JLR Lab Legal Effective: 1 January 2024 Version 2.1

Privacy
Policy

This policy explains how JLR Lab collects, uses, and protects your personal data when you use our website, services, or communicate with us.

01 Introduction #

JLR Lab ("JLR Lab," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and disclose your personal information when you visit jlrlab.me (the "Site"), engage our services, or communicate with us.

By using our Site or services, you acknowledge you have read and understood this policy. If you do not agree, please discontinue use of our Site and services.

Governing law This policy is governed by the laws of Thailand, including the Personal Data Protection Act B.E. 2562 (PDPA). Where our services extend to the European Economic Area, GDPR requirements also apply.

02 Information We Collect #

We collect information you provide directly and information collected automatically.

Information you provide

  • Contact information — name, email address, phone number when you contact us or submit a project inquiry
  • Project details — business name, project description, budget range, timeline
  • Payment information — processed securely through Stripe; we do not store card data
  • Communications — emails, messages, meeting notes

Information collected automatically

  • Usage data — pages visited, time on site, referral source, browser type, device type
  • IP address and approximate location
  • Cookies and similar technologies — see Section 8

03 How We Use Your Information #

We use the information we collect to:

  • Respond to inquiries and provide project scoping and proposals
  • Deliver, manage, and improve our services
  • Send transactional communications (project updates, invoices)
  • Send marketing communications, where you have consented
  • Analyze site usage and improve user experience
  • Comply with legal obligations
  • Prevent fraud and ensure security

04 Legal Basis for Processing #

Under the PDPA and GDPR, we rely on the following legal bases:

Contractual necessity
Processing required to deliver services you have engaged us for.
Legitimate interests
Business development, fraud prevention, security, and service improvement.
Consent
Marketing emails and non-essential cookies, where you have explicitly agreed.
Legal obligation
Compliance with applicable Thai law, tax regulations, and court orders.

05 Data Retention #

We retain personal data for as long as necessary to fulfill the purposes described in this policy, or as required by law. Specifically:

  • Client project data — retained for 7 years for tax and accounting compliance
  • Inquiry and marketing data — deleted within 2 years of last contact if no engagement
  • Website analytics — aggregated and anonymized after 26 months

06 Sharing Your Information #

We do not sell your personal data. We share it only with:

  • Service providers — Stripe (payments), Google Analytics (usage), Vercel (hosting), Resend (email)
  • Professional advisors — lawyers and accountants bound by confidentiality obligations
  • Law enforcement — when required by law or valid legal process
  • Business transfers — in connection with a merger, acquisition, or asset sale

All third-party processors are contractually required to protect your data.

07 International Transfers #

JLR Lab is headquartered in Thailand. We use infrastructure hosted in Singapore (AWS ap-southeast-1) and the United States (Vercel edge network). When transferring data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where required by GDPR.

08 Cookies & Tracking #

We use the following categories of cookies:

Strictly necessaryEssential for the site to function. Cannot be disabled.
AnalyticsGoogle Analytics 4. Helps us understand how visitors use the site. Opt-out available.
PreferenceStores your theme and cookie consent choice in localStorage.

You may manage cookie preferences at any time via the cookie banner or your browser settings.

09 Your Rights #

Depending on your jurisdiction, you may have the following rights:

AccessRequest a copy of the personal data we hold about you.
RectificationRequest correction of inaccurate or incomplete data.
ErasureRequest deletion of your data, subject to legal retention obligations.
PortabilityReceive your data in a structured, machine-readable format.
ObjectionObject to processing based on legitimate interests.
Withdraw consentWithdraw consent for marketing or non-essential cookies at any time.

To exercise any of these rights, email us at privacy@jlrlab.me. We will respond within 30 days.

10 Data Security #

We implement industry-standard technical and organisational measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. No system is 100% secure; in the event of a breach, we will notify affected individuals and relevant authorities as required by law.

11 Children's Privacy #

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it promptly.

12 Third-Party Links #

Our Site may link to third-party websites. We are not responsible for their privacy practices. We encourage you to review the privacy policies of any site you visit.

13 Changes to This Policy #

We may update this policy from time to time. We will notify you of material changes by updating the effective date and, where appropriate, by email. Continued use of our Site after changes constitutes acceptance of the updated policy.

14 Contact Us #

For privacy-related inquiries:

Data Controller
JLR Lab
Email
privacy@jlrlab.me
Address
Silom Complex, Silom Road, Bangrak, Bangkok 10500, Thailand