Privacy Policy

Last updated: 29.08.2025

This Privacy Policy explains how we handle personal data for visitors to our website and for our business clients and partners. It is not intended for models/chatters who submit applications in our clients’ campaigns. If you are a candidate, please refer to the client agency’s own privacy notice on their form/landing page.

Who we are (the controller for this website)

Yevhenii Katiev, trading as Meraki Agency (“Meraki”, “we”, “us”).
Contact: info@merakiagency.co

Roles we play:
• Controller: for data we collect via our website, sales, support, and business communications.
• Processor: for candidate leads collected for a client’s campaign (the client is the controller; we act strictly on their instructions and do not re-use those leads for our own purposes).

1) What data we collect

1.1 Visitors and business clients (we act as controller)

• Contact details you provide: name, email, phone, job title/company (if you share it), and any message you send us.
• Communications: email or messenger correspondence, meeting notes, and—only with your permission—call/meeting recordings.
• Technical data & cookies: IP address, device/browser type, pages visited and events. Analytics/marketing cookies load only with your consent via the cookie banner.
• Scheduling data: when you book a call (e.g., via Calendly), we receive the information you enter there (name, email, time slot, etc.).

1.2 Candidate leads for clients’ campaigns (we act as processor; client is controller)

• Lead form fields (examples): name/alias, contact handle (Telegram/WhatsApp/Instagram, email, phone), 18+ confirmation, country/time zone/languages, and other answers included in the form.
• Sources: Meta Lead Ads (Facebook/Instagram) or a campaign landing page.
• Delivery: automated forwarding of the lead to the client’s designated destination (e.g., Telegram or another tool) under the client’s instructions.

We do not request sensitive data (health, political opinions, sexual life, etc.) and do not want to receive adult materials. If such information is sent, we will delete it where feasible.

2) Why we process data and our legal bases

• Responding to your inquiries and ongoing correspondence. When you contact us via form/email/messenger, we use the data you provide to respond and continue the conversation. Legal bases: our legitimate interests in running and growing our business and, where we are discussing services, pre-contract/contract performance.
• Selling and providing B2B services. We process business contact data to prepare proposals, onboard clients, perform the contract, and issue invoices. Legal bases: contract performance; for accounting records, legal obligation.
• Website analytics and marketing. Non-essential cookies/pixels only run with your consent via the cookie banner. Without consent, only strictly necessary cookies operate.
• Sourcing candidates for clients’ campaigns. We configure ads, collect leads, and deliver them to the client strictly under the client’s instructions. Legal basis: our contract with the client (where the client is the controller and we are the processor).
• Security and protection of rights. We may use minimal logs and related data to prevent abuse, protect our rights, and comply with legal requests. Legal bases: legitimate interests and/or legal obligation.

3) Cookies and tracking

• Strictly necessary cookies keep the site functioning.
• Analytics/marketing cookies only with your opt-in via the banner.
• You can change/withdraw your cookie choices via the banner (when available) and in your browser settings.

4) Who we share data with

We do not sell your personal data. We share data only when needed for the purposes above:

• Website platform/hosting: Webflow. If we export and host elsewhere, the relevant hosting provider would apply.
• Email/office tools: our email service provider (for business correspondence) Namecheap.com.
• Analytics/advertising (only with consent): Google Analytics 4; Meta Pixel/Lead Ads.
• Scheduling: Calendly, if you book a meeting.
• Messaging: Telegram for business communications; and—for candidate leads—we forward leads into the client’s chosen Telegram/CRM/channel as instructed by the client.
• Clients and their tools: we transmit candidate leads collected “for the client” to the client’s designated environment. The client determines the destination and is responsible for its configuration and compliance.
• Legal disclosures: when required by law, we disclose only what is strictly necessary.

About provider contracts: we use reputable providers that offer standard data-processing terms and recognized international transfer mechanisms (e.g., Standard Contractual Clauses). We choose services with appropriate safeguards and apply reasonable technical and organizational measures.

5) International transfers

Because we work globally, data may be processed outside your country (including outside the EEA/UK). Where required, we rely on Standard Contractual Clauses and other recognized transfer mechanisms, plus additional safeguards where appropriate.

6) Retention

• Business inquiries and correspondence: typically kept for up to 24 months after the last activity, or longer if needed to comply with law or protect our rights.
• Marketing with consent: retained until you withdraw consent or clear cookies.
• Candidate leads (for clients): kept for the contract term with the client plus up to 12 months (or another period set in our client contract), then deleted or anonymised.
• Accounting/records: retained as required by applicable law.

7) Security

We use reasonable measures such as HTTPS, access on a need-to-know basis, unique passwords, and basic activity logging. Two-factor authentication (2FA) is not currently in use; we may add it to key services in the future. No method of transmission or storage is perfectly secure, but we take appropriate steps to protect data.

8) Your rights

Depending on your location, you may have rights to: access your data, rectify inaccuracies, erase data, restrict processing, data portability, and to object to processing based on legitimate interests and to marketing. Where we rely on consent, you can withdraw it at any time (this does not affect processing already performed).

To exercise your rights, contact info@merakiagency.co.

If you are in the EEA or the UK, you also have the right to lodge a complaint with your local data protection supervisory authority. We would appreciate the chance to resolve your concerns first—please contact us.

9) US/Canada add-on (brief)

• California (CPRA): you can request to know, delete, and correct personal information and to limit the use of sensitive personal information. We do not sell personal information for money. Where advertising cookies/pixels could be considered “sharing,” you can opt out by declining marketing cookies in the banner.
• Canada (PIPEDA): you have rights to access and correct personal information; we collect for specific purposes, retain it only as necessary, and ensure contractual safeguards for service providers handling data on our behalf.

10) Children

Our site and services are not directed to individuals under 18. If you believe we have collected data from a minor, please contact us and we will delete it where feasible.

11) Updates

We may update this Policy from time to time. The latest version will always be available on this page. If changes are material, we will try to provide additional notice.

12) Contact

Meraki Agency (controller for this website): Yevhenii Katev, trading as Meraki Agency
Email: info@merakiagency.co