Privacy policy

Account information: email address, hashed password, name (optional), consent timestamps, and preferences when you create an account.

Health and biometric data: data you explicitly connect or upload, including weight logs, body composition scans, recovery and HRV data from Whoop, sleep data, nutrition logs, lab results, and peptide protocol logs. This data is encrypted at rest and stored under Row Level Security — only accessible to your authenticated session.

Uploaded documents: InBody screenshots, PDFs, and medical documents you upload for OCR processing. These are stored in private, signed-URL-only storage buckets. Document contents are processed by our AI OCR pipeline (OpenAI or equivalent) using zero-data-retention API settings, and the extracted structured data is stored in your account. Raw uploaded files are retained in private storage until you delete them.

Usage data: basic product analytics (page views, feature interactions) collected in the authenticated app via our own first-party analytics — not via third-party ad or behavioral analytics networks.

Payment information: billing is handled by Stripe. We store only a Stripe customer ID and subscription status — we do not store card numbers or full payment details.

Public content site analytics: the public content site (blog, encyclopedia, marketing pages) may use standard analytics tools (e.g., Google Analytics) and advertising cookies. This applies only to public, non-authenticated pages. It does not apply to any page inside the authenticated app.

We use your data to:

• Provide the Service: aggregate your health data, generate the Verdict and Insights, and show you trends.
• Process uploaded documents via OCR to extract structured data for your account.
• Manage your subscription and process payments via Stripe.
• Send transactional emails (account confirmation, password reset, billing receipts).
• Send product updates and feature announcements — you may opt out at any time.
• Improve the Service via aggregated, de-identified analytics (never individual health data).
• Comply with legal obligations.

We do not use your health data for advertising targeting, behavioral profiling, or sale to third parties.

We do not sell, rent, or trade your personal data or health data. We share data only as described below:

Service providers (processors): we use the following sub-processors to deliver the Service. Each is bound by data processing agreements and may only process your data on our instructions:

• Supabase — database, authentication, and storage
• Vercel — hosting and edge infrastructure
• Stripe — payment processing
• OpenAI (or equivalent) — OCR processing of uploaded documents (zero-retention API setting; document contents are processed but not retained by the AI provider for training)
• Whoop, Withings — data fetched on your behalf via OAuth, consistent with their respective API terms

Legal disclosure: we may disclose your information if required by law, court order, or government authority, or to protect the rights, safety, or property of Protocolens or others.

Business transfers: if Protocolens is acquired or merged, your data may be transferred. We will notify you and you will have the right to delete your account before the transfer.

Protocolens collects personal health records as defined under the FTC Health Breach Notification Rule (16 CFR Part 318). In the event of an unauthorized breach of your health data, we will notify you and the FTC as required by law, and we will notify relevant media outlets if more than 500 residents of a state are affected.

We do not share your personal health records with third-party advertisers or ad-supported platforms. The advertising that appears on our public content site does not have access to your account, health data, or any information that identifies you as a Protocolens subscriber.

We implement reasonable technical and organizational measures to protect your data, including:

• AES-256 encryption at rest for all health data and uploaded documents.
• TLS encryption for all data in transit.
• Row Level Security on all database tables — every query is scoped to your authenticated session.
• Private storage buckets with signed-URL-only access for medical documents.
• Service-role credentials restricted to server-side operations only.
• OAuth token encryption for third-party integration credentials.

No system is perfectly secure. If you suspect unauthorized access to your account, contact us immediately at privacy@protocolens.com.

We retain your data for as long as your account is active or as needed to provide the Service. You may export or delete your data at any time from account settings.

Upon account deletion: your data is removed from production systems within 30 days and from backups within 90 days. Stripe transaction records are retained as required by law.

Whoop data is stored only as derived metrics. We do not retain raw Whoop records beyond the current sync window, consistent with Whoop's API Terms of Service.

Depending on your jurisdiction, you may have the right to:

• Know what personal information we collect about you.
• Access a copy of your personal information.
• Request correction of inaccurate information.
• Request deletion of your personal information.
• Opt out of the sale or sharing of your personal information (we do not sell or share it, but you may make this request).
• Limit the use of your sensitive personal information (including health data).
• Non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at privacy@protocolens.com or use the data export / delete functions in your account settings. We will respond within 45 days.

Authenticated app: we use only essential session cookies required to maintain your authenticated state. No advertising, behavioral analytics, or cross-site tracking cookies are set in the authenticated app.

Public content site: the marketing and content pages may use cookies for analytics (e.g., Google Analytics) and advertising (e.g., AdSense). A cookie consent banner is displayed to users in applicable jurisdictions. You may opt out via your browser settings or Google's opt-out tools.

The Service is not directed to persons under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that a user is under 18, we will delete their account and data promptly.

We may update this Privacy Policy from time to time. We will notify registered users by email and in-app notice of material changes. The effective date at the top of this page reflects the most recent update.

Questions about this Privacy Policy or our data practices? Contact us at privacy@protocolens.com.