Support Agent - Privacy Policy

  • PRIVACY POLICY Support Agent Effective Date: 23 April 2026 Last Updated: 23 April 2026

    1. Overview and Purpose of This Application

    This Privacy Policy applies to Support Agent (referred to as "the Application"), a private, internal-use software application developed and operated solely for personal and business management purposes.

    The Application is NOT a public-facing product, is NOT distributed to third parties, and is NOT available for download or commercial use. It is a closed, internal tool used exclusively by its owner to manage the following Facebook Pages:

    • SlimShake-HU (Hungary)
    • SlimShake-RO (Romania)
    • SlimShake-BG (Bulgaria)

    The Application integrates with the Meta (Facebook) Graph API to perform the following automated functions on the above-named Pages:

    • Automatically reply to incoming messages sent to the Pages via Facebook Messenger
    • Automatically reply to comments left on Page posts
    • Publish posts and content to the Pages on behalf of the Page administrator

    2. Data Controller Identity

    As this is a personal-use application, the individual operating the Application acts as the Data Controller for any personal data processed through it. The Data Controller is responsible for ensuring that all data processing activities comply with applicable data protection legislation, including the General Data Protection Regulation (GDPR) (EU) 2016/679.

    For any inquiries related to data processing under this policy, the Data Controller can be contacted via the Facebook Page administration accounts associated with SlimShake-HU, SlimShake-RO, and SlimShake-BG.

    3. What Personal Data Is Processed

    3.1 Data Received from Facebook Users

    • Facebook User ID (a pseudonymous identifier assigned by Meta)
    • Display name or username as visible on Facebook
    • The content of messages sent to the Page via Messenger
    • The content of comments posted on Page posts
    • Timestamps of messages and comments
    • The post or thread context in which a comment or message was made

    3.2 Data Generated by the Application

    • Automated responses generated and sent by Support Agent to users
    • Logs of automated actions (e.g., post published, reply sent) for operational and debugging purposes
    • Error logs in the event of failed API calls

    3.3 Data NOT Collected

    Support Agent does NOT collect:

    • Passwords or authentication credentials of Facebook users
    • Financial or payment information
    • Sensitive personal data (health, political opinions, religious beliefs, etc.)
    • Data from users who have not directly interacted with the SlimShake Pages
    • Location data, device identifiers, or cookies from Facebook users

    4. Legal Basis for Processing (GDPR Article 6)

    4.1 Legitimate Interests (Article 6(1)(f))

    The primary legal basis for processing is the legitimate interests of the Page administrator in managing customer communications and business operations on the SlimShake Facebook Pages. This includes responding to customer enquiries, moderating comments, and publishing relevant content.

    4.2 Contract Performance (Article 6(1)(b))

    Where a user contacts the Page with a purchase enquiry or customer service request, processing their message to provide a response may be necessary for the performance of a contract or to take steps prior to entering into a contract.

    4.3 Consent (Article 6(1)(a))

    Facebook users who voluntarily send messages to or comment on the SlimShake Pages do so knowingly, implying a degree of consent to receiving a reply. Facebook's own terms of service and privacy policy govern the platform-level consent for data processing by Meta.

    5. Purpose and Use of Processed Data

    Personal data accessed by Support Agent is used exclusively for the following purposes:

    • To generate and send automated replies to messages and comments on the SlimShake Facebook Pages
    • To publish content (posts, updates, announcements) on behalf of the Page administrator
    • To maintain operational logs for debugging and improving Support Agent's performance
    • To ensure compliance with applicable laws and platform policies

    The data is NOT used for:

    • Marketing or advertising to individuals outside of the Page context
    • Profiling, tracking, or behavioural analysis of individual users
    • Sharing, selling, or transferring to any third parties
    • Training machine learning models

    6. Data Retention

    Support Agent does not operate a persistent database of user personal data. Data accessed via the Facebook API is processed in real time and is not stored beyond what is technically necessary to generate and send a response.

    Operational logs, if any, are retained for a maximum period of 30 days for debugging purposes and are then deleted. No user personal data is archived, backed up to external systems, or stored in a form that allows long-term identification of individuals.

    Data published to the Facebook Pages (posts) is retained on the Facebook platform in accordance with Meta's own data retention policies.

    7. Data Sharing and Third-Party Disclosure

    Support Agent does not share, sell, rent, or otherwise disclose personal data to any third parties, with the sole exception of Meta Platforms, Inc. (Facebook), whose API is used to operate the Application.

    All data transmitted to and from Facebook is subject to Meta's Privacy Policy, available at: https://www.facebook.com/privacy/policy/

    No data processors, sub-processors, or other third-party vendors have access to personal data processed by Support Agent.

    8. International Data Transfers

    Support Agent operates across the Facebook Pages of three countries: Hungary (HU), Romania (RO), and Bulgaria (BG) — all of which are Member States of the European Union. As such, data subjects are primarily located within the EU/EEA.

    All processing is conducted within the EU/EEA. Data transmitted to Meta's servers may be transferred to the United States or other countries in accordance with Meta's Standard Contractual Clauses and applicable GDPR transfer mechanisms. Support Agent itself does not independently transfer personal data outside the EU.

    9. Rights of Data Subjects (GDPR Chapter III)

    Individuals whose personal data is processed by Support Agent have the following rights under the GDPR:

    9.1 Right of Access (Article 15) You have the right to request confirmation of whether your personal data is being processed and, if so, to receive a copy of that data.

    9.2 Right to Rectification (Article 16) You have the right to request correction of inaccurate or incomplete personal data.

    9.3 Right to Erasure / Right to Be Forgotten (Article 17) You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent.

    9.4 Right to Restriction of Processing (Article 18) You have the right to request that processing of your data be restricted under certain conditions.

    9.5 Right to Data Portability (Article 20) Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format.

    9.6 Right to Object (Article 21) You have the right to object to processing based on legitimate interests. Upon receiving such an objection, the Data Controller will cease processing unless compelling legitimate grounds can be demonstrated.

    9.7 Right Not to Be Subject to Automated Decision-Making (Article 22) You have the right not to be subject to decisions based solely on automated processing that produce significant effects on you. The automated replies generated by Support Agent are functional responses to interactions and do not constitute decisions with legal or similarly significant effects.

    9.8 Exercising Your Rights To exercise any of the above rights, please contact the Page administrator via the relevant SlimShake Facebook Page. Requests will be responded to within 30 days in accordance with GDPR requirements.

    9.9 Right to Lodge a Complaint You have the right to lodge a complaint with a supervisory authority. Depending on your country of residence, the relevant authorities are:

    • Hungary: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) — naih.hu
    • Romania: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) — dataprotection.ro
    • Bulgaria: Commission for Personal Data Protection (CPDP) — cpdp.bg

    10. Data Security

    Support Agent implements appropriate technical and organisational measures to ensure the security of personal data, including:

    • Use of OAuth 2.0 and secure access tokens for Facebook API authentication
    • Access tokens are stored securely and are not exposed in plaintext in public repositories
    • Support Agent operates in a private, access-controlled environment
    • No personal data is stored in unencrypted flat files
    • Regular review of API permissions to ensure the principle of least privilege is maintained

    In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, the Data Controller will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.

    11. Compliance with Meta (Facebook) Platform Policies

    Support Agent is built using the Meta Graph API and operates in compliance with Meta's Platform Terms and Developer Policies. The Application:

    • Uses only the permissions necessary for its stated functions (e.g., pages_messaging, pages_read_engagement, pages_manage_posts)
    • Does not use data obtained through the API beyond the permitted use cases defined by Meta
    • Is registered as a private, personal-use application and is NOT distributed to other users or organisations
    • Does not scrape, aggregate, or re-use Facebook data for purposes beyond those stated in this policy

    12. Children's Data

    The SlimShake Facebook Pages are commercial pages aimed at adult consumers. Support Agent does not knowingly process personal data of individuals under the age of 16. Facebook's own age verification and terms of service apply to all platform users.

    13. Changes to This Privacy Policy

    This Privacy Policy may be updated from time to time to reflect changes in Support Agent's functionality, legal requirements, or operational practices. The "Last Updated" date at the top of this document will always reflect the most recent revision.

    14. Contact Information

    For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact the Page administrator through one of the following SlimShake Facebook Pages: