Privacy Policy
Last Updated: December 6, 2025
TL;DR: We collect your email and the content you create (profiles, seeds, contexts). We use it to provide the service and sync your data across devices. We don't sell your data or use it for advertising. You can delete your account and all data anytime.
1. Introduction
This Privacy Policy explains how Protocol Memory ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our service.
By using Protocol Memory, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.
2. Information We Collect
2.1 Information You Provide Directly
| Data Type |
What We Collect |
Why We Collect It |
| Email Address |
Your email address when you sign up |
Authentication, account recovery, service notifications, product updates (if opted in) |
| Profile Data |
Profile names, types, avatars, and settings you create |
To provide the core service functionality |
| Seeds & Contexts |
Tasks, goals, priorities, and background information you enter |
To generate AI prompts and maintain continuity |
| Public Profile Info |
Information you choose to make public (username, bio, etc.) |
To display your public profile to others (if enabled) |
| Preferences |
Notification preferences, theme settings, display options |
To customize your experience |
2.2 Information We Collect Automatically
| Data Type |
What We Collect |
Why We Collect It |
| Usage Data |
Features you use, pages you visit, actions you take |
To improve the service and understand how it's used |
| Device Info |
Browser type, device type, operating system |
To ensure compatibility and optimize performance |
| Authentication |
Login timestamps, session data |
Security and account protection |
2.3 Information We Do NOT Collect
We do NOT collect:
- Passwords (we use magic link authentication)
- Credit card information (payments processed by Stripe)
- Precise geolocation data
- Biometric data
- Social media credentials or connections
3. How We Use Your Information
3.1 Service Delivery
- Authenticate your account and maintain your session
- Store and sync your profiles, seeds, and contexts across devices
- Generate AI prompts based on your data
- Display public profiles (if you enable this feature)
- Provide customer support
3.2 Communications
- Transactional emails: Magic links for login, account deletion confirmations, security alerts
- Service notifications: Critical updates about the service, data migration notices, downtime alerts
- Product updates: Tips, feature announcements, and product news (ONLY if you opted in during signup)
We will NEVER:
- Send you marketing emails unless you explicitly opt in
- Sell your email address to third parties
- Use your data for advertising purposes
3.3 Service Improvement
- Analyze usage patterns to improve features
- Identify and fix bugs
- Develop new features based on how the service is used
- Monitor performance and uptime
3.4 Legal Compliance
- Comply with applicable laws and regulations
- Respond to legal requests (subpoenas, court orders)
- Protect our rights and the rights of other users
- Prevent fraud and abuse
4. How We Share Your Information
4.1 Service Providers
We use third-party service providers to operate Protocol Memory:
- Supabase: Database hosting, authentication, and cloud storage. Supabase acts as a data processor and is bound by their Privacy Policy and Data Processing Agreement.
- Stripe: We use Stripe for payment processing. Stripe handles payment information according to their Privacy Policy.
These providers only have access to information necessary to perform their functions and are obligated to protect your data.
4.2 Public Profiles
If you choose to make a profile public:
- Anyone with the link can view the information you've designated as public
- Public profiles may be indexed by search engines
- You control what information is shared and can make profiles private anytime
4.3 Legal Requirements
We may disclose your information if required by law or in response to:
- Subpoenas or court orders
- Law enforcement requests
- Legal proceedings or investigations
- Protection of our rights, property, or safety
4.4 Business Transfers
If Protocol Memory is acquired or merged with another company, your information may be transferred to the new owner. You will be notified of any such change.
4.5 What We DON'T Share
We will NEVER:
- Sell your personal information to third parties
- Share your data with advertisers or data brokers
- Use your content to train AI models without explicit permission
- Share your private profiles or data with other users
5. Data Storage & Security
5.1 Where We Store Data
Your data is stored on Supabase's infrastructure, which uses industry-standard security practices. Supabase may store data on servers located in various countries.
5.2 How We Protect Your Data
- Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
- Authentication: Secure magic link authentication (no passwords to steal)
- Access controls: Your data is only accessible to you and our authorized service providers
- Monitoring: We monitor for unauthorized access and security threats
6. Data Retention
6.1 Active Accounts
We retain your account data for as long as your account is active and as needed to provide the service.
6.2 Deleted Accounts
When you delete your account:
- Your profile data, seeds, and contexts are permanently deleted within 30 days
- Your email address is retained for 90 days to prevent immediate re-registration abuse
- Public profiles become immediately unavailable
- Backups containing your data are purged within 90 days
6.3 Legal Retention
We may retain certain information longer if required by law or to resolve disputes, enforce our Terms of Service, or protect our rights.
7. Your Rights & Choices
7.1 Access & Portability
You have the right to:
- Access all data associated with your account at any time through the app
- Export your data in a portable format from the Settings page
- Request a copy of your data by contacting us
7.2 Correction & Update
You can update or correct your information at any time through the app's Settings page.
7.3 Deletion
You can delete your account and all associated data at any time from the Settings page. This action is permanent and cannot be undone.
7.4 Opt-Out of Communications
- Product updates: You can opt out during signup or by contacting us
- Transactional emails: Cannot opt out (required for account security and service delivery)
7.5 Public Profile Control
You can make any public profile private at any time from the profile settings.
7.6 GDPR Rights (EU Users)
If you are located in the European Union, you have additional rights under GDPR:
- Right to restriction: Request that we limit how we use your data
- Right to object: Object to processing of your data in certain circumstances
- Right to withdraw consent: Withdraw consent for data processing (e.g., opt out of product updates)
- Right to lodge a complaint: File a complaint with your local data protection authority
7.7 California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and share
- Request deletion of your personal information
- Opt out of the "sale" of your personal information (we don't sell data)
- Non-discrimination for exercising your privacy rights
8. Cookies & Tracking
8.1 Cookies We Use
Protocol Memory uses minimal cookies and local storage:
- Authentication cookies: To keep you logged in (essential)
- Preference storage: To remember your theme and display settings (functional)
- Session storage: To maintain your active session (essential)
8.2 Analytics
We use Plausible Analytics, a privacy-focused analytics service that:
- Does NOT use cookies
- Does NOT track individuals across sites
- Does NOT collect personal data
- Is GDPR, CCPA, and PECR compliant by design
Plausible provides us with aggregate statistics (page views, button clicks) without identifying individual users. No opt-out is needed because no personal data is collected.
8.3 What We Do NOT Use
We do NOT use:
- Google Analytics or similar invasive tracking
- Advertising cookies or pixels
- Social media tracking pixels
- Cross-site tracking of any kind
9. Children's Privacy
Protocol Memory is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete it.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws than your jurisdiction.
By using Protocol Memory, you consent to the transfer of your information to the United States and other countries where our service providers operate.
We ensure that any international transfers comply with applicable data protection laws and that appropriate safeguards are in place.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email for material changes (if you have an account)
- Post the updated policy on this page
Your continued use of Protocol Memory after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
For GDPR-related requests, please include "GDPR Request" in the subject line and specify which right you're exercising.