Privacy Policy.

We collect information you provide directly, including your name, email address, account details, selected goals, uploaded bloodwork files, profile information, shipping details, customer support messages, and order preferences.

We also collect information generated through your use of Protocol, including protocol recommendations, selected ingredients, subscription status, order history, checkout status, device information, log data, and basic site analytics.

Bloodwork files and wellness inputs can contain sensitive health-related information. We use this information to generate and manage your protocol, support customer service, improve product quality, and maintain records needed to operate the service.

Protocol is generally not a healthcare provider, health plan, or healthcare clearinghouse, and information you upload may not be protected by HIPAA. Do not upload bloodwork or health information unless you are comfortable with it being handled under this Privacy Policy.

We use information to create and manage your account, analyze uploaded bloodwork, generate protocol recommendations, calculate pricing, process checkout, fulfill and ship orders, manage subscriptions, provide support, improve the product, secure the service, and comply with legal obligations.

We may use de-identified or aggregated information to understand product performance, improve formulations, improve user experience, troubleshoot issues, and develop new features.

Protocol may use third-party providers to operate the service, including Supabase for authentication, database, and file storage; OpenAI or similar AI providers for analysis and recommendation generation; Stripe for payments and billing; Vercel for hosting; and fulfillment, shipping, analytics, security, and support providers.

These providers may process information on our behalf under their own terms, privacy policies, data-processing terms, and security practices. We share only the information reasonably needed for them to provide their services to Protocol.

Payment information is handled by Stripe or another payment processor. Protocol does not store full credit card numbers. We may receive payment status, customer identifiers, subscription identifiers, billing contact information, and limited transaction details needed to manage orders and subscriptions.

We may share information with service providers, payment processors, fulfillment and shipping partners, professional advisors, legal authorities when required, and parties involved in a business transaction such as a merger, financing, acquisition, or asset sale.

We do not sell your bloodwork files. We do not share uploaded bloodwork with advertisers for cross-context behavioral advertising.

We use reasonable administrative, technical, and organizational safeguards designed to protect information. No internet service can guarantee perfect security, and you are responsible for keeping your account access secure.

Bloodwork files are intended to be stored in private storage, and account access is intended to be protected through authentication. If we learn of a security incident that requires notice, we will provide notice as required by applicable law.

We keep information for as long as reasonably necessary to provide Protocol, maintain order history, comply with legal obligations, resolve disputes, prevent fraud, improve the service, and enforce agreements.

You may request deletion of certain information, but we may retain information where needed for legal, tax, fraud-prevention, product-safety, chargeback, dispute, or legitimate business purposes.

You can update certain account information, manage goals, upload new bloodwork, manage billing, or cancel your subscription through the service where available. You can also contact us to request access, correction, deletion, export, or restriction of certain information.

Depending on where you live, you may have additional privacy rights. We will respond to privacy requests as required by applicable law.

We may use cookies, local storage, analytics, and similar technologies to keep you signed in, remember preferences, understand site performance, detect errors, and improve the service.

Browser settings may allow you to limit cookies, but some parts of Protocol may not work correctly without them.

Protocol is not intended for children under 18. We do not knowingly collect information from children under 18. If you believe a child has provided information to Protocol, contact us and we will take appropriate steps.

We may update this Privacy Policy as Protocol changes. If changes are material, we will take reasonable steps to notify you. The updated policy applies when posted unless a later effective date is stated.