Legal

Privacy Policy

Established: 15 July 2026 Last updated: 15 July 2026

What Else Labs (“we”, “us”) is a cyber security consulting practice based in Japan. This policy explains how we handle personal information in connection with whatelselabs.com (the “Site”) and our consulting services, in accordance with Japan’s Act on the Protection of Personal Information (Act No. 57 of 2003, the “APPI”) and related guidelines.

01 What we collect

02 Purposes of use

We use personal information only for the following purposes:

If we need to use personal information beyond these purposes, we will obtain your consent in advance, except where otherwise permitted by the APPI. We do not sell personal information.

03 Provision to third parties

We do not provide personal information to third parties without your prior consent, except where permitted by the APPI — for example where required by law, where necessary to protect a person’s life, body, or property, or where we entrust processing to service providers (such as hosting and email providers) within the scope of the purposes above. Entrusted providers are supervised appropriately as required by the APPI.

04 Overseas service providers

Some infrastructure we use (for example website hosting and email) is operated by providers located outside Japan, including in the United States. Where personal information is handled by such providers, we take measures required under the APPI regarding provision to third parties in foreign countries, and choose providers that maintain appropriate data-protection standards.

05 Security management

We take necessary and appropriate security measures against loss, destruction, alteration, and leakage of personal information — including encryption in transit, access controls, least-privilege, and periodic review. As a security consultancy, we hold ourselves to the standards we advise. If a reportable incident occurs, we will notify affected individuals and the Personal Information Protection Commission as required by the APPI.

06 Retention

We keep personal information only as long as needed for the purposes of use, then delete it without undue delay. Contract and accounting records are retained for the periods required by Japanese law (for example, tax-related retention periods) and then disposed of securely.

07 Disclosure & correction requests

Under the APPI you may request disclosure, correction, addition, deletion, cessation of use, or cessation of third-party provision of your retained personal data. Email hello@whatelselabs.com; we will confirm your identity and respond without undue delay. There is no charge for reasonable requests.

08 Complaints

Complaints about our handling of personal information can be sent to hello@whatelselabs.com. We will respond promptly and in good faith. You may also contact the Personal Information Protection Commission (個人情報保護委員会) or your local consumer affairs centre.

09 Changes

We may update this policy to reflect changes in law or our practices. The current version is always published on this page with its “last updated” date.

10 Contact

Business operator: What Else Labs (Japan)
Personal-information contact: hello@whatelselabs.com

← Back to home