Privacy Policy
Last Modified: June 20, 2026
Your health protocol is personal. We treat it that way. This Privacy Policy explains, in plain English, what Protocol Fitness Technologies, Inc. ("Protocol," "we," "us," or "our"), operating the consumer product Start My Protocol, collects, uses, and protects when you visit startmyprotocol.com or use the Start My Protocol app and coaching marketplace.
1. Who we are
Start My Protocol is the consumer product of Protocol Fitness Technologies, Inc., a Delaware C-Corporation based in San Francisco. Two founders, Diana and Dan, run it. You can reach a human at contact@startmyprotocol.com.
2. What we collect
Account info: your name, email address, and (optionally) your WhatsApp number, plus any password or login credentials you set up.
Your protocol log: the supplements, sleep, training sessions, fasting windows, lab values, notes about how you felt, and any other entries you choose to add. This includes text you type and audio you record if you use voice input.
Billing info: if you purchase premium coaching or any other paid service, our payment processor handles the actual card details. We see the amount, status, and the last four digits, never the full card number.
Site and app usage: standard server logs (IP address, browser, device, referrer, timestamps) and aggregated analytics on what features you use.
Communications: any emails, in-app messages, or WhatsApp messages you send us or your coach.
3. What we use it for
- To run the product. Our automated insights and recommendations need your protocol log to actually help you.
- To deliver coaching you request. When you engage a coach through the Service, we share the relevant data with them so they can guide you (see Section 5).
- To send you account and billing emails (receipts, security notices, plan changes).
- To respond when you contact us.
- To improve the product. We look at aggregate, anonymized usage to figure out what's working and what isn't.
- To send occasional updates about what we're building. Only with your consent, unsubscribable any time.
4. What we don't do
We do not sell your data. Ever. We do not run third-party advertising. We do not share your individual protocol entries with anyone outside Protocol and the coach you choose to work with, except where strictly required by law or to keep the service running (see Section 5).
5. Who we share it with
We share only what's needed, with vendors and coaches who help us deliver the service. Each is bound by confidentiality.
- Your coach. If you engage a coach through the marketplace, we share the parts of your protocol log and account that your coach needs to guide you. Coaches act through the Service and under their agreement with Protocol: they may use your data only to serve you within the Service, and may not take it off-platform, keep it, or use it for their own purposes if they stop working with Protocol. Your relationship and your data stay with Protocol.
- Payments: Stripe (web), Apple (App Store in-app purchases), Google (Google Play in-app purchases).
- Automated insights: Anthropic, to generate the personalized analysis you see in the app. Your protocol log is sent only for the purpose of generating your response. It is not used to train their models.
- Email and analytics: SendGrid, Google Analytics, Cloudflare.
- Hosting: Cloudflare and AWS.
- Legal and accounting: our outside counsel and accountants, under standard confidentiality.
We may also disclose data if we are legally required to (subpoena, court order, regulatory request) or to protect Protocol, our members, or the public.
6. International transfers
Our team is split between the US and Europe. Personal data may be processed in the US, the EU, and the UK. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.
7. How long we keep it
We keep your account and protocol log for as long as your account is active. If you cancel or delete your account, we delete your data within 30 days, except where law requires us to keep certain records (billing receipts, tax records). Backup copies may persist for a limited rolling window after which they are also deleted.
8. Your rights
You can:
- Export your protocol log at any time. Your data is yours.
- Correct anything inaccurate.
- Delete your account and everything in it.
- Withdraw consent for marketing emails.
- Object to certain processing if you live in the EEA, UK, or California.
To exercise any of these, email contact@startmyprotocol.com. We respond within 14 days.
9. Security
We use industry-standard safeguards: encryption in transit, encryption at rest, access controls, and least-privilege provisioning. No system is perfectly secure. If we ever have a breach affecting your data, we will notify you as required by applicable law.
10. Children
Start My Protocol is not for anyone under 18. We do not knowingly collect data from children. If you think we have, contact us and we will delete it.
11. Updates
We may update this Policy. The "Last Modified" date at the top reflects the most recent revision. Significant changes are communicated by email to active members.
12. Contact
Protocol Fitness Technologies, Inc.
d/b/a Start My Protocol
2261 Market Street, STE 46132
San Francisco, CA 94114
Email: contact@startmyprotocol.com