PROTOCOL

Privacy Policy.

Effective date: 29 May 2026 · Version 1.0

1. Who We Are

Protocol is a personal self-experimentation app developed and operated by Protocol App ("we", "us", "our"). If you have any questions about this policy, contact us at enigmafischer@gmail.com.

This Privacy Policy explains what data we collect, how we use it, and your rights as a user — particularly under the EU General Data Protection Regulation (GDPR).

2. Data We Collect

Protocol is designed with a local-first philosophy. All your experiment data lives on your device by default. An account and cloud backup are entirely optional.

Data	Where it lives	Required?
Experiment runs — which protocol you started, when, for how many days	Local device (SQLite)	Core function
Daily check-ins — date, whether the protocol task was completed, optional text note	Local device	Core function
Metric values — self-reported numerical wellness scores (e.g. energy 7/10, mood 6/10, sleep duration 7.5 h). These are numbers you enter manually; we do not access any device sensors, health APIs, or wearables.	Local device	Core function
Verdicts & kept habits — your keep/drop decision at the end of an experiment, optional note	Local device	Core function
App settings — theme, language, notification time	Local device (SharedPreferences)	Core function
Email address & password — only if you create a backup account	Supabase (cloud, EU region)	Optional
Optional profile — age range, gender, country (for aggregate analytics only)	Supabase (cloud, EU region)	Optional
Backup copy of all local data — experiment runs, check-ins, metric values, verdicts — uploaded only when you explicitly tap "Backup Now"	Supabase (cloud, EU region)	Optional
Subscription status — whether you are on a free or paid plan, purchase date, renewal date	RevenueCat & Google Play / App Store	Needed for subscription

We do not collect: precise location, contact lists, photos, microphone, camera, device identifiers beyond what the platform provides for in-app purchases.

3. How We Use Your Data

Providing the service — running experiments, logging check-ins, calculating adherence and metric deltas.
Cross-device backup and restore — syncing your data between devices when you choose to create an account.
Subscription management — verifying your plan, unlocking paid features.
Aggregate product improvement — anonymous, non-identifying usage patterns (e.g. most popular experiment categories). We never sell or share identifiable data with advertisers.

The legal basis for processing (GDPR Art. 6):

Performance of a contract — delivering the core app features you signed up for.
Legitimate interest — improving the product through aggregated analytics.
Consent — optional profile fields (age range, gender, country).

4. Data Storage and Security

Local data is stored in an SQLite database on your device, protected by the operating system's standard app sandbox. Cloud backup data is stored on Supabase, hosted on servers in the European Union. Supabase enforces Row-Level Security: each user can only access their own records. Data in transit is encrypted via TLS 1.2+.

Passwords are never stored in plain text. Supabase Auth uses bcrypt hashing.

5. Third-Party Services

Service	Purpose	Data shared	Privacy policy
Supabase	Cloud database & authentication	Account credentials, backup data	supabase.com/privacy
RevenueCat	Subscription management	Anonymous device ID, purchase receipts	revenuecat.com/privacy
Google Play / App Store	App distribution & payment processing	Purchase receipts (via your store account)	Google / Apple respective policies

We do not use advertising SDKs, tracking pixels, or third-party analytics.

6. Your Rights (GDPR)

If you are in the EU / EEA, you have the following rights:

Access — request a copy of all data we hold about you.
Correction — correct inaccurate profile data.
Erasure — delete all your data. You can do this from Settings → Delete All Data at any time. To also delete your cloud account, contact us.
Portability — export your experiment history as a CSV from Settings → Export Data.
Restriction & Objection — restrict processing or object to legitimate-interest processing.
Lodge a complaint — with your local data protection authority.

To exercise any right, contact enigmafischer@gmail.com. We will respond within 30 days.

7. Data Retention

Local data — retained until you delete it from the app or uninstall.
Cloud backup — retained until you request deletion or close your account.
Subscription records — retained as required by payment processors (typically 7 years for financial records).

8. Children

Protocol is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy as the app evolves. Material changes will be communicated via an in-app notice. The "Effective date" at the top of this page reflects the latest version.

10. Contact

Protocol App
enigmafischer@gmail.com