Privacy Policy

Last updated: March 2, 2026

The Protocol (“the App”) is a nutrition coaching app that uses AI to analyze your meals and help you follow a personalized nutrition protocol. This policy explains what data we collect, how we use it, and your choices.

Summary

  • Your data is primarily stored on your device — with optional cloud sync for multi-device access
  • Meal photos are sent to AI for analysis — when you request feedback, photos go to our server and then to AI providers (Google Gemini, with Anthropic and OpenAI as fallbacks)
  • Minimal analytics — we use Firebase for anonymous screen-view tracking only (no personal data)
  • You can delete your data anytime — in-app or by clearing app data

Data We Collect

Information You Provide

Profile Information: Name, age, height, weight, biological sex, activity level, fitness goals, dietary restrictions, allergies, medical conditions relevant to nutrition (e.g., diabetes, GLP-1 medications), and food preferences.

Meal Data: Photos of your meals, descriptions and notes, meal type and timing, and whether a meal is marked as a “treat.”

Nutrition Protocol: Personalized macro targets, meal timing preferences, supplement recommendations, and foods to emphasize or avoid.

Conversations: Messages exchanged with the AI coaching system, including clarifying questions and protocol adjustment requests.

Automatically Generated Data

Device Identifier: A random ID generated on first use — not linked to your phone's IMEI or any identifying information.

Progress Data: Daily nutrition grades, streak information, and weekly patterns.

How We Use Your Data

On-Device Processing

Most features work entirely on your device: storing your profile, tracking meals, viewing history and progress, and managing your pantry and shopping list.

Server Communication

When you request AI feedback on a meal, we send the meal photo (compressed), your description, your nutrition protocol and goals, and recent meal context. Our server processes this and forwards it to an AI provider for analysis.

AI Providers

We use the following AI services to analyze your meals:

  • Google (Gemini) — Primary provider
  • Anthropic (Claude) — Fallback provider
  • OpenAI (GPT) — Fallback provider

Each provider has their own data retention policies (typically 30–90 days). See their respective privacy policies for details.

Barcode Lookups

When you scan a barcode, we query Open Food Facts (openfoodfacts.org), a free, open-source food database. Only the barcode number is sent; no personal data.

Data Storage

Local Storage (Your Device)

Your data is stored locally on your device: profile and preferences (encrypted by Android), meal history and photos, nutrition protocols, reports, and conversation history. Photos are stored in the app's private storage area, inaccessible to other apps.

Cloud Sync (Optional)

If you sign in with Google, your data is synced to our server (hosted on Supabase) for multi-device access. Data is encrypted in transit (HTTPS) and at rest. You can delete your cloud data at any time from the app.

Server Storage

For signed-in users, we store synced profile, meal entries, and journey data, plus basic telemetry (request counts, response times, error rates) and token usage for cost monitoring. We do not permanently store meal photos or AI conversation content on our servers.

Analytics

We use Firebase Analytics for anonymous screen-view tracking to understand which features are used. No personal information, meal content, or health data is included in analytics events.

Data Sharing

We share data with:

  • AI Providers (Google, Anthropic, OpenAI) — meal photos, descriptions, and profile context for nutrition analysis
  • Open Food Facts — barcode numbers for food database lookup

We do not sell your data or share it with advertisers.

Permissions

  • Camera — Taking meal photos and scanning barcodes
  • Internet — Communicating with our server for AI analysis
  • Notifications — Sending meal reminders and daily summaries

All permissions are optional. The app works offline for logging meals; AI analysis requires internet.

Your Rights and Choices

  • View your data — all your data is visible in the app
  • Delete individual items — remove specific meals, photos, or reports
  • Delete all data — clear the app's data in Android Settings
  • Opt out of AI analysis — log meals without sending them for feedback
  • Use offline — the app works entirely without internet

Data Security

All network communication uses HTTPS encryption. Local database is encrypted by Android. Preferences are stored in Android's encrypted storage. Photos are stored in app-private storage. Device ID is a random UUID, not a device fingerprint.

Children's Privacy

The Protocol is not intended for children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy occasionally. Significant changes will be noted with a new “Last Updated” date.

Contact

For questions about this privacy policy or your data: support@theprotocol.cc