Effective Date: February 18, 2026

jchowlabs, LLC (“Company,” “we,” “us,” or “our”) is a California single-member limited liability company providing AI, security, and technology advisory services, including educational content, interactive features, and experimental security labs.

This Privacy Policy explains how we collect, use, disclose, and protect information when you access or use our websites, including:

  • https://www.jchowlabs.com
  • https://www.jchowlabs.me
  • https://www.jchowlabs.chat
  • https://www.jchowlabs.dev
  • https://www.jchowlabs.ai
  • https://www.jchowlabs.io

(collectively, the “Sites”).

By accessing or using the Sites, you acknowledge that you have read and understood this Privacy Policy.

1. Eligibility and Age Restriction

The Sites and all associated features are intended solely for individuals 18 years of age or older.

We do not knowingly collect, process, or store personal information, voice data, biometric data, or any other information from individuals under the age of 18. If we become aware that such data has been collected from a minor, we will promptly delete it.

By using the Sites or registering for any lab environment, you represent and warrant that you are at least 18 years old.

2. Scope and Intended Audience

The Sites are directed at residents of the United States. While the Sites are accessible over the public internet and we do not restrict access by geography, our services, advisory offerings, and compliance posture are designed for a US-based audience.

If you are accessing the Sites from outside the United States, including from the European Union or European Economic Area, please be aware:

  • Your data will be processed and stored in the United States.
  • We do not represent compliance with the EU General Data Protection Regulation (GDPR) or similar non-US data protection frameworks.
  • You should independently assess whether accessing and using the Sites is appropriate given the data protection laws applicable in your jurisdiction.

3. Categories of Information We Collect

A. Information You Provide Directly

You may voluntarily provide:

  • Name or alias
  • Email address (e.g., when contacting us or registering for a lab account)
  • Messages or inquiries submitted through contact forms or email
  • Account credentials for lab access

Providing this information is optional; however, certain features may not be available without it.

B. Voice Concierge — Transcript Data (Optional)

If you choose to use the optional AI voice concierge feature:

  • Your voice input is processed in real time by ElevenLabs, our voice AI provider.
  • ElevenLabs retains both conversation transcripts and voice audio recordings on their infrastructure for 30 days, after which both are permanently deleted. We have configured our ElevenLabs account to this retention period; ElevenLabs’ default retention is longer.
  • We do not independently receive or store your audio recordings or transcripts on our own servers — this data resides solely on ElevenLabs’ infrastructure for the 30-day window.
  • Before voice processing begins, ElevenLabs presents their own consent modal informing you that you are being recorded and that data may be shared with third parties as necessary to provide the service. Voice processing does not begin until you confirm that modal.
  • The voice concierge is purely navigational — it does not ask for or collect your name, email, or any other personal information. Conversations are anonymous and not linked to any persistent identifier on our end.
  • Transcripts and audio retained by ElevenLabs during the 30-day window do not contain directly identifying information based on our current configuration and use case.
  • ElevenLabs’ handling of this data is governed by their own Privacy Policy.

Voice functionality is disabled by default and is only activated if you provide explicit consent through our privacy notice. If you decline, the voice concierge will not be available and no data is transmitted to ElevenLabs.

We do not use voice or transcript data for advertising, voice cloning, or AI model training.

C. Biometric Information — Facial Recognition Labs (Invitation-Only)

The facial recognition authentication lab is accessible only to invited, operator-vetted users. Lab accounts are created directly by jchowlabs, LLC following a review process — there is no self-service registration for the biometric lab. This controlled access model allows us to manage who enrolls biometric data and ensure data is deleted promptly when a user’s session or evaluation is complete.

If you voluntarily choose to enroll in facial recognition:

  • Facial images are captured by your device and transmitted to AWS Rekognition, Amazon Web Services’ facial recognition service, for processing.
  • Biometric templates may be generated from your facial images for authentication testing purposes.
  • Biometric data is used solely for educational and security demonstration purposes within the lab environment.

Important: Prior to any biometric data collection, you will be presented with a standalone Biometric Data Consent Disclosure that separately describes the data collected, its purpose, retention period, and third-party processors. Enrollment requires your affirmative acceptance of that disclosure. You may use lab environments without enrolling biometric data.

Biometric data:

  • Is not sold, licensed, or shared for advertising, commercial profiling, or any purpose other than operating the lab demonstration.
  • Is deleted on a rolling basis, generally within 7 days of collection or account deletion, whichever occurs first.
  • Is subject to the data handling practices of AWS Rekognition, governed by AWS’s Privacy Notice.

D. Authentication Lab — Operational Logs

When you interact with the authentication lab environment, our servers automatically collect and log:

  • IP address of the connecting device
  • Log events, including: account creation, biometric enrollment (face ID creation), authentication attempts (face ID login), and related system events

These logs are collected for operational integrity, abuse prevention, and security monitoring purposes. This is consistent with standard logging practices for any authentication system.

Log data is retained for 30 days and then deleted on a rolling basis.

We do not use log data to build profiles, track behavior across other sites, or share with third parties except as required for security incident response or legal compliance.

E. Cookies and Tracking Technologies

We use a small number of cookies on the Sites. We do not use advertising cookies, retargeting pixels, or any third-party tracking technology beyond what is described below.

What Is a Cookie?

A cookie is a small text file placed on your device by a website. Cookies serve different purposes — some are essential to the operation of a site or feature, while others collect information about how you use the site.

Cookies We Set

1. Consent Preference (localStorage)

  • Set by: jchowlabs, LLC (first-party)
  • Storage mechanism: Browser localStorage, not a cookie. This entry never leaves your device and is never transmitted to any server.
  • Key: cookieConsent
  • Purpose: Remembers your privacy banner selection (accepted or declined), including a timestamp of when you made your choice and a version number tied to our current Privacy Policy. This prevents the banner from reappearing on subsequent visits unless we make a material update to this policy.
  • Consent required: No — this entry is strictly functional. It is set regardless of whether you accept or decline, solely to honor your privacy choice. It contains no tracking data.
  • Retention: Persists until you clear your browser’s site data for jchowlabs.com. Note that clearing cookies alone will not remove this entry — you must clear site data or localStorage specifically. The banner will reappear automatically if we update this policy to a new version.

2. Google Analytics Cookies

  • Set by: Google (third-party)
  • Purpose: Collects anonymized information about pages visited, session duration, browser type, and device category. Used solely to understand which content, articles, and lab features visitors engage with so we can improve the Sites.
  • Consent required: Yes — these cookies are only set if you explicitly accept via the privacy banner. If you decline, Google Analytics is not activated and no data is transmitted to Google.
  • IP anonymization: Enabled. We do not collect precise location data.
  • Retention: Per Google Analytics default configuration (approximately 14 months).
  • Google’s privacy policy: https://policies.google.com/privacy

Cookies We Do NOT Set

We do not set or permit:

  • Advertising or retargeting cookies
  • Social media tracking pixels
  • Cross-site tracking of any kind
  • Any analytics or behavioral cookies without your prior consent

Managing Your Consent Preference

You may change your consent preference at any time by clearing your browser’s site data for jchowlabs.com (Application → Storage → Clear site data in Chrome DevTools, or equivalent in your browser). Note that clearing cookies alone will not reset your preference — you must clear site data or localStorage specifically. Once cleared, the privacy banner will reappear on your next visit.

You may also disable cookies entirely through your browser settings, which will prevent Google Analytics cookies from being set even if you have previously accepted.

4. How We Use Information

We use collected information only to:

  • Operate and maintain the Sites and lab environments
  • Provide and improve optional voice and biometric lab features
  • Support security education and technology demonstrations
  • Monitor system performance, detect abuse, and maintain security
  • Respond to inquiries and communications
  • Comply with applicable legal obligations

We do not sell personal information. We do not use personal information for advertising or commercial profiling.

5. Consent and Feature Gating

We use layered consent:

  • A privacy notice (displayed on first visit) controls activation of Google Analytics and the voice concierge. Declining consent disables both.
  • Lab registration requires acknowledgment of this Privacy Policy and our Terms of Service before an account can be created.
  • Biometric enrollment requires a separate, affirmative consent via a standalone Biometric Data Consent Disclosure presented at the point of enrollment. This consent is independent of the lab registration acknowledgment.

Declining any layer of consent will not prevent access to informational content on the Sites.

6. Third-Party Service Providers

We use the following third-party providers to operate the Sites:

Provider
Purpose
Data Involved
Amazon Web Services
Hosting and infrastructure
All data processed on our servers
Amazon Web Services Rekognition
Facial recognition processing
Facial images, biometric templates
ElevenLabs
Voice concierge processing
Voice input, conversation transcripts
Google Analytics
Site traffic analytics (consent-gated)
Anonymized page visit data

These providers act as service providers or data processors and are contractually limited in how they may use data. Their processing is subject to their respective privacy policies and, where applicable, data processing agreements.

We do not authorize any service provider to use your information for their own independent marketing or commercial purposes.

7. Data Retention

Data Type
Retention Period
Lab account credentials and profile
Rolling 7-day deletion cycle
Biometric templates (face ID)
Deleted with associated lab account; max 7 days
Authentication lab logs (IP, log events)
30 days, then deleted
Voice concierge transcripts and audio recordings
30 days on ElevenLabs infrastructure, then permanently deleted
Google Analytics data
Per Google Analytics default configuration (~14 months)
Contact form / email inquiries
Retained as needed for correspondence; deleted upon request

8. Data Security

We implement reasonable administrative, technical, and organizational safeguards, including:

  • Secure cloud infrastructure hosted on AWS
  • Restricted administrative access to systems containing personal data
  • Regular automated deletion cycles for time-limited data categories

No system can guarantee complete security. In the event of a data breach affecting your personal information, we will notify affected individuals and relevant authorities as required under applicable law, including California Civil Code §1798.82, within a reasonable timeframe.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Access a copy of your personal information
  • Correct inaccurate personal information
  • Delete your personal information (subject to limited exceptions)
  • Limit the use of sensitive personal information (including biometric data)
  • Non-discrimination for exercising your privacy rights

We do not sell or share personal information as defined under the CCPA/CPRA.

To submit a request: Email privacy@jchowlabs.com with the subject line “California Privacy Request” and a description of your request. We will acknowledge receipt within 10 business days and respond substantively within 45 days. If additional time is required, we will notify you and may extend the response period by up to an additional 45 days as permitted by law.

We will take reasonable steps to verify your identity before processing access or deletion requests.

10. Biometric-Specific State Rights

If you are a resident of Illinois, Texas, Washington, or another state with a biometric privacy statute, you may have additional rights regarding the collection, use, and retention of biometric data, including the right to:

  • Receive notice before biometric data is collected
  • Provide written consent prior to collection
  • Request deletion of biometric data

We address these rights through our standalone Biometric Data Consent Disclosure, presented at the point of enrollment. If you wish to request deletion of biometric data outside of that flow, please contact us at privacy@jchowlabs.com.

11. International Users

The Sites are operated from the United States. By accessing the Sites from outside the United States, you understand and acknowledge that:

  • Your information will be transferred to and processed in the United States
  • We do not represent compliance with the GDPR, UK GDPR, PIPEDA, or other non-US data protection frameworks
  • US privacy law may provide different protections than those available in your jurisdiction

If you are located in the EU/EEA or another jurisdiction with data transfer restrictions, we recommend you carefully consider whether to use the Sites or submit any personal information.

12. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised effective date.

For non-material changes, continued use of the Sites constitutes acceptance of the updated Policy.

For material changes — particularly those affecting how we collect or use sensitive personal information, biometric data, or voice data — we will provide advance notice and, where required by applicable law, seek fresh consent before the changes take effect.

13. Contact Information

jchowlabs, LLC
California, United States
Privacy inquiries: privacy@jchowlabs.com