Privacy Policy

Last updated: March 20, 2026

1. Introduction

ProtoCol ("we", "us", "our") is operated by Royyak Co., Ltd. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered research methodology assistant at www.protocol.med (the "Service").

2. Information We Collect

We collect the following types of information:

  • Account information: Email address and name when you sign up or log in via Google OAuth.
  • Profile information: Role, institution, and research interests you provide during onboarding.
  • Chat content: Research questions, uploaded documents, and conversation history within your sessions.
  • Usage data: Session activity, feature usage, and token consumption for billing purposes.
  • Technical data: Browser type, IP address, and device information collected automatically.

3. How We Use Your Information

  • To provide and improve the research methodology assistant service.
  • To process your research queries through our AI agents.
  • To manage your account and subscriptions.
  • To communicate with you about service updates.
  • To monitor usage for billing and abuse prevention.

4. Data Processing and AI

Your research queries are processed using third-party AI models (OpenAI, Google Gemini). These providers may process your input data according to their own privacy policies. We do not use your research data to train AI models.

Uploaded documents (PDF, DOCX, images) are processed in memory and are not permanently stored on our servers.

5. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with encryption at rest and in transit. Authentication is handled via Supabase Auth with JWT tokens. We implement industry-standard security measures to protect your information.

6. Data Sharing

We do not sell your personal information. We share data only with:

  • AI providers (OpenAI, Google) to process your research queries.
  • Supabase for authentication and database hosting.
  • LemonSqueezy for payment processing.
  • Tavily for literature search functionality.

7. Your Rights

You have the right to:

  • Access your personal data stored in our system.
  • Request deletion of your account and associated data.
  • Export your session history and research data.
  • Withdraw consent for data processing at any time.

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove your personal data within 30 days. Anonymized usage statistics may be retained for service improvement.

9. Contact

For privacy inquiries, contact us at contact@protocol.med.