Last updated: February 22, 2026
Protocol is a habit tracking app. We collect the minimum data necessary to provide the service. We do not sell your data, run ads, or track you across the web.
When you use Protocol, we store:
Your data is used solely to provide the Protocol service to you. This includes displaying your habits, calculating streaks, generating trend charts, and syncing across your devices. We do not use your data for advertising, analytics, or any purpose other than running the app.
Your data is stored in a Supabase-hosted PostgreSQL database with row-level security enabled. This means your data is isolated — only you can access it through your authenticated account. Data is encrypted in transit (TLS) and at rest.
We use the following third-party services to operate Protocol:
These services have their own privacy policies. We do not share your habit data, journal entries, or mood records with any third party.
Protocol uses only essential cookies required for authentication (session cookies). We do not use analytics cookies, advertising cookies, or any third-party tracking scripts.
You can export all of your data as a JSON file at any time from your account settings. You can permanently delete your account and all associated data at any time. Deletion is immediate and irreversible.
Depending on your jurisdiction, you may have the right to:
Protocol is not intended for children under the age of 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, please contact us and we will delete it.
We may update this privacy policy from time to time. Continued use of Protocol after changes constitutes acceptance of the updated policy. The date of the last update is shown at the top of this page.
If you have questions about this privacy policy or your data, contact us at hello@getprotocol.me.