PPROTOKOL

Legal

Privacy Policy

Effective May 2026

The short version: Your protocol data is yours. We store it so you can sync across devices, we don't sell it, and we don't share it with advertisers or insurers. You can export or delete everything at any time.

This Privacy Policy explains how MyPalate Technologies ("we," "us," "our") collects, uses, and protects your information when you use the Protokol mobile application (the "App") and related services. By using Protokol, you agree to the practices described here.

1. Information we collect

Account information

When you create an account, we collect your email address and an encrypted password (handled by Firebase Authentication). If you sign in with Apple, we receive only the identifier and email relay you choose to share.

Profile information

You can optionally provide your name, age range, sex, height, weight, goals, and experience level. This is used to personalize the app (e.g., reference ranges for bloodwork are sex-specific).

Health and protocol data

Protokol is a tracker. The data you log stays under your account and includes:

  • Compounds, doses, schedules, and injection history
  • Cycles, templates, and protocol adherence
  • Bloodwork values and biomarker history
  • Weight, body measurements, and progress photos
  • Sleep, water, fasting, workouts, blood pressure, and HRV
  • Macros and nutrition logs
  • Journal entries, mood, and side-effect notes

Apple Health

If you grant permission, Protokol reads selected metrics from Apple Health (such as steps, sleep, heart rate, and weight) to display them alongside your protocol. We only request the categories you approve, and we do not write data back to Apple Health unless you explicitly opt in.

Device and usage data

We use Firebase Analytics and Crashlytics to understand how the App is used and to diagnose crashes. This includes anonymous device model, OS version, app version, screen views, feature events, crash logs, and a randomly generated installation ID. We do not collect your precise location or your contacts.

2. How we use your information

  • To provide the App's core tracking, sync, and reminder features
  • To send notifications you have enabled (e.g., pin reminders, weekly summaries)
  • To diagnose crashes, fix bugs, and improve performance
  • To respond to support requests sent to support@protokolapp.ca
  • To prevent fraud, abuse, and security incidents
  • To comply with legal obligations

3. AI features (premium, opt-in)

Future premium features may use a third-party AI provider to generate insights, summaries, or correlation analyses based on your data. When you use an AI feature, the relevant subset of your data is sent through our secure server proxy to the AI provider for processing. We do not allow your data to be used to train the provider's models. AI features are off by default and require an active premium subscription.

4. How we store and protect your data

Protokol uses a local-first architecture. Data is written to your device first (via encrypted on-device storage) and then synced to Google Cloud Firestore. Firestore Security Rules restrict access so that only your authenticated account can read or write your data. Transit is encrypted with TLS, and data at rest is encrypted by Google Cloud.

5. Sharing

We do not sell your personal information. We do not share your health or protocol data with advertisers, data brokers, insurers, or employers. We share information only with service providers who process data on our behalf (Google Firebase, Apple, our email provider), legal authorities when required by valid legal process, and successors in interest in the event of a merger or acquisition (you will be notified and given the opportunity to delete your data first).

6. Your rights and controls

You can, at any time, from within the App:

  • Export your full data as JSON
  • Delete any individual log, compound, or cycle
  • Disable notifications, analytics, or Apple Health sync
  • Delete your account and all associated data via Settings → Account & Sync → Delete Account

Account deletion is permanent. We process deletion requests within 30 days and remove backups within 90 days. Depending on your location, you may have additional rights under laws such as GDPR, CCPA/CPRA, or PIPEDA. Contact support@protokolapp.ca to exercise these rights.

7. Children

Protokol is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18.

8. International users

Protokol is operated from Canada and uses cloud infrastructure primarily in North America. By using the App, you consent to your information being transferred to and processed in Canada and the United States.

9. Changes to this policy

We may update this Privacy Policy as the App evolves. Material changes will be communicated through the App or by email.

10. Contact

Questions, requests, or complaints about privacy:
support@protokolapp.ca
MyPalate Technologies, Vancouver, British Columbia, Canada