Privacy Policy

Last updated: February 2026

Protocol ("we," "us," or "our") operates the Protocol mobile application and the protocolapp.co website. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

What Data We Collect

  • Account information: Your email address and display name when you create an account.
  • Reflection responses: The text you write when reflecting on podcast episodes.
  • Quiz scores and answers: Your quiz results, including which questions you answered correctly and incorrectly.
  • Usage data: Basic analytics such as which episodes you interact with and how often you use the app.
  • Payment information: If you subscribe to Premium, payment details are collected and processed by Stripe. We do not store your full credit card number.

How We Use Your Data

  • To provide and improve the service: Your reflections and quiz answers power the learning experience. We use aggregate, anonymized data to improve quiz generation quality.
  • To generate personalized quizzes: Episode content is sent to our AI provider to generate quiz questions. Your personal reflections are not shared with third parties for marketing purposes.
  • To communicate with you: We may send transactional emails related to your account, billing, or important service updates.

Third-Party Services

Protocol relies on the following third-party services to operate:

  • Supabase: Authentication and database hosting. Your account data and learning content are stored securely on Supabase infrastructure.
  • Stripe: Payment processing for Premium subscriptions. Stripe handles all payment data in accordance with PCI-DSS standards.
  • OpenAI: Quiz question generation. Episode metadata and transcripts may be sent to OpenAI's API to generate quiz content. No personally identifiable information is included in these requests.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymized, aggregate data may be retained indefinitely for service improvement purposes.

Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your data, including reflections and quiz history.
  • Withdraw consent for data processing at any time by deleting your account.

Children's Privacy

Protocol is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of Protocol after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data, please contact us at hello@protocol-app.co.