44 Protocol
OverviewStack QuizPricingMethodologyFAQChangelog
Sign in Subscribe
Legal

Privacy Policy

Effective: 2026-06-16 · Operator: Stoneveil Holdings LLC · Contact: support@44protocol.com

This policy explains what data 44 Protocol collects, why, where it's stored, how long, and your rights. We try to write it plainly — if anything is unclear, write to support@44protocol.com and we'll clarify.

We do not sell your data. Ever.

On this page
  1. What we collect
  2. Why we collect it
  3. Where it lives
  4. How long we keep it
  5. Who we share it with
  6. Your rights
  7. Cookies & local storage
  8. Children
  9. Security
  10. Changes to this policy
  11. Contact
01

What we collect

Account data: email address, password (hashed), optional display name, and the timestamps of your account events (signup, walkthrough completion, etc.).

Profile data: weight, sex, and other settings you enter to use the register.

Protocol data: the compounds in your stack, your pulses, reconstitution mL, notes, titration phase, and snapshots of past protocols you create.

Lab data: lab values you choose to enter (manually or via CSV paste). We do not retrieve labs from external providers.

Behavioural analytics: page views, feature usage, and event timestamps via PostHog (self-hosted EU region). Used for product improvement, not advertising.

Diagnostic logs: error reports via Sentry. May include browser, OS, and the page where the error occurred. Stack traces do not include your stack content.

Payment data: we do not see or store card details. Stripe processes payment and returns to us only the subscription status, customer ID, and plan.

02

Why we collect it

To run the Service, to compute your protocol, to surface safety reminders, to support you when you write in, to detect and fix bugs, and to understand which features are useful so we can build more of them. That's it.

03

Where it lives

Application data: Supabase (Postgres) in US region. Row-level security ensures users can only read and write their own rows.

Hosting: Vercel (US edge network). TLS-only. HSTS preload-eligible. Strict CSP.

Analytics: PostHog. Diagnostics: Sentry.

Payment: Stripe (PCI-DSS Level 1 certified).

04

How long we keep it

Account, profile, stack, and lab data are kept while your account is active. If you delete your account, we remove that data within 7 days from active systems and within 30 days from backups.

Stripe customer records and billing history are retained per Stripe's own retention policy (typically 7 years for tax and audit purposes).

Diagnostic logs (Sentry) are retained 90 days. Analytics (PostHog) are retained 12 months for raw events, indefinitely in aggregate.

05

Who we share it with

We share only with vendors we need to run the Service: Supabase (data), Vercel (hosting), Stripe (payment), PostHog (analytics), Sentry (diagnostics). Each is bound by their own privacy and security commitments.

We do not sell, rent, or trade your data to any party for any purpose.

We may disclose data if required by law, court order, or to protect the rights and safety of users or the public.

06

Your rights

You can:

  • Access: request a copy of the data we hold on you.
  • Correct: update your profile, stack, and labs directly in the app; email us for anything not editable.
  • Delete: email support@44protocol.com from the account email to request deletion.
  • Export: request a machine-readable export of your data.
  • Opt out of analytics: email us and we'll exclude your account from analytics collection.

If you're in the EU/UK, you have additional rights under GDPR. If you're in California, you have additional rights under CCPA/CPRA. Email us to exercise any of them.

07

Cookies & local storage

We use cookies and local storage for session authentication (so you stay signed in), for product analytics (PostHog), and for remembering UI preferences (dark mode, dismissed banners). We do not use third-party advertising cookies.

08

Children

The Service is for users 18 and older. We do not knowingly collect data from anyone under 18. If we learn we have, we delete it.

09

Security

Passwords are hashed (Argon2id via Supabase Auth). Connections are TLS-only. Database rows are protected by row-level security. The application uses a strict Content Security Policy, HSTS, and X-Frame-Options DENY. We do not store payment card details.

No system is perfectly secure. If you discover a vulnerability, please write to support@44protocol.com with the subject "Security disclosure".

10

Changes to this policy

We may update this policy. The effective date at the top will change. Material changes will be announced in the app and on the changelog.

11

Contact

Stoneveil Holdings LLC · Phoenix, Arizona · support@44protocol.com

44 Protocol

A literature-indexed peptide reference for clinicians, researchers, and patients working with a prescribing physician.

Stoneveil Holdings LLC · Phoenix, Arizona

Product

  • Stack Quiz
  • Pricing
  • Methodology
  • FAQ
  • Changelog

Legal

  • Terms
  • Privacy
  • Medical Disclaimer
  • Refund Policy
  • Contact

Account

  • Sign in
  • Create account
  • Subscribe

For research-literature and educational reference only. Not medical advice. Not a clinician–patient relationship. Not a pharmacy and not affiliated with any compounding pharmacy or peptide vendor. We do not manufacture, sell, ship, or recommend the purchase of any compound described on this site. Always consult a licensed physician before initiating, modifying, or discontinuing any compound or schedule described here.

Affiliate disclosure: certain outbound links to third-party retailers (e.g. EngagePeptides) may earn 44 Protocol a commission at no cost to you. 44 Protocol does not endorse, verify, or take responsibility for any product, claim, or transaction made through those retailers. Use of those sites is governed by their own terms.

© 2026 Stoneveil Holdings LLC. All rights reserved.