2, or 3) matches your organization's governance and privacy policy.
• The Senturo team configures the level at the backend. No in-app changes are needed on your end.

The feature works with all Senturo MDM integrations (Jamf Pro, Microsoft Intune, Google Admin Console, and Cisco Meraki) and across all supported operating systems: macOS, Windows, iOS, Android, and Chrome OS.

Ready to take a more privacy-conscious approach to device security and compliance?

Contact the Senturo team today to activate Privacy-First Geotracking or to explore which level best fits your organization’s needs.

Frequently Asked Questions

What is Privacy-First Geotracking?

Privacy-First Geotracking is a Senturo feature that gives organizations configurable control over when and how device location data is visible to IT admins. It offers three levels: always-on visibility, location revealed only when a device is reported missing, and location access requiring dual-admin approval. Background security protections remain active at all levels.

What is the difference between Level 2 and Level 3?

Level 2 automatically reveals location data when a device is marked as missing, without requiring approval. Level 3 requires a second admin to approve any access to location data before it is revealed, even during a missing device investigation. Level 3 provides a higher governance standard for organizations with stricter privacy requirements.

Does reducing location visibility weaken device security?

No. Privacy settings in Senturo control when location data is visible to admins. They do not affect the underlying security capabilities. Geofencing alerts, IP fencing, automated lock or wipe triggers, and agent phone-home policies all remain fully active regardless of which privacy level is selected.

Which compliance frameworks does Privacy-First Geotracking support?

The feature supports compliance with GDPR (Article 5 data minimization principle), HIPAA (minimum necessary access standards), FERPA (student data privacy requirements), SOC 2 (access control and audit logging), and ISO 27001 (information security management). The dual-admin approval workflow in Level 3 directly supports the audit trail requirements of each of these frameworks.

How do I change which privacy level my organization uses?

Level changes are handled by the Senturo team at the backend configuration level, not as an in-app setting. Contact sales@senturo.com or your account manager to request a level change. This design prevents any single admin from unilaterally modifying the organization's privacy configuration.

‍