AnaProtoKolLast updated: April 16, 2026
This is a courtesy translation. In case of discrepancy, the French version shall prevail.
1. Data Controller
AnaProtoKol is the data controller for personal data collected via the platform. To exercise your rights or ask a question, contact us via the email address indicated in the "About" section of the application.
2. Data Collected
We collect the following data:
Account Data
- Name, email address, password (hashed with bcrypt)
- Sex, height, weight, body fat, date of birth (optional)
Tracking Data
- Performance cycles (products, dosages, duration)
- Daily journal (weight, blood pressure, mood, nutrition, training, side effects)
- Blood panels (hormones, liver, lipids, etc.)
- Personal records (exercises, weights)
Payment Data
- Bank card information is processed directly by Stripe and never passes through our servers
- We only store the Stripe customer identifier (stripeCustomerId) to manage your subscription
Technical Data
- IP address (for rate limiting and security, not stored persistently)
- Session cookie (NextAuth, strictly necessary for operation)
3. Processing Purposes
| Purpose | Legal Basis (GDPR) |
|---|
| Provide the service (tracking, AI analyses) | Performance of contract (Art. 6.1.b) |
| Manage your account and subscription | Performance of contract |
| Send transactional emails (receipt, welcome) | Legitimate interest (Art. 6.1.f) |
| Secure the platform (rate limiting) | Legitimate interest |
| Improve the service | Legitimate interest |
4. Data Sharing
Your data may be shared with:
- Anthropic (Claude): your profile data (sex, age, weight, BF) and the context of your question are sent to the Claude API to generate AI analyses. Anthropic does not retain data beyond the processing of the request according to their policy.
- Stripe: for processing bank card payments.
- MongoDB Atlas: database hosting (AWS eu-west servers, European Union).
- Your coach (Elite plan only, if you have explicitly invited them): read-only access to your cycles, panels, and analyses according to the permissions you have granted.
We never sell your data to third parties.
5. Retention Period
- Account data: retained as long as the account is active, deleted on request
- Tracking data: retained as long as the account is active
- Stripe payment data: according to Stripe's retention policy
- Security logs (IP): not stored persistently
6. Your Rights (GDPR)
In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access: obtain a copy of your personal data
- Right to rectification: correct inaccurate data (via /settings)
- Right to erasure: request deletion of your account and all your data
- Right to data portability: receive your data in a structured, machine-readable format
- Right to object: object to the processing of your data
- Right to withdraw consent: at any time for processing based on consent
To exercise these rights, contact us via the email address indicated in the "About" section. We will respond within 30 days.
7. Security
- Passwords hashed with bcrypt (cost 12)
- HTTPS-only communication
- JWT authentication (NextAuth)
- Rate limiting on sensitive endpoints
- Database hosted on MongoDB Atlas (encryption at rest and in transit)
8. Transfers Outside the EU
Profile data sent to the Anthropic API (Claude) may be processed in the United States. This transfer is governed by the standard contractual clauses of the European Commission. MongoDB Atlas database data remains within the European Union (AWS eu-west).
10. Modifications
This policy may be updated. The date of last modification is indicated at the top of the page. We will notify you of material changes.