Protocols from 37°N
Last updated: April 9, 2026
This Privacy Policy explains how Protocols from 37°N ("we," "us," or "our") collects, uses, stores, and protects information when you use our website and application (collectively, the "Service"). We take your privacy — and especially the sensitivity of health information — seriously.
By using the Service, you agree to the practices described in this Privacy Policy.
Protocols from 37°N provides a personal health tracking and self-experimentation tool that helps you collect, organize, and learn from your own health data. If you have questions about this policy or your data, contact us at privacy@37degreesn.com.
Account information. When you create an account, we collect your name, email address, and authentication credentials.
Health and wellness data. With your permission, we collect data you sync from connected devices or log manually, including: steps, heart rate, sleep, heart rate variability (HRV), weight, mood, hydration, stool, medication, and journal entries. We also store the experiments and protocols you create within the Service.
Usage data. We collect basic technical information about how you interact with the Service, such as device type, operating system, app version, crash logs, and timestamps of activity. This helps us keep the Service stable and secure.
Cookies and similar technologies. Our website uses a minimal set of cookies necessary for the Service to function. We do not use advertising cookies or third-party tracking pixels.
We use your information to:
We do not use your health data to train machine learning models without your explicit, separate consent, and we do not sell your data to anyone, ever.
Your health data is stored on encrypted servers. Your personal identity (name, email) is stored separately from your health records and linked only by an anonymous identifier that we control. Data is encrypted in transit (TLS) and at rest.
We follow industry-standard security practices, including access controls, audit logging, and regular security reviews. No system is perfectly secure, but we work hard to protect your information and will notify you promptly if we ever become aware of a breach affecting your data.
You. Your full health record is visible only to you when logged in to your account.
Our team. Our team members can only access anonymized, aggregated data for the purpose of product improvement, and only with your separate research consent for any individual-level access. No staff member browses identifiable user health data in the ordinary course of business.
Service providers. We use a small number of vetted third-party infrastructure providers (e.g., cloud hosting, error monitoring) who process data on our behalf under contractual confidentiality and security obligations. They are not permitted to use your data for any other purpose.
Legal disclosures. We may disclose information if required by law, valid legal process, or to protect the rights, safety, or property of users or the public. We will challenge overbroad requests where appropriate and notify you when legally permitted.
We will never sell your data.
You have the right to:
Depending on where you live, you may have additional rights under laws such as the EU/UK GDPR, California Consumer Privacy Act (CCPA/CPRA), Washington's My Health My Data Act, or similar laws. To exercise any of these rights, contact privacy@37degreesn.com.
We retain your health data for as long as your account is active. When you delete your account, we permanently remove your health records within 30 days. Anonymized, aggregated data that cannot be linked back to you may be retained for research and product improvement.
The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.
If you access the Service from outside the country where our servers are located, your information may be transferred, stored, and processed in another country. We use appropriate safeguards (such as standard contractual clauses) for international transfers where required by law.
Protocols from 37°N is a wellness and self-tracking tool. It is not a medical device, and we are not a HIPAA-covered entity in the ordinary course of providing the Service to individual users. The information in the Service is not medical advice. Always consult a qualified healthcare professional for medical decisions.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app or by email before they take effect. The "Last updated" date at the top reflects the most recent revision.
Questions, requests, or concerns? Reach us at privacy@37degreesn.com.