Privacy Policy

1. Information We Collect

We collect: email address, name, demographic information provided at signup (age range, gender, health goal), blood work values you enter, dose logs, and usage data. We do not collect payment card details — payments are handled by Stripe.

2. How We Use Your Information

To provide the platform (lab tracking, AI analysis, dose logging), to send transactional emails (lab reminders, account confirmations), to improve the platform using anonymized aggregate data, and to comply with legal obligations.

3. Data Storage

Your data is stored securely in Supabase (PostgreSQL) with row-level security policies ensuring only you can access your personal data.

4. Anonymized Research Data

We may use anonymized, aggregated data (e.g., average IGF-1 changes by protocol) for research and product improvement. No individual can be identified from this data.

5. Sharing

We do not sell your personal data. We share data with: Supabase (database), Stripe (payments), Resend (email), and Anthropic (AI analysis — only your lab values, no PII).

6. Cookies

We use session cookies for authentication only. No advertising or tracking cookies.

7. Your Rights

You may request deletion of your account and data at any time by emailing hello@myprotocolstack.com. We will delete your data within 30 days.

8. Children

This platform is not intended for users under 18. We do not knowingly collect data from minors.

9. Security

We implement industry-standard security: HTTPS, encrypted connections, row-level security in our database, and secure password hashing via Supabase Auth.

10. HIPAA

MyProtocolStack is not a HIPAA-covered entity. Do not enter PHI (Protected Health Information) of other individuals.

11. California Residents (CCPA)

California residents have the right to know what data we collect, request deletion, and opt out of sale (we do not sell data).

12. Changes

We will notify users of material changes to this policy via email.

13. Contact

Privacy questions: hello@myprotocolstack.com