Privacy Policy
Last updated: June 7, 2026
Her Protocol exists to handle some of the most personal information there is — your hormones, your cycle, your genetics, your labs. We take that seriously. This policy explains what we collect, why, how we protect it, and the control you have over it.
The short version: We collect health information you give us and data from devices you connect, use it to generate your personalized protocol, and never sell it. You can export or delete your data at any time. The full detail is below.
1. Information we collect
We collect information in a few categories:
Information you provide
- Account details — name, email, and password when you create an account.
- Intake & health profile — your reproductive status, cycle information, symptoms, goals, conditions, medications, and similar details you enter.
- Uploaded files — bloodwork, lab reports, genetic data exports, and body-composition reports you choose to upload.
- Payment information — processed by Stripe; we do not store your full card number.
Information from connected services
- Wearable data — if you connect a device such as an Oura Ring, we receive metrics like heart-rate variability, sleep, and readiness on the schedule you authorize.
Information collected automatically
- Usage and device data — basic technical information (browser, approximate region, timestamps) needed to operate and secure the service.
2. How we use your information
We use your information to:
- Generate and update your personalized protocol recommendations.
- Parse and structure data from files you upload so it can inform your protocol.
- Sync and display data from wearables you connect.
- Operate your account, process payments, and provide support.
- Maintain the security and integrity of the service.
- Communicate with you about your account and the service.
We do not use your health, genetic, or biometric data for advertising, and we do not sell it.
3. Health & genetic data
Some of what you share with us — lab values, genetic information, hormone and cycle data — is sensitive personal information that receives heightened protection under various laws. We treat it accordingly:
- We process this data only to provide the service to you.
- We do not disclose it to third parties for their own purposes.
- Where required, we obtain your explicit consent before processing it, and you can withdraw that consent.
Important about genetic data: If you upload genetic information, we extract only the specific markers relevant to your protocol and store them securely. We do not share genetic data with insurers, employers, or data brokers. Genetic privacy is protected by specific laws (including the federal Genetic Information Nondiscrimination Act and various state laws), and we honor those protections.
Not a covered entity / not medical records: Her Protocol is a wellness and optimization platform, not a healthcare provider, and the app itself does not provide medical care. Information you share here is generally not a medical record held by a HIPAA-covered entity. When you work with a partner physician through the platform, that clinician's handling of your protected health information is governed by their own obligations and notices.
4. When we share data
We share data only in these limited circumstances:
- Service providers — vendors who help us operate (e.g. hosting, database, payment processing, AI processing), bound by contract to protect your data and use it only to provide their service to us.
- Partner physicians — if and when you engage a clinician through the platform, with your knowledge.
- Legal requirements — when required by law, or to protect rights, safety, and security.
- Business transfers — if Her Protocol is involved in a merger or acquisition, with notice to you and continued protection of your data.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
5. AI processing
We use artificial intelligence (including large language models provided by third parties) to generate protocol recommendations, parse uploaded files, and power in-app guidance. When your data is processed by these systems, it is used to produce your output and is handled under agreements that restrict further use. AI-generated recommendations are educational and are not a substitute for professional medical advice.
6. How we protect your information
We use technical and organizational measures designed to protect your data, including encryption in transit, access controls that restrict data to your own account, and restricted backend access. No system is perfectly secure, but we work to protect your information and to limit who can access it.
7. Your rights & choices
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information.
- Export your information in a portable format.
- Withdraw consent for processing sensitive data.
- Disconnect any wearable or revoke any upload.
You can exercise most of these directly in your account settings, or by contacting us at the address below. We will not discriminate against you for exercising these rights.
8. Data retention
We keep your information for as long as your account is active or as needed to provide the service. If you delete your account, we delete or de-identify your personal information, except where we are required to retain certain records (for example, for legal or financial compliance). Disconnecting a wearable stops future syncing; previously synced data remains until you delete it.
9. Children
Her Protocol is intended for adults. We do not knowingly collect information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.
10. Changes & contact
We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you. Continued use of the service after changes means you accept the updated policy.
Questions about this policy or your data? Contact us at privacy@herprotocol.ai.