This Privacy Policy explains how Super Human Network AB, trading as Protocol by Super Human Network ("Protocol", "we", "us" or "our"), collects, uses, shares, stores, and protects personal data when you use our website, place orders, create an account, join a membership, subscribe, contact us, submit a brand enquiry, or interact with our services.
We aim to keep privacy clear and practical: we collect what we need to operate the webshop, fulfil orders, support customers, improve the experience, communicate with you, and comply with the law.
This Privacy Policy should be read together with any shorter privacy notices shown at checkout, in forms, in cookie settings, or membership flows.
The personal data we hold about you must be accurate and current. Please keep your account, delivery, billing, and contact details up to date so we can fulfil orders, handle support, and comply with legal obligations.
Super Human Network AB is the controller of the personal data described in this Privacy Policy.
Company registration number: 559524-6934
Registered address: Jakobsbergsgatan 27, 111 44 Stockholm, Sweden.
Contact email for privacy questions: the privacy contact shown on our website.
No Data Protection Officer has been appointed at this stage. Privacy requests can be sent through the privacy contact shown on our website.
You can unsubscribe from marketing emails using the unsubscribe link in the email.
You can opt out of SMS marketing by following the instructions in the SMS or contacting us.
You can change cookie choices through the cookie settings link on our website, if available.
You can request access, correction, deletion, restriction, portability, objection, or withdrawal of consent by contacting the privacy contact shown on our website.
You cannot opt out of transactional or service emails that are necessary for orders, payments, delivery, account security, returns, or legal notices.
You may ask us to deactivate or close your account by contacting the privacy contact shown on our website or the customer support contact shown on our website. Account closure does not automatically delete all records; we may retain information needed for legal, tax, accounting, fraud-prevention, dispute, or operational reasons.
Identity and contact details, such as name, email address, phone number, billing address, delivery address, account details, and communication preferences.
Order and transaction information, such as products purchased, subscription status, membership status, order value, delivery method, returns, refunds, customer service history, and purchase history.
Payment-related information, such as payment method, payment status, fraud checks, and transaction identifiers. Full card details are handled by our payment providers and are not stored by us.
Account and membership information, such as login details, saved addresses, preferences, member benefits, subscription settings, community profile information, and access rights.
At launch, we do not intentionally collect quiz, protocol, health-goal, supplement-routine, dietary-preference, or similar health-adjacent preference data.
Communications, such as emails, support messages, feedback, reviews, survey responses, brand submissions, professional enquiries, and other messages you send to us.
Technical and usage information, such as IP address, device type, browser, operating system, pages viewed, referral source, approximate location, cookie identifiers, ad identifiers, session data, and website interactions.
Marketing and advertising information, such as newsletter preferences, SMS preferences, ad interactions, campaign source, consent records, segments, audiences, and analytics data.
User content, such as reviews, testimonials, comments, community posts, uploaded content, profile information, or other content you choose to submit.
Aggregated or anonymised data, such as statistics about website use, product interest, order trends, campaign performance, or community engagement. Where data can no longer identify you, it is not personal data, but if we combine it with personal data so that you can be identified, we treat it as personal data.
If you fail to provide personal data that we need to fulfil an order, process payment, deliver goods, verify an account, comply with the law, or provide a requested service, we may not be able to complete the order or provide the service. We will tell you where this is the case.
Directly from you when you place an order, create an account, subscribe, join a membership, contact us, complete a form, submit a review, enter a promotion, or interact with community features.
Automatically through cookies, pixels, analytics tools, server logs, and similar technologies when you use the website.
From service providers and partners, such as payment providers, delivery partners, returns providers, customer service tools, fraud prevention providers, analytics providers, email/SMS providers, and advertising platforms.
From public or business sources where you submit a brand application, partnership request, expert listing request, or professional enquiry.
From social platforms, if you interact with us there, click our ads, use social login, or engage with embedded social features, depending on your settings with those platforms.
Provide the webshop, accounts, orders, subscriptions, and membership — Create accounts, manage cart/checkout, process orders, deliver goods, manage returns, and provide member benefits — Legal basis: Contract performance.
Payments and fraud prevention — Process payment, verify transactions, prevent abuse, and manage chargebacks — Legal basis: Contract performance; legitimate interests; legal obligation.
Customer support — Answer questions, manage complaints, process refunds, and handle product or delivery issues — Legal basis: Contract performance; legitimate interests; legal obligation.
Marketing and newsletters — Send email/SMS marketing, product updates, launch notices, offers, and community news — Legal basis: Consent where required; legitimate interests where permitted.
Analytics and website improvement — Understand traffic, improve UX, measure performance, troubleshoot errors, test features — Legal basis: Consent required for cookies; legitimate interests for basic service analytics.
Advertising and retargeting — Measure ads, create audiences, personalise ads, and understand campaign performance — Legal basis: Consent where required.
Reviews, community, and user content — Display reviews, moderate community posts, manage testimonials, and prevent abuse — Legal basis: Contract performance; legitimate interests; consent where required.
Legal, tax, accounting, and compliance — Maintain records, comply with accounting rules, respond to legal requests, and enforce terms — Legal basis: Legal obligation; legitimate interests.
Security and service protection — Protect accounts, detect misuse, prevent fraud, and investigate incidents — Legal basis: Legitimate interests; legal obligation.
We may use cookies and similar technologies to operate the website, remember preferences, measure performance, understand traffic, personalise content, and support marketing and advertising.
Essential cookies are required for the website to work, including cart, checkout, security, fraud prevention, and account functions.
Analytics, personalisation, and marketing cookies will be used only where permitted by law and, where required, after you have given consent.
You can change your cookie choices through the cookie settings link on our website, if available. Blocking some cookies may affect website functionality or personalisation.
Direct marketing: if you have bought from us, created an account, joined a membership, signed up to a newsletter, or requested information, we may send marketing where permitted by law. You can opt out at any time.
Third-party marketing: we will not share your personal data with third parties for their own direct marketing unless we have your consent or another valid legal basis and have clearly told you about it.
Service messages: even if you opt out of marketing, we may still send necessary service messages, such as order confirmations, delivery updates, security notices, membership notices, policy updates, and customer service replies.
We share personal data only where necessary for the purposes described in this Privacy Policy.
Examples include payment providers such as Stripe, logistics and 3PL partners such as GIMP, customer support platforms such as Zendesk, email/SMS marketing providers such as Klaviyo, analytics providers such as Google Analytics, IT and hosting providers, accountants, legal advisors, and public authorities where required by law.
We require service providers to protect personal data and use it only for agreed purposes where they process data on our behalf.
We may share information in connection with a business transaction, such as a merger, restructuring, financing, sale of assets, or acquisition, subject to appropriate safeguards.
If you post reviews, testimonials, community content, or social media comments, that content may be visible to other users or the public, depending on where you post it.
We do not allow service providers acting as processors to use your personal data for their own purposes unless they have a separate legal role and have provided appropriate notice.
Payments — Stripe — Payment status, transaction IDs, billing data, and fraud checks. Full card details are handled by the payment provider.
3PL / warehouse / logistics — GIMP — Name, delivery address, phone/email where needed, order contents, shipping status, returns information.
Customer service — Zendesk — Support messages, order history, customer contact data, complaints, and return information.
Email/SMS marketing — Klaviyo — Email, phone number where provided, preferences, consent records, purchase segments, campaign interactions.
Analytics — Google Analytics — Cookie or analytics identifiers, device data, usage data, referral source, website interactions, and aggregated traffic data.
Some providers may process personal data outside the EU/EEA or your country of residence.
Where personal data is transferred internationally, we will use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses approved by the European Commission, transfer impact assessments, and supplementary measures where appropriate.
You can contact us at the privacy contact shown on our website for more information about international transfers and relevant safeguards.
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.
Order, payment, tax, and accounting records are usually kept for the period required by law.
Account data is kept while your account is active and for a reasonable period afterwards to manage disputes, fraud prevention, legal claims, and support history.
Membership and subscription data are kept while your membership or subscription is active and for a reasonable period afterwards for support, accounting, and legal purposes.
Marketing data is kept until you unsubscribe, withdraw consent, object to direct marketing, or the data is no longer needed.
Support messages are kept for a reasonable period so we can manage your enquiry, improve service, and document how an issue was handled.
Cookie and analytics retention depends on the specific tool and cookie settings and should be described in our Cookie Policy or cookie banner.
In some cases, we may anonymise data for analytics, product research, business improvement, or statistical purposes, in which case it may be used without further notice because it no longer identifies you.
Depending on where you live, you may have rights to request access to your personal data, correction, deletion, restriction, portability, objection to processing, and withdrawal of consent.
You always have the right to object to direct marketing. If you object to direct marketing, we will stop processing your personal data for that purpose.
To exercise your rights, contact the privacy contact shown on our website. We may need to verify your identity before responding.
These rights are not always absolute. For example, we may need to keep certain information to comply with legal obligations, complete transactions, resolve disputes, prevent fraud, or establish, exercise, or defend legal claims.
You also have the right to lodge a complaint with a data protection authority. If we are established in Sweden, the relevant authority is Integritetsskyddsmyndigheten (IMY).
We normally respond to valid privacy-rights requests within one month, unless the request is complex or numerous, in which case applicable law may allow additional time. We will tell you if we need more time.
You usually do not have to pay a fee to exercise your rights. We may refuse or charge a reasonable fee for requests that are clearly unfounded, repetitive, or excessive, where permitted by law.
We may ask for information to verify your identity before completing a request. This is to protect your personal data from being disclosed to someone who is not entitled to receive it.
Our webshop, paid membership, subscriptions, and products are intended for adults aged 18 and over.
We do not knowingly sell to or collect personal data from children. If you believe a child has provided personal data to us, contact us so we can review and delete it where appropriate.
We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, and disclosure.
No online service can be completely secure, so you should use a strong password, protect your login details, and contact us if you suspect unauthorised account activity.
Our website may link to third-party websites, payment pages, social platforms, community tools, expert pages, brand websites, or partner services.
Their privacy practices are governed by their own privacy policies. We are not responsible for third-party websites or services that we do not control.
We may update this Privacy Policy from time to time. The updated version will be posted on our website with a new "last updated" date.
If we make material changes, we will take reasonable steps to notify you where required.
For privacy questions or requests, use the privacy contact shown on our website.
For general customer support, use the customer support contact shown on our website.