Privacy Policy

Last updated: May 2026

Overview

Protocol 60 is a personal longevity protocol tracking app for iPhone. Your health data is yours. The app is designed so that your personal and health data never leaves your device. We do not operate accounts, we do not run analytics, and we do not sell or share your data with third parties.

This policy describes what data the app handles, where it is stored, and your rights under applicable law.

Who we are

Protocol 60 is a product of turrall & co., a private company based in Switzerland. For privacy enquiries, contact us at privacy@protocol60.com.

Data stored on your device

All of the following data is stored exclusively on your iPhone using Apple's on-device frameworks (CoreData and CareKit). It is never transmitted to our servers.

• Health metrics from Apple Health — heart rate variability (HRV), resting heart rate, sleep duration and stages, step count, blood oxygen saturation (SpO2), VO2 max, and body weight. These are read from Apple Health with your permission and cached locally to power the Trends screen.
• Protocol data — supplements, habits, and medications you add to your protocol, together with your daily completion records.
• App preferences — your health goal selection, notification settings, display units, and colour scheme preference.

Deleting the app from your device permanently removes all of this data. Standard iCloud device backup applies — if you have iCloud backup enabled, this data may be included in your device backup, which is governed by Apple's privacy policy.

Whoop integration (optional)

Protocol 60 offers an optional integration with Whoop, a third-party wearable platform. If you choose to connect Whoop, the following applies:

• Authentication — connecting your Whoop account requires an OAuth authentication flow. As part of this flow, an authentication code is briefly processed by our server, hosted in the European Union (Hetzner, Germany). This server performs the token exchange required by the Whoop API and immediately returns the result to your device. No personal data, health data, or authentication tokens are stored on our server.
• Whoop data — once connected, the app retrieves recovery and strain scores directly from the Whoop API. This data is stored on your device and is not transmitted to our servers.
• Whoop's own policy — Whoop's handling of your data on their platform is governed by Whoop's privacy policy.
• Disconnecting Whoop — you can revoke Protocol 60's access to your Whoop account at any time from within the Whoop app or your Whoop account settings.

Apple Health

Protocol 60 reads health data from Apple Health (HealthKit) with your explicit permission. The app requests only the data types it displays. You can review and revoke these permissions at any time in Settings → Privacy & Security → Health → Protocol 60. Protocol 60 does not write data to Apple Health.

What we do not do

• We do not require an account or collect any account credentials.
• We do not use analytics SDKs or track usage behaviour.
• We do not display advertising.
• We do not sell, share, or license your data to any third party.
• We do not transmit your health or protocol data to any server.

Your rights

This app and its operator are based in Switzerland. Swiss data protection law (nDSG) applies, which is aligned with the EU General Data Protection Regulation (GDPR). Because your personal data is stored exclusively on your own device, most rights (access, correction, deletion) are exercised directly by managing the app and its data on your iPhone.

For any privacy questions or requests, contact privacy@protocol60.com.

Changes to this policy

We may update this policy as the app evolves. Material changes will be noted in the app's release notes and reflected in the "Last updated" date above.