Privacy Policy
Last updated: June 22, 2026
1. Introduction
The Living Protocol™ ("TLP", "we", "us", or "our") is operated by VaultSpark Studios LLC. This Privacy Policy describes how we collect, use, and protect your personal and health information when you use The Living Protocol application and website at thelivingprotocol.life.
We designed The Living Protocol with a privacy-first architecture. Your health data is your most sensitive personal asset, and we treat it accordingly.
2. Information We Collect
Information you provide directly:
- Account registration information (email address, display name)
- Health and biometric data (weight, body composition, training history, nutrition logs)
- Genome data you upload from third-party genetic testing services
- Legacy Vault entries (letters, time capsules, protocol snapshots)
- Communications with Protocol Coach™
Information collected automatically:
- Session and authentication data (IP address, device type, browser)
- Protocol action events (workouts logged, meals tracked — anonymized)
- System performance metrics for service reliability
3. How We Use Your Information
- Delivering and personalizing The Living Protocol service
- Generating Protocol Coach™ recommendations via the Anthropic Claude API
- Computing BioCore™ health scores and mastery axes
- Creating and maintaining your Legacy Vault entries
- Sending protocol notifications and milestone alerts you have opted into
- Improving system reliability and diagnosing technical issues
We do not use your health data to train AI models, sell data to third parties, or use data for advertising.
4. AI and Protocol Coach™
Protocol Coach™ is powered by Anthropic Claude. All AI calls are made server-side. Your health history is processed on TLP's servers; only the information needed for a specific coaching request is sent to the Anthropic API.
We do not use your health data to fine-tune or train AI models. Anthropic's commercial API terms prohibit using API calls to train models without explicit opt-in.
5. Legacy Vault Permanence
Legacy Vault entries are permanent by design. When you seal an entry, it cannot be modified or deleted — this permanence is a core feature, not a limitation.
If you close your account, your active protocol data will be deleted within 30 days. Your Legacy Vault entries will be preserved and made accessible to your designated heirs according to your inheritance settings, or held in escrow for 10 years before secure disposal.
6. Data Sharing
We share your data only in these specific circumstances:
- Heirs you designate: Your legacy content is shared with heirs according to your inheritance settings.
- Service providers: Infrastructure partners (Hetzner, Supabase) operating under data processing agreements.
- Legal requirements: If required by law, court order, or to protect the rights and safety of TLP users.
- Business transfer: If VaultSpark Studios LLC is acquired, your data transfers subject to this policy or you will be notified and given 30 days to export.
We do not sell or rent your personal information to any third party.
7. Data Security
TLP employs multiple security controls: AES-256 encryption at rest, TLS 1.3 in transit, SHA-256 vault integrity hashing, strict Content Security Policy, and mandatory multi-factor authentication for admin access.
Optional Bring Your Own Key (BYOK) encryption allows premium users to encrypt vault entries with their own AES-256-GCM key, making contents inaccessible to TLP even under legal compulsion.
8. Your Rights
- Access: Request a copy of all personal data we hold about you.
- Portability: Export your complete protocol data in machine-readable format at any time.
- Deletion: Delete your account and active protocol data. Legacy Vault entries are subject to the permanence policy above.
- Opt-out: Disable anonymized analytics at any time in Settings → Privacy.
9. Children
The Living Protocol is not intended for users under 13. Users aged 13–17 are classified as "child" accounts with a restricted data schema — no genome data, no voice recordings, and no third-party analytics. We do not knowingly collect personal information from children under 13.
10. Contact
Privacy questions or requests: contact VaultSpark Studios LLC via the support channel in your account dashboard. We respond to privacy requests within 30 days.