Privacy Policy

Protocol is operated by AppEcho Labs LLC, Alexandria, VA 22304. For privacy questions or requests, contact support@runprotocol.app.

For users in the European Economic Area, United Kingdom, or Switzerland, AppEcho Labs LLC is the controller of personal data covered by this Policy unless a different arrangement is stated in writing.

Account data

We collect account identifiers and profile information provided through Sign in with Apple or Google Sign-In, such as your email address, name if provided by the sign-in provider, authentication provider, app user ID, and account settings.

Date of birth and age data

Protocol is for adults 18 and older. We collect your date of birth, age, or age-gate response to confirm eligibility and to support data interpretation inside the app.

Pasted claims and experiment content

We collect health claims, URLs, pasted content, notes, check-ins, adherence responses, selected outcomes, and other experiment information you enter or approve in the app.

Usage, analytics, and diagnostic data

We may collect app events, feature usage, device and operating system information, performance data, crash or error logs, referral or attribution source, and website analytics. The website may also collect waitlist emails and basic operational logs.

Subscription and purchase data

We receive subscription status, product identifiers, entitlement status, transaction identifiers, renewal status, and related purchase metadata from Apple, Google, and RevenueCat. We do not store your full payment card number.

Support communications

If you contact us, we collect the information you provide, such as your email address, message content, attachments, and related troubleshooting details.

We use personal data for the following purposes:

• Account data: to create and secure your account, authenticate you, provide support, and communicate about the Service.
• Date of birth and age data: to enforce the 18+ age gate and support interpretation of experiment data where age is relevant.
• Health data: to run your experiments, compute baselines, compare test periods, generate statistical summaries, detect missing data, and show your verdicts.
• Pasted claims and experiment content: to structure self-experiments, identify outcomes, generate check-in prompts, and explain results.
• Usage, analytics, and diagnostic data: to maintain reliability, debug errors, prevent abuse, understand feature performance, and improve Protocol.
• Subscription and purchase data: to confirm paid access, manage entitlements, process free trials and renewals, handle support, and prevent fraud.
• Support communications: to respond to your requests, investigate issues, and maintain records of support interactions.

Protocol uses Anthropic's Claude API to process pasted claims and help turn them into structured 21-day self-experiments. Pasted text, URLs, and related context may be sent to Anthropic for this purpose.

For verdict generation, Protocol sends only aggregated or statistical health information, experiment context, and caveats to the AI service. Protocol does not send raw HealthKit or Google Fit health values to the AI for verdict generation.

AI-generated outputs may contain errors or be incomplete. They are used to provide Protocol's wellness self-experimentation features and are not medical advice.

We use service providers to operate Protocol. They may process data only as needed to provide their services to us, subject to their own terms and privacy commitments.

• Firebase and Google Cloud: authentication, database, cloud functions, storage, security rules, logging, and backend infrastructure. These services may process account data, app data, daily health rollups, experiment data, verdict data, and operational logs.
• Anthropic: AI processing for pasted claims, experiment structuring, and verdict narrative generation. For verdicts, Anthropic receives aggregated or statistical health information, not raw health values.
• RevenueCat: subscription entitlement management, purchase status, product identifiers, transaction identifiers, renewal status, and related billing metadata.
• Apple: Sign in with Apple, Apple HealthKit permissions, Apple App Store billing, subscriptions, refunds, and platform services.
• Google: Google Sign-In, Google Fit permissions, Google Play billing, subscriptions, refunds, Firebase, Google Cloud, and platform services.
• Vercel and Resend: website hosting, website analytics, waitlist or support email operations, and related operational services.

The use of information received from Google Fit APIs will adhere to the Google Fit Developer and User Data Policy, including the Limited Use requirements.

Protocol does not sell Google Fit data, does not use Google Fit data for advertising, and does not transfer Google Fit data to advertising platforms, data brokers, or information resellers.

We do not sell personal data. We do not sell health data. We do not share personal data for cross-context behavioral advertising.

We may share personal data in the following limited situations:

• with the service providers listed above so they can operate Protocol for us;
• with Apple, Google, or RevenueCat as needed for sign-in, subscription, entitlement, cancellation, refund, and platform support;
• when you direct us to share information or use a platform feature that requires sharing;
• to comply with law, legal process, or enforceable government requests;
• to protect rights, safety, security, prevent fraud, or enforce our Terms of Service; or
• in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate protections for personal data.

We retain personal data for as long as needed to provide Protocol, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, and maintain security.

Account, experiment, health rollup, verdict, and subscription data are generally retained while your account is active. If you delete your account in the app, we will delete or de-identify account data and associated app data unless retention is required for legal, security, billing, or fraud-prevention purposes.

We may retain aggregated, de-identified, or anonymized data that no longer identifies you. Operational logs, backups, and security records may be retained for a limited period before deletion under our normal retention processes.

We use administrative, technical, and organizational safeguards designed to protect personal data, including authenticated access, Firebase security rules, access controls, encrypted transport, managed cloud infrastructure, and separation of secrets from source code. No system is perfectly secure, and we cannot guarantee that unauthorized access, loss, misuse, or disclosure will never occur.

We do not claim any external security certification, audit result, or compliance status in this Policy.

Protocol supports in-app data export and account deletion. You can also contact support@runprotocol.app to request access, correction, deletion, export, or other privacy assistance.

You can control Apple HealthKit and Google Fit permissions in your device or platform settings. You can manage app subscriptions through your Apple App Store or Google Play account settings.

If the Virginia Consumer Data Protection Act applies to your information, Virginia residents may have the right to confirm whether we process personal data, access personal data, correct inaccuracies, delete personal data, obtain a portable copy of personal data, and opt out of targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

We do not sell personal data or use personal data for targeted advertising. To exercise rights, contact support@runprotocol.app. If we deny a request, you may appeal by replying to our decision or emailing us with the subject line “Privacy Appeal.”

If the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to your information, California residents may have rights to know, access, correct, delete, and obtain a copy of personal information, and to limit certain uses of sensitive personal information.

The categories of personal information we collect are described in Sections 2 and 4. The purposes for collection and use are described in Section 5. The categories of third parties and service providers are described in Sections 7 and 9. We do not sell personal information and do not share personal information for cross-context behavioral advertising. We do not offer financial incentives in exchange for personal information.

If the GDPR or UK GDPR applies, our legal bases may include performance of a contract, consent or explicit consent for health data permissions, legitimate interests in operating and securing the Service, compliance with legal obligations, and your consent where required by law.

Depending on your location and the context, you may have rights to access, rectify, erase, restrict, or object to processing; request portability; withdraw consent; and lodge a complaint with a supervisory authority. Withdrawing HealthKit or Google Fit permission may limit Protocol's ability to provide core experiment features.

Protocol is for adults 18 and older and is not directed to children or teens. We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has provided personal data to Protocol, contact us so we can take appropriate action.

Protocol is operated from the United States, and our service providers may process data in the United States and other countries. If you access Protocol from outside the United States, your information may be transferred to, stored in, or processed in countries that may have different data-protection laws than your country.

Attorney review required: Counsel should confirm whether additional international-transfer terms, standard contractual clauses, representative language, or region-specific notices are required before publication.

We may update this Privacy Policy as Protocol evolves or as legal, technical, or business needs change. If changes are material, we will provide notice in a reasonable way, such as in the app or by email. The updated Policy will state its effective date.

AppEcho Labs LLC, Alexandria, VA 22304.
Privacy contact: support@runprotocol.app.