PRIVACY POLICY

Last Updated: May 11, 2025

DATA COLLECTION AND CONSENT

By providing personal data or engaging with The Protocole’s services, members consent to its collection, processing, storage, and use in accordance with this Privacy Policy. Data may be collected directly through forms, applications, and other interactions, or through automated means such as cookies, IP addresses, device information, and browser type. This data is collected to enhance security, prevent fraud, and improve service delivery. The following types of information may be collected:

  • Personal Data: Name, email address, payment information.

  • Sensitive Health Data: Medical history, diagnostic reports, blood work, peptide protocols.

  • Identity Verification: Profile photos and driver’s licenses for membership verification.

  • Optional Health Data: Additional health information voluntarily uploaded by members for peptide safety assessments. Members are solely responsible for the accuracy and completeness of any optional health data they choose to upload. The Protocole does not verify the accuracy, completeness, or relevance of such data.

  • Cookies and Tracking Data: Information collected through cookies and other tracking technologies on the website.

DATA USAGE

Data collected by The Protocole is processed solely for operational purposes, including health optimization, peptide safety assessments, membership management, regulatory compliance, fraud prevention, contractual enforcement, and dispute resolution. Additionally, data may be used for internal analytics using anonymized or aggregated data and, with explicit member consent, for marketing communications. Health data will not be used for marketing or promotional purposes without explicit consent. Health data will not be used for marketing or promotional purposes without explicit member consent.

DATA STORAGE AND SECURITY

All collected data is stored on secure data systems that implement encryption, access controls, and data protection protocols to safeguard member data. The Protocole may utilize secure third-party processors for data management and storage, each of whom is contractually obligated to adhere to industry-standard data protection practices. Access to sensitive data is restricted to authorized personnel only. The Protocole shall not be liable for any breaches, unauthorized access, or data misuse resulting from member negligence in safeguarding login credentials and personal account information.

The Protocole implements reasonable security measures to protect member data. However, The Protocole is not liable for unauthorized access resulting from unencrypted communications, including but not limited to email, SMS, or other unsecured methods. However, The Protocole cannot guarantee the security of data transmitted via email or SMS. Members are advised to use secure methods for sharing sensitive health information.

MEMBER RIGHTS AND DATA ACCESS

Members have the right to:

  • Request a complete copy of their data at any time.

  • Update or correct inaccurate information.

  • Request deletion of personal data, excluding data required for regulatory or legal compliance. Requests for deletion may be subject to applicable legal or regulatory requirements.

  • Opt out of marketing communications by replying STOP to SMS messages or by contacting us at concierge@theprotocole.com. Opting out of marketing communications will not affect membership status or access to services.

COOKIES AND TRACKING TECHNOLOGIES

The Protocole uses cookies and similar tracking technologies to monitor website traffic and assess user engagement. By using our website, members consent to the collection of cookies. Members can disable cookies through their browser settings.

DATA SHARING, PROCESSING, AND THIRD-PARTY PROCESSORS

The Protocole may share data with third-party processors solely for operational purposes, including payment processing, data storage, communications delivery, website analytics, and fraud prevention. All third-party processors are contractually required to adhere to industry-standard data protection practices. All third-party processors are contractually obligated to adhere to industry-standard data protection practices. Data will not be shared for marketing purposes without explicit consent.

DATA RETENTION AND DISPOSAL

Data is retained for as long as necessary to fulfill the purposes for which it was collected, or as required by law or regulatory obligations. Data that is no longer required for operational or regulatory purposes will be securely deleted using industry-standard disposal methods. Members will be notified of material changes to this Privacy Policy or data breaches via email, SMS, or a prominent notice on The Protocole’s website.

DATA BREACH NOTIFICATION AND LIMITATION OF LIABILITY

In the event of a data breach involving personal or health data, The Protocole will notify affected members within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, the data affected, and recommended steps members should take to protect themselves.

The Protocole is not liable for any direct, indirect, incidental, consequential, punitive, or special damages arising from data breaches, unauthorized access, data misuse, or third-party platform vulnerabilities, including those resulting from member negligence in securing login credentials. Members are responsible for maintaining the confidentiality of their login credentials. The Protocole shall not be liable for unauthorized access resulting from member negligence in securing account information.

DISPUTE RESOLUTION AND ARBITRATION

Any disputes arising under this Privacy Policy shall be resolved through binding arbitration in New York. Members waive their right to participate in class action lawsuits or class-wide arbitration. All claims must be brought individually, and the arbitrator shall not consolidate claims or award class-wide relief. This provision applies to all claims under or related to this Privacy Policy. This provision applies to all claims arising under or related to this Privacy Policy, including data privacy, breach of contract, or other disputes. All claims must be brought individually in binding arbitration, and the arbitrator shall not consolidate claims or award relief on a class-wide basis. This limitation of liability applies to The Protocole, its affiliates, service providers, and contractors. This limitation applies to data breaches occurring within The Protocole’s systems, third-party processors, service providers, or due to member negligence in safeguarding personal login credentials.

CONTACT INFORMATION AND JURISDICTION

The Protocole LLC is a U.S.-based entity and only provides services to residents of the United States. Data processing and storage are exclusively conducted within the United States. For questions regarding this Privacy Policy, data access requests, data deletion requests, or to report a data breach or security concern, please contact The Protocole LLC at:

For questions regarding this Privacy Policy, data access requests, or data deletion requests, please contact The Protocole LLC at:

Email: concierge@theprotocole.com