Protocol Her is made by DZ LABS LLC, a Florida (USA) limited liability company. We are the data controller for the limited data described in this policy. You can reach us at contact@dzlabsllc.com.
This policy covers the Protocol Her iOS app (bundle com.dzlabs.protocolher) and this website.
Protocol Her has no sign-up and no user accounts. Everything you log in the app is written to a private database on your iPhone, protected with iOS Data Protection (encrypted at rest) — we never receive a copy. That includes:
Photos and lab files are additionally stored with iOS file protection and excluded from device backups, so they don't leave the phone through iCloud backup either.
If you subscribe to Protocol Her Pro, Apple processes the payment — we never see your name, card number, or Apple ID. To know whether your subscription is active, the app uses RevenueCat, which receives the App Store receipt and a randomly generated anonymous app-user ID. This is purchase information tied to a random ID, not to your identity. If you enter an optional creator code during setup, it is stored as an attribute on that same anonymous ID so we can credit the creator; it is not linked to your identity.
Protocol Her can connect to Apple Health for a single data type: your body weight. This is opt-in and off by default — you switch it on with a toggle in Profile, which asks your explicit permission. Once on, the app reads existing body-weight entries from Apple Health and writes the weights you log back to it. No other Health data is read or written. Health data stays on your device under Apple's HealthKit rules; it is never sent to our servers, never used for advertising, marketing, or any other use-based data mining, and never sold or shared with third parties.
If you email support, we receive your email address and whatever you include in the message. We use it solely to respond and keep it only as long as needed to resolve the issue.
| Provider | What they handle | Why |
|---|---|---|
| Apple | Payment processing, App Store delivery, optional Apple Health integration | Distributing the app and processing subscriptions |
| RevenueCat | App Store receipt, anonymous app-user ID, subscription status, optional creator code | Knowing whether Pro is active |
Each processor only receives what's listed above, only for the listed purpose, and is contractually required to protect your data to at least the same standard described in this policy. Neither of them may use your data for its own advertising or sell it.
The camera and photo-library permissions exist so you can take progress photos and capture bloodwork pages. These photos stay on your device (see section 2). The app never scans your photo library in the background.
Because your health data lives on your device and not on our servers, you already hold direct control over most of it: you can read, export, correct, and delete it in the app without asking us.
For the limited data we do process (support emails and anonymous subscription data), you can ask us to access, correct, delete, or export it, or to restrict or object to processing, by emailing contact@dzlabsllc.com. We respond within the timelines required by law.
Our legal bases are performance of a contract (providing the app and subscription) and legitimate interests (security, abuse prevention). You also have the right to lodge a complaint with your supervisory authority.
We do not sell or "share" personal information as those terms are defined in the CCPA, and we do not use sensitive personal information beyond what's necessary to provide the service. You have the rights to know, delete, correct, and to non-discrimination for exercising them. Submit requests to contact@dzlabsllc.com.
Protocol Her is intended for adults and is not directed to anyone under 18. We do not knowingly collect data from children. If you believe a minor has used the app, contact us and we will help remove any associated data.
On-device data is protected with iOS Data Protection (encryption at rest) and, for sensitive values, the iOS Keychain. Data in transit (subscriptions) uses TLS encryption. No system is perfectly secure, but our architecture is built so that the most sensitive data never leaves your phone in the first place.
If we change this policy in a meaningful way — for example, if a future feature moves data off-device — we'll update this page, change the effective date above, and call it out in the app before the feature applies to you.
DZ LABS LLC · Florida, USA
contact@dzlabsllc.com