P
PROTOCOLBeta v0.1Back to Home

Privacy Policy

Last Updated: January 8, 2026

Quick Summary

✓ Your workout data stays on your device (we can't see it)
✓ We only collect your email for beta access
✓ We use minimal, privacy-respecting analytics
✓ We never sell your data
✓ You can delete your data anytime
✓ Cloud sync is optional (coming later)

1. Introduction

This Privacy Policy explains how Protocol ("we," "us," or "our") collects, uses, and protects your information when you use our web application and related services (the "Service").

We are committed to protecting your privacy. Protocol is designed as an offline-first, local-storage application, which means your workout data stays on your device by default.

2. What We DON'T Collect (The Important Part)

Protocol is local-first. This means:

✓ We do NOT have access to your workout data
✓ We do NOT store your routines on our servers
✓ We do NOT track your exercise history
✓ We do NOT see your sets, reps, or weights
✓ We do NOT access your browser's localStorage
✓ We do NOT have cloud sync yet (coming in future releases)

Your workout data lives on your device, in your browser's localStorage. We cannot access it.

3. What We DO Collect

3.1 Information You Provide

When you sign up for the private beta, we collect:

  • Email address (required for beta access)
  • Training information (frequency, focus, current tools used)
  • Unit preference (metric or imperial)
  • Gym/area (optional, for local meetups/events)

3.2 Automatically Collected Information

We use basic analytics to understand how people use Protocol:

  • Usage data (which features are used, session duration)
  • Device information (browser type, device type, screen resolution)
  • Technical data (IP address, general location, error logs)

Note: We use privacy-respecting analytics (no cross-site tracking, no ad networks).

4. How We Use Your Information

We use the information we collect to:

  • Send you beta access invitations and setup instructions
  • Communicate product updates, bug fixes, and new features
  • Respond to your support requests and feedback
  • Improve the Service based on usage patterns
  • Analyze performance and fix bugs
  • Prevent fraud, abuse, or technical issues

We will NEVER:

  • Sell your data to third parties
  • Share your email with advertisers
  • Use your data for purposes unrelated to Protocol
  • Send spam or unsolicited marketing

5. Data Storage & Security

5.1 Where Your Data Lives

  • Workout data: Stored locally on your device (browser localStorage). We do not have access to it.
  • Beta signup data: Stored securely on our servers (email, training preferences).
  • Analytics data: Processed by privacy-respecting analytics tools (anonymized).

5.2 Security Measures

We take reasonable measures to protect your information:

  • HTTPS encryption for all data transmission
  • Secure database storage with encryption at rest
  • Access controls and authentication for our systems
  • Regular security audits and updates

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • Beta signup data: Retained while you use Protocol or until you request deletion.
  • Analytics data: Retained for 90 days, then automatically deleted.
  • Workout data: Stored locally on your device until you clear browser data or delete it manually.

7. Your Rights

You have the right to:

  • Access: Request a copy of the data we have about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Request your data in a machine-readable format
  • Opt-out: Unsubscribe from emails at any time

To exercise any of these rights, email us at: hello@useprotocol.app

8. Cookies & Tracking Technologies

We use minimal cookies and tracking:

  • Essential cookies: Required for the Service to function (e.g., session management)
  • Analytics cookies: Help us understand usage patterns (anonymized)
  • localStorage: Used to store your workout data locally on your device

We do NOT use:

  • Advertising cookies or ad networks
  • Cross-site tracking pixels
  • Social media tracking (Facebook Pixel, etc.)
  • Third-party data brokers

9. Third-Party Services

We may use the following third-party services:

  • Hosting: Vercel (for web hosting)
  • Analytics: Plausible or similar privacy-respecting tools (anonymized)
  • Email: For beta invites and transactional emails

These services have their own privacy policies. We choose vendors that respect user privacy.

🔮 10. Future: Cloud Sync (Optional)

We plan to add optional cloud sync in future releases. When available:

  • Cloud sync will be opt-in (you choose to enable it)
  • You can continue using Protocol offline-only if you prefer
  • We will clearly explain what data is synced and how it's stored
  • You can delete your cloud data at any time
  • Your data will remain encrypted and private

We will update this Privacy Policy before launching cloud sync.

11. Children's Privacy

Protocol is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

12. International Users

Protocol is operated from the United Arab Emirates. If you access the Service from outside the UAE, your information may be transferred to, stored, and processed in the UAE or other countries.

By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you via email if the changes are material
  • Post a notice in the app for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: hello@useprotocol.app

We will respond to privacy requests within 30 days.

15. GDPR & CCPA Rights

15.1 European Users (GDPR)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

15.2 California Users (CCPA)

If you are a California resident, you have rights under CCPA:

  • Right to know what personal information we collect
  • Right to delete your personal information
  • Right to opt-out of sale of personal information (we don't sell data)
  • Right to non-discrimination for exercising your rights

Summary (TL;DR)

✓ Your workout data stays on your device (we can't see it)
✓ We only collect your email for beta access
✓ We use minimal, privacy-respecting analytics
✓ We never sell your data
✓ You can delete your data anytime
✓ Cloud sync is optional (coming later)