← Back to LeanProtocol

Privacy Policy

Effective Date: May 14, 2026  |  Last Updated: June 7, 2026

LeanProtocol ("we," "us," or "our") is operated by Novathor Holdings LLC, a North Dakota limited liability company. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or use our services.

1. Information We Collect

We collect the following types of information:

• Contact Information: Your name and email address when you request our free guide or purchase a product or coaching service.
• Payment Information: Credit/debit card details processed securely by Stripe. We never store your full payment card information on our servers.
• Health & Fitness Information: Information you voluntarily provide during coaching onboarding (e.g., current weight, goal weight, GLP-1 medication status) used solely to personalize your coaching program.
• App Tracking Data: If you use the free LeanProtocol app, the information you log over time, such as body weight, meals and macros, sleep, cardio, notes, and GLP-1 medication dose. You enter this voluntarily to track your own progress.
• Google Account Information: If you choose to sign in to the app with Google, we receive your name and email address from Google to identify your account and restore your data across devices. We do not receive your Google password, and we do not access your Gmail, contacts, or other Google data.
• Usage Data: Browser type, device type, pages visited, and time spent on our site, collected through standard web analytics as described in Section 13.

2. How We Use Your Information

• To deliver the free guide or digital product you requested
• To send you follow-up emails with fitness tips and program information (you may unsubscribe at any time)
• To process payments and fulfill coaching services
• To communicate with you about your coaching program
• To operate, secure, and improve our website, app, and services

3. Health Information and Medical Disclaimer

LeanProtocol provides fitness and nutrition coaching and self-tracking tools. We are not a healthcare provider, and we are not a "covered entity" or "business associate" under HIPAA, so HIPAA does not govern the information you share with us. The health-related information you provide (such as weight, body measurements, and GLP-1 medication details) is collected only with your consent and used solely to personalize your coaching and power your own tracking.

Nothing in our services is medical advice. Always consult your physician before changing any medication, diet, or exercise program. Please review our Health & Fitness Disclaimer for more information.

4. Selling and Sharing of Your Data

We do not sell your personal information for money, and we do not share your information with third parties for their own independent marketing.

To run our own advertising, we use marketing pixels and cookies (such as the Meta/Facebook pixel and Google advertising tools) on our public marketing pages. These tools share limited activity data, such as which pages you visited and whether you submitted a form, with the advertising platform so we can measure our ads and reach similar audiences. Under some state privacy laws this may be considered "sharing" or a "sale" for targeted advertising, and you have the right to opt out (see Sections 11 and 13).

We never share your health information, weights, body measurements, medication details, app data, or coaching information for advertising. We do not place advertising pixels inside the LeanProtocol app or on any page where you enter health information.

5. Third-Party Service Providers

We work with a limited number of trusted third-party service providers who assist us in operating our business:

• Stripe: Payment processing. Stripe's privacy policy is available at stripe.com/privacy.
• Cloudflare: Website and application hosting, content delivery (CDN), and DNS. Your IP address may be logged as part of standard web hosting and security filtering.
• Google: We use Google Firebase (Firestore Database and Firebase Authentication) to store and sync the data you enter in the app and to let you sign in with Google or email. For coaching clients, we also use Google Apps Script and Google Sheets to share your check-in data with your coach. We use Google Analytics (including Google Analytics for Firebase in the app) to understand website and app usage (see Section 13). Google's privacy policy is available at policies.google.com/privacy.
• Meta (Facebook/Instagram): We use the Meta advertising pixel on our public marketing pages to measure and target our advertising. It receives limited browsing activity (such as pages visited and form submissions) but never your health data or app data. Meta's privacy policy is available at facebook.com/privacy/policy.
• Kit (formerly ConvertKit): Email list management and delivery of your requested guide and optional follow-up communications.

These providers are bound by their own terms and data processing agreements and may not use your information for any purpose other than providing services to us.

6. The LeanProtocol App and Cloud Backup

The free LeanProtocol app stores the data you log on your device and, when you create an account, automatically syncs it to our secure cloud database (Google Firebase) tied to your account. This means you do not lose your progress if you switch phones, reinstall, or clear your browser.

Access to your data is protected by your account sign-in (Google or email and password). Only you, signed into your own account, can read or restore your data. Syncing is automatic; your data comes back when you sign in on a new device.

If you are a paid coaching client and enter your access code, your daily logs and weekly check-ins are also shared with your coach through a private coach dashboard, so your coach can review your progress and support your program. This sharing only occurs for coaching clients who have entered an access code.

You can request deletion of your app data and backup at any time by contacting us at leanprotocol.coaching@gmail.com.

7. Consumer Health Data

Some of the information you provide (such as weight, body measurements, and GLP-1 medication details) may be considered "consumer health data" under certain state laws, including Washington's My Health My Data Act and similar laws. We want to be clear about how we treat it:

• We collect consumer health data only with your consent and only to provide the tracking and coaching services you ask for.
• We do not sell consumer health data.
• We do not share consumer health data with third parties for advertising or for their own purposes.
• You may withdraw your consent and request deletion of your consumer health data at any time by contacting us. We will honor verified requests as required by applicable law.

8. Email Communications

By submitting your email address to receive our free guide, or by opting in when you sign up in the app, you agree to receive occasional emails from LeanProtocol. Every email includes an unsubscribe link. You may opt out at any time with no consequence to any paid services you have purchased.

9. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Account sign-in and your synced data are handled through Google Firebase, which enforces that only your authenticated account can access your data. However, no method of internet transmission is 100% secure, and we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify you and any applicable authorities as required by law, and take prompt steps to contain and remediate the incident.

10. Data Retention

We retain your personal information for as long as necessary to provide services to you and to comply with our legal obligations. If you request deletion of your data, we will remove your information within 30 days, except where retention is required by law.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Withdraw Consent: Withdraw your consent to our collection of your health data
• Opt-Out of Email: Unsubscribe from marketing emails at any time
• Opt-Out of Targeted Advertising: Opt out of the use of your data for targeted advertising, or any "sale" or "sharing" of it as those terms are defined by state law (see Section 13 for how)

To exercise any of these rights, contact us at leanprotocol.coaching@gmail.com. We will not discriminate against you for exercising any of these rights.

12. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

13. Cookies, Analytics and Advertising

Our website uses cookies and similar technologies to operate the site and to understand how visitors use it. Specifically, we use Google Analytics (GA4) to collect usage data such as pages visited, device and browser type, approximate location, and time on site. This is not fully anonymous, as it may involve identifiers tied to your device or browser.

In the LeanProtocol app, we also use Google Analytics to understand how the app is used (for example, when setup is completed or a check-in is submitted). We collect only behavioral usage data in the app. We never include your health information, weights, medication details, or meal data in app analytics.

You can disable cookies through your browser settings, and you can opt out of Google Analytics specifically using Google's opt-out browser add-on. Some features of the website may not function properly without cookies.

Advertising. On our public marketing pages (such as our home and landing pages) we use advertising tools, including the Meta (Facebook/Instagram) pixel, to measure how our ads perform and to show our ads to relevant audiences. These tools may set cookies and share limited activity (such as pages visited and whether you submitted a form) with the advertising platform. We deliberately do not place advertising pixels inside the LeanProtocol app, on the coaching/check-in tools, or on any page where you enter weight, medication, or other health information.

Your advertising choices. You can opt out of this in several ways: adjust your ad settings in your Meta/Facebook account; use industry opt-out tools at optout.aboutads.info and youradchoices.com; enable Global Privacy Control (GPC) in a supported browser; block cookies in your browser settings; or email us at leanprotocol.coaching@gmail.com and we will honor your request to opt out of targeted advertising.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised effective date. Continued use of our website after changes constitutes acceptance of the updated policy.

15. Governing Law

This Privacy Policy is governed by the laws of the State of North Dakota, without regard to conflict of law principles.

16. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Email: leanprotocol.coaching@gmail.com
• Business: Novathor Holdings LLC, DBA LeanProtocol
• Mailing Address: 3801 Memorial Highway, Suite A, #119, Mandan, ND 58554
• State: North Dakota