Privacy Policy

Jakiagency — operated by Vasaris Knizleris (Lithuania)

Effective date: 20 April 2026 · Last updated: 20 April 2026

1. Introduction and Data Controller

This Privacy Policy explains how Jakiagency ("Jakiagency", "we", "us", "our") collects, uses, shares and safeguards personal data of individuals who interact with our services, including our website jakiagency.com and the conversational AI (chatbot) solutions we operate on behalf of our clients on Facebook Messenger, Instagram Direct, and WhatsApp Business.

Jakiagency is a sole proprietorship (individual activity) registered in Lithuania. For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Lithuanian Law on Legal Protection of Personal Data, Jakiagency acts as a data controller for the personal data it determines the purposes and means of processing for, and as a data processor when processing personal data on behalf of business clients (for example, a dental clinic using our chatbot to manage patient inquiries).

Where a business client defines the purposes of processing (for example, which patient data is collected and how long it is retained), that client is the controller and Jakiagency acts as their processor under a written data processing agreement. For certain health-related processing, Jakiagency and the clinic may act as joint controllers under Article 26 GDPR.

1.1 Controller identity and contact

Jakiagency
Owner: Vasaris Knizleris
Individual activity certificate / Tax ID: 50602010158
S. Konarskio g. 18-55, Vilnius, 03124, Lithuania
Website: https://jakiagency.com
Email: team@jakiagency.com

1.2 Data Protection contact

A formal Data Protection Officer (DPO) is not mandatory for Jakiagency under Article 37 GDPR, as we do not meet the criteria requiring appointment. Vasaris Knizleris is the designated contact point for all data protection matters and handles data subject requests personally. All privacy enquiries, rights requests, and complaints can be sent to team@jakiagency.com.

2. Data We Collect

We collect personal data from several distinct sources. The following subsections describe each source and the categories of data involved.

2.1 Data from Meta platforms (Facebook, Messenger, Instagram, WhatsApp)

When a user interacts with a chatbot we operate on a Meta platform, we receive the following categories of data through the Meta Graph API, Messenger Platform, Instagram Messaging API, or WhatsApp Business Platform, as applicable:

We do not access a user's friends list, contacts, photos, or any Meta data beyond what is strictly necessary to deliver the requested chatbot service.

2.2 Data from the website (jakiagency.com)

2.3 Data from chatbot interactions

2.4 Special categories of data — health information (GDPR Article 9)

When our chatbot is operated for a healthcare client (for example, a dental clinic), users may voluntarily share information that qualifies as a special category of personal data under Article 9 GDPR, including:

Health data is processed only when strictly necessary to deliver the healthcare-related service requested by the user, and only under a lawful basis set out in Section 4 (typically explicit consent under Article 9(2)(a) and/or provision of healthcare under Article 9(2)(h) on behalf of the clinic). Additional safeguards apply to this data (see Section 11).

3. How We Use Data

We use personal data only for the specific, lawful purposes listed below. We do not use personal data for profiling that produces legal or similarly significant effects, and we do not use it for behavioural advertising.

5. Data Sharing

We share personal data only with the following categories of recipients, and only to the extent necessary for the purposes described in this policy. We do not sell personal data, and we do not share it for third-party advertising.

A current list of subprocessors is available on request by emailing team@jakiagency.com.

6. Data Retention Periods

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Specific retention periods:

Data category Retention period
Chatbot conversation history (including Meta platform IDs and message content) Up to 24 months from the last interaction, or shorter if required by the healthcare client's own retention policy.
Health data shared in chatbot conversations Kept only for the period needed by the healthcare client to deliver the service and to comply with Lithuanian medical record-keeping rules; thereafter deleted or returned to the client.
Appointment records As defined by the healthcare client (typically aligned with Lithuanian patient record retention rules).
Website contact form submissions 24 months from the last contact, unless a business relationship continues.
Website server and security logs Up to 90 days.
Accounting and tax records 10 years, as required by Lithuanian law.
Data deletion request log (proof that a request was handled) 3 years from completion of the request.

When retention periods expire, data is either securely deleted or irreversibly anonymized.

7. Your Rights Under GDPR

Regardless of the Meta platform you use to interact with us, you have the following rights in relation to personal data we process about you:

  1. Right of access (Article 15) — obtain confirmation whether we process your personal data and receive a copy of it.
  2. Right to rectification (Article 16) — have inaccurate or incomplete data corrected.
  3. Right to erasure / "right to be forgotten" (Article 17) — have your data deleted in the cases set out in GDPR (see Section 8 for the practical procedure).
  4. Right to restriction of processing (Article 18) — ask us to limit how we process your data in certain circumstances.
  5. Right to data portability (Article 20) — receive the data you provided to us in a structured, commonly used, machine-readable format, and have it transmitted to another controller where technically feasible.
  6. Right to object (Article 21) — object to processing based on our legitimate interests, including any form of profiling.
  7. Right to withdraw consent (Article 7(3)) — withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing already carried out.
  8. Right to lodge a complaint with a supervisory authority (Article 77) — in particular with the Lithuanian State Data Protection Inspectorate (see Section 15), or with the supervisory authority in your EU/EEA country of residence.

To exercise any of these rights, email team@jakiagency.com. We may ask for information to verify your identity before acting on your request. We will respond without undue delay, and in any event within one (1) month, which may be extended by a further two (2) months for complex or numerous requests — in which case we will inform you of the extension and the reasons for the delay.

8. Data Deletion Procedure

This section is the official Data Deletion Instructions URL for Meta Developer Platform. It is permanently available at https://jakiagency.com/privacy-policy#data-deletion.

8.1 How to request deletion of your data

To request deletion of the personal data Jakiagency holds about you, send an email to team@jakiagency.com with the subject line "Data Deletion Request", including:

We may request additional information strictly necessary to verify that the request comes from you, in order to prevent unauthorized deletion.

8.2 Response timeframe

We will acknowledge your request within five (5) business days and complete the deletion within a maximum of thirty (30) days of verification, in line with GDPR Article 12(3). If we cannot honour the request in full (for example, because we are legally required to retain certain records such as accounting data), we will explain which data remains and on what legal basis.

8.3 Revoking app permissions directly on Meta platforms

You can also revoke the permissions the chatbot received from you, independently of contacting us:

Revoking permissions or blocking a business on a Meta platform stops future data flow from Meta to us, but does not automatically delete the data we already hold. To have that data deleted, please also send a Data Deletion Request as described in Section 8.1.

9. Cookies Policy

jakiagency.com uses only strictly necessary cookies — those that are essential for the website to function securely. Because these cookies fall under the "strictly necessary" exemption of the ePrivacy Directive, no consent banner is displayed.

Cookie Purpose Duration
jaki_session Maintains your session while you browse the site. Session (deleted when you close the browser).
jaki_csrf Prevents Cross-Site Request Forgery attacks on form submissions. Session.

We do not use Google Analytics, the Meta Pixel, or any third-party advertising or analytics cookies on jakiagency.com. If this changes in the future, we will update this section and, where required, request your prior consent through a cookie banner.

10. International Data Transfers

Because Meta Platforms Ireland Ltd. and some of our infrastructure subprocessors are part of international groups, personal data may be transferred outside the European Economic Area (EEA), including to the United States.

Such transfers are carried out only where one of the following safeguards under Chapter V GDPR applies:

You can request a copy of the safeguards in place for a given transfer by writing to team@jakiagency.com.

11. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful access, loss, alteration, or disclosure, in line with Article 32 GDPR. These measures include, in particular:

Additional measures for health data: access to health-related messages is restricted to a minimum number of authorized personnel, stored in logically segregated areas, and subject to additional monitoring. Pseudonymization is applied wherever it is compatible with delivering the service to the healthcare client.

12. Children's Privacy

Our services are not directed at children under the age of 16. Under Article 8 GDPR as transposed in Lithuania, a child must be at least 16 years old to consent to the processing of their personal data by an information society service; below that age, consent must be given or authorized by the holder of parental responsibility.

We do not knowingly collect personal data from children under 16. If you believe that a child under 16 has provided personal data to us, please contact team@jakiagency.com and we will delete the data without undue delay.

13. Specific Provisions for Meta Platforms

We use the official developer APIs provided by Meta. Our use of information received from Facebook, Instagram, Messenger, and WhatsApp — and our transfer of information to any third party — complies with the Meta Platform Terms, the Meta Developer Policies, and — for WhatsApp — the WhatsApp Business Messaging Policy.

13.1 Facebook and Messenger

Our chatbot integrations with Facebook Pages and Messenger use, as applicable, the following permissions from the Facebook Graph API and Messenger Platform:

We use data obtained through these permissions only to provide the chatbot service described in this policy, and only within Meta's 24-hour messaging window and allowed message tags. We do not use the data for advertising or for any secondary purpose.

13.2 Instagram (Graph API)

Our Instagram integrations use, as applicable:

We access Instagram data only for the purposes of operating the chatbot and only for accounts that have explicitly connected Jakiagency's application.

13.3 WhatsApp Business API

Our WhatsApp integrations use the official WhatsApp Business Platform (Cloud API or On-Premises API), with permission whatsapp_business_messaging and related permissions such as whatsapp_business_management where needed. We respect:

Users can opt out at any time by replying "STOP" (or the equivalent in their language), by blocking the business in WhatsApp, or by contacting us at team@jakiagency.com.

13.4 Compliance statement

Jakiagency confirms that it complies with all applicable Meta and WhatsApp developer terms, including but not limited to the Meta Platform Terms, the Meta Developer Policies, the Instagram Platform Policy, and the WhatsApp Business Messaging Policy. We do not sell, license, or purchase data obtained from Meta platforms, and we do not use it to build user profiles for advertising or discriminatory purposes.

14. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our services, in applicable law, or in Meta's platform requirements. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we will provide additional notice — for example, a banner on jakiagency.com and, where we have your email address and it is appropriate, a direct email — at least thirty (30) days before the changes take effect, where feasible.

Your continued use of our services after a revised policy takes effect constitutes acceptance of the updated policy, to the extent permitted by law.

15. Contact and Complaints

If you have any questions, concerns, or complaints about this Privacy Policy or about how we handle your personal data, please first contact us:

Jakiagency (Vasaris Knizleris)
S. Konarskio g. 18-55, Vilnius, 03124, Lithuania
Email: team@jakiagency.com

You also have the right to lodge a complaint with the competent data protection supervisory authority. In Lithuania, this is:

Valstybinė duomenų apsaugos inspekcija
(State Data Protection Inspectorate of the Republic of Lithuania)
L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania
Website: https://vdai.lrv.lt
Email: ada@ada.lt

If you reside in another EU/EEA country, you may also contact the supervisory authority in your country of residence or place of work.

16. Effective Date

This Privacy Policy is effective as of 20 April 2026.