DRAFT — FOR LAWYER REVIEW BEFORE PUBLICATION. NOT LEGAL ADVICE.

This document contains placeholder fields (registered address, effective date) that must be filled in before this page is made public.

Privacy Policy

Last Updated: [DATE TO BE INSERTED BEFORE PUBLISHING]

Overview

This Privacy Policy describes how JLC Testing LLC ("JLC Testing," "we," "us," or "our") collects, uses, and shares information about you when you use jlctesting.com and our related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

If you do not agree with this policy, do not use the Service.

1. Information We Collect

1.1 Information you provide directly

  • Account information. Email address, password (stored as a one-way hash), display name, age verification (you must confirm you are 18 or older).
  • Membership information. Invite code if applicable, manual access request details if you applied for membership.
  • Batch participation data. Which testing batches you have expressed interest in, joined, or contributed to. Vial donation records if you have donated samples.
  • Communications. Messages you post in batch discussion threads, support emails, and any other information you send us.
  • Payment information. Billing name and email. Full payment card details are processed by our third-party payment processor (Stripe) and are never stored on our systems.

1.2 Information collected automatically

  • Log data. IP address, browser type, operating system, referring URLs, pages visited, time spent on pages, click data, and approximate location derived from IP address.
  • Cookies and similar technologies. Session cookies for authentication, preference cookies for site settings. We do not use cookies for advertising or tracking across third-party sites.
  • Device information. Device type, screen size, language settings.

1.3 Information from third parties

  • Authentication data from Supabase Auth, which handles account login on our behalf.
  • Payment confirmations from Stripe, including transaction IDs and payment status (but not card numbers).
  • Email delivery data from Resend, including delivery status of emails we send you.
  • Laboratory results from independent third-party laboratories, linked to the batches you participated in.

1.4 Information we do NOT collect

We do not collect:

  • Social Security numbers or government IDs
  • Medical or health information
  • Information about your use of any compound
  • Information about you from data brokers or marketing lists

2. How We Use Your Information

We use the information we collect to:

  • Operate and maintain the Service
  • Authenticate your account and prevent unauthorized access
  • Process your contributions to testing batches
  • Coordinate with laboratories on your behalf
  • Send you transactional emails (account verification, password reset, batch updates, results notifications)
  • Respond to your support requests
  • Detect, investigate, and prevent fraud, abuse, or violations of our Terms of Service
  • Comply with legal obligations
  • Improve the Service through aggregated, non-identifying analytics

We do not use your information for advertising, marketing to you about third-party products, or building behavioral profiles for sale.

3. How We Share Your Information

We share information only as described below. We do not sell your personal information.

3.1 Service providers

We share information with vendors who help us run the Service. These vendors are contractually required to use your information only to perform services for us:

  • Supabase for database hosting and authentication
  • Vercel for web hosting and content delivery
  • Resend for transactional email delivery
  • Stripe for payment processing (PCI-compliant)
  • Cloudflare for DNS and security infrastructure
  • Independent laboratories (currently Janoshik Analytical Laboratory) to the extent necessary to coordinate testing of donated samples. Laboratories receive batch identifiers and sample tracking information but not your contact details unless required for return shipping.

3.2 Other members

When you participate in a batch, your display name and any messages you post in that batch's discussion thread are visible to other participants in that same batch. Your email address, real name (if different from display name), payment information, and account history are NOT visible to other members.

3.3 Legal requirements

We may disclose your information if required by law, valid legal process (subpoena, court order, search warrant), or to protect the rights, property, or safety of JLC Testing, our members, or others. Where legally permitted, we will notify you of such requests before complying.

3.4 Business transfers

If JLC Testing is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you and provide options where required by law.

3.5 With your consent

We may share information for purposes you specifically consent to.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account closure:

  • Account email and authentication data: deleted within 90 days
  • Batch participation history: retained for up to 7 years for tax, audit, and legal purposes
  • Discussion thread posts: retained but disassociated from your account if you delete your account
  • Payment records: retained as required by financial regulations (typically 7 years)
  • Backup copies: may persist in encrypted backups for up to 12 months after deletion

5. Data Security

We implement reasonable technical and organizational measures to protect your information:

  • TLS encryption for all data in transit
  • Encrypted storage at rest for sensitive fields
  • Password hashing using industry-standard algorithms (bcrypt or equivalent)
  • Row-level security policies in our database to prevent cross-account data access
  • Limited employee access on a need-to-know basis
  • Regular security audits

No system is perfectly secure. We cannot guarantee that unauthorized parties will never gain access to your information. You are responsible for keeping your password confidential and for all activity on your account.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the right to access, correct, delete, export, or restrict processing of your personal information, or to object to certain processing. To exercise any of these rights, email privacy@jlctesting.com from the email address associated with your account. We will respond within 30 days.

California residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) including the right to know what personal information we collect, the right to delete, and the right to non-discrimination for exercising your rights. We do not sell your personal information as defined by the CCPA.

European Economic Area, United Kingdom, and Switzerland residents

If you are located in the EEA, UK, or Switzerland, our legal bases for processing include performance of a contract, legitimate interests, legal obligation, and consent where specifically requested. You have the right to lodge a complaint with your local data protection authority.

7. International Data Transfers

JLC Testing is based in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your jurisdiction.

8. Children

The Service is not directed to anyone under the age of 18. We do not knowingly collect information from anyone under 18. If you believe we have inadvertently collected information from a minor, contact privacy@jlctesting.com.

9. Cookies

We use essential cookies for authentication and session management (cannot be disabled without breaking the Service) and preference cookies to remember your settings. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics that share data with advertisers.

10. Do Not Track

Because there is no industry standard for honoring DNT signals, we do not currently respond to them. However, we do not engage in cross-site behavioral tracking regardless of DNT settings.

11. Third-Party Links

The Service may contain links to third-party websites (including independent laboratory verification pages). We are not responsible for the privacy practices of those sites. Review their privacy policies before providing any information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect. Your continued use of the Service after changes take effect constitutes acceptance.

13. Contact

For privacy questions or to exercise your rights:

For general support: support@jlctesting.com
For legal notices: legal@jlctesting.com

Terms of ServicePrivacy PolicyDisclaimerHome