Privacy Policy

Last updated: June 29, 2026

This privacy policy explains how JR Agency collects, uses and protects the personal data of visitors to jr.agency as well as of the clients for whom we provide our services, in accordance with the General Data Protection Regulation (GDPR).

1. Data controller

JR AGENCY LTDA — CNPJ: 35.694.196/0001-46 — Com Barrinha de Baixo, Acaraú CE, 62580-000, Brazil.
Contact: contact@jr.agency

2. Data we collect

Browsing data: when you visit, certain technical information may be collected automatically (IP address, browser type, pages viewed, visit duration) for audience measurement and to improve the site.

Contact data: when you fill in a form, we collect the information you provide (name, email address, phone number, company name, message content).

Client data: as part of our services, we process the information needed to manage our clients’ accounts and online presence (see section 5).

3. Purposes and legal bases

We process your data to: respond to your requests (pre-contractual measures), deliver our services (performance of a contract), improve our site and measure its audience (legitimate interest), and comply with our legal obligations. Where required by law, we obtain your consent (non-essential cookies, marketing communications).

4. Cookies

The site may set cookies for its proper functioning and for audience measurement. You can configure your browser at any time to refuse cookies; some services may then become unavailable.

5. Social media management service and platform APIs

JR Agency offers its clients a service for managing, scheduling and publishing content on social media (Facebook, Instagram, LinkedIn, YouTube and TikTok). To provide this service, and only after explicit authorization from the client who owns the account, we connect to our clients’ accounts through the platforms’ official APIs using a self-hosted social media management tool (Postiz).

TikTok: we use TikTok’s Login Kit and Content Posting API to publish videos on behalf of our clients. The permissions requested are limited to what is strictly necessary (user.info.basic, video.upload, video.publish). We only access the basic information of the authorized account and publish the content provided by the client. Access (OAuth) tokens are stored securely for the duration of the service and revoked at its end or upon the client’s request. We do not sell or share this data with third parties. The use of data obtained from TikTok complies with the TikTok Developer Terms of Service and the TikTok Privacy Policy.

The same principle applies to the other platforms: we only access the data required for publishing, with the client’s consent, and in compliance with each platform’s terms.

6. Data sharing and processors

Your data is never sold. It may be processed by our technical providers acting as processors (site host, email and social media management tools), solely for the purposes of the service and in compliance with the GDPR. Transfers may occur to the aforementioned third-party platforms when you or our clients authorize us to do so.

7. Data retention

We keep your data for as long as necessary for the purposes described, then delete or anonymize it. Contact data from a request is kept for a maximum of 3 years after the last exchange.

8. Your rights

In accordance with the GDPR, you have the right to access, rectify, erase, restrict, object to and port your data. You can exercise these rights by writing to contact@jr.agency. You also have the right to lodge a complaint with a supervisory authority (in France, the CNIL).

9. Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss or disclosure.

10. Changes

This policy may be updated at any time. The date of the last update appears at the top of the page.

11. Contact

For any question regarding this policy or your personal data: contact@jr.agency.