PPROTOKOL

Legal

Privacy Policy

Effective May 3, 2026

The short version:Your protocol data is yours. We store it so you can sync across devices, we don't sell it, and we don't share it with advertisers or insurers. You can export or delete everything at any time.

This Privacy Policy explains how MyPalate Technologies ("we," "us," "our") collects, uses, and protects your information when you use the Protokol mobile application (the "App") and related services. By using Protokol, you agree to the practices described here.

1. Information we collect

Account information

When you create an account, we collect your email address and an encrypted password (handled by Firebase Authentication). If you sign in with Apple, we receive only the identifier and email relay you choose to share.

Profile information

You can optionally provide your name, age range, sex, height, weight, goals, and experience level. This is used to personalize the app (e.g., reference ranges for bloodwork are sex-specific).

Health and protocol data

Protokol is a tracker. The data you log stays under your account and includes:

  • Compounds, doses, schedules, and injection history
  • Cycles, templates, and protocol adherence
  • Bloodwork values and biomarker history
  • Weight, body measurements, and progress photos
  • Sleep, water, fasting, workouts, blood pressure, and HRV
  • Macros and nutrition logs
  • Journal entries, mood, and side-effect notes

Apple Health

If you grant permission, Protokol reads selected metrics from Apple Health (such as steps, sleep, heart rate, and weight) to display them alongside your protocol. We only request the categories you approve, and we do not write data back to Apple Health unless you explicitly opt in. Apple Health data stays on your device unless you also enable cloud sync — in which case the synced subset is stored under your account in Firebase.

Device and usage data

We use Firebase Analytics and Firebase Crashlytics to understand how the App is used and to diagnose crashes. This includes anonymous device model, OS version, app version, screen views, feature events, crash logs, and a randomly generated installation ID. We do not collect your precise location or your contacts.

2. How we use your information

  • To provide the App's core tracking, sync, and reminder features
  • To send local and push notifications you have enabled (e.g., pin reminders, weekly summaries)
  • To diagnose crashes, fix bugs, and improve performance
  • To respond to support requests sent to support@protokolapp.ca
  • To prevent fraud, abuse, and security incidents
  • To comply with legal obligations

3. AI features (premium, opt-in)

Future premium features may use a third-party AI provider (such as Anthropic) to generate insights, summaries, or correlation analyses based on your data. When you use an AI feature:

  • The relevant subset of your data is sent through our secure server proxy to the AI provider for processing.
  • We do not allow your data to be used to train the AI provider's models.
  • You can disable AI features at any time in Settings.

AI features are off by default and require an active premium subscription.

4. How we store and protect your data

Protokol uses a local-first architecture. Data is written to your device first (via encrypted on-device storage) and then synced to Google Cloud Firestore, hosted by Google Cloud Platform. Firestore Security Rules restrict access so that only your authenticated account can read or write your data. Transit is encrypted with TLS, and data at rest is encrypted by Google Cloud.

No system is perfectly secure. We follow industry-standard practices but cannot guarantee absolute security.

5. Sharing

We do not sell your personal information. We do not share your health or protocol data with advertisers, data brokers, insurers, or employers.

We share information only with:

  • Service providers who process data on our behalf (Google Firebase, Apple, our AI provider for opt-in features, our email forwarder Cloudflare). These providers are contractually required to protect your information.
  • Legal authorities, when required by valid legal process. We will push back on overbroad requests.
  • Successors in interest, in the event of a merger, acquisition, or asset sale. You will be notified of any such change and given the opportunity to delete your data first.

6. Your rights and controls

You can, at any time, from within the App:

  • Export your full data as JSON
  • Delete any individual log, compound, or cycle
  • Disable notifications, analytics, or Apple Health sync
  • Delete your account and all associated data via Settings → Account & Sync → Delete Account, or by emailing support@protokolapp.ca

Account deletion is permanent. We process deletion requests within 30 days and remove backups within 90 days.

Depending on your location, you may have additional rights under laws such as the GDPR (EU/UK), CCPA/CPRA (California), or PIPEDA (Canada), including rights to access, correct, port, or restrict processing of your data. Contact support@protokolapp.ca to exercise these rights.

7. Children

Protokol is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, contact us and we will delete it.

8. International users

Protokol is operated from Canada and uses cloud infrastructure primarily in North America. By using the App, you consent to your information being transferred to and processed in Canada and the United States, which may have data protection laws different from those in your jurisdiction.

9. Changes to this policy

We may update this Privacy Policy as the App evolves. Material changes will be communicated through the App or by email. The "Effective" date at the top of this page shows when the current version took effect.

10. Contact

Questions, requests, or complaints about privacy:
support@protokolapp.ca
MyPalate Technologies, Vancouver, British Columbia, Canada