Privacy Policy
Harder To Kill Protocol™ ("we", "us", "Harder To Kill", "the Protocol") operates a private members' training application and supporting websites. This Privacy Policy explains how we collect, use, store, and protect your personal information.
By using this site or the member app, you agree to the practices described below. If you do not agree, do not enrol.
1 · What we collect
When you purchase, register, or use the application we may collect:
- Identity & contact — name, email address, optional phone number.
- Payment data — handled exclusively by Stripe. We never see, store, or process your card details. We receive only a transaction reference, amount, and the email used for the purchase.
- Account credentials — your password, stored only as a salted bcrypt hash. We cannot read or recover it.
- Training data — your onboarding answers (goals, training history, dietary preferences, body composition, 1RMs, lifestyle), Foundation Week™ test results, weekly check-ins, workout logs.
- Technical data — IP address, device type, browser, session timestamps. Used for security and basic analytics only.
2 · How we use it
- To deliver the service you purchased (Foundation Week™, programs, coaching, check-ins, PDF reports).
- To personalise your training prescriptions (1RMs, conditioning targets, recovery flags).
- To send transactional emails: welcome credentials, weekly check-in prompts, Foundation Week™ results, and password resets.
- To send optional coaching emails (the Day 0–7 baseline drip, weekly insights). You can opt out at any time via the unsubscribe link.
- To detect fraud, abuse, and protect member accounts.
We do not sell your data. We do not rent your email to third parties. We do not use your training data to train external AI models.
3 · Who we share data with
Limited, named processors only — each contractually bound:
- Stripe — payment processing (PCI-DSS compliant).
- Resend — transactional and coaching email delivery.
- Cloud hosting — the application servers and database that store your account.
- Vimeo / YouTube — when you watch coaching videos, the platform receives standard playback telemetry under their privacy policies.
We never share your data for advertising, list-resale, or affiliate marketing.
4 · Cookies & analytics
We use the minimum cookies required to keep you signed in (a session token) and to remember your preferences. We do not currently run an advertising pixel. If we add Meta Pixel or Google Analytics in the future, we will update this policy and surface a consent banner where required by law.
5 · Your rights
You have the right to:
- Access — request a copy of every piece of data we hold about you.
- Correct — fix anything inaccurate in your account.
- Delete — request permanent deletion of your account and all associated data. You can do this yourself inside the app at /app/profile → Delete Account, or by emailing us.
- Object — opt out of non-essential emails at any time.
- Portability — request your training data in a machine-readable format.
To exercise any of the above, email Ali@unclealimaclean.com. We respond within 30 days.
6 · Data retention
Your account data is retained for as long as your account is active, plus 12 months after closure for tax, accounting, and dispute-resolution purposes. Payment transaction records are retained for 7 years (legal requirement). Once you delete your account, your training data, onboarding answers, and personal identifiers are permanently removed within 30 days, except where legally required to retain.
7 · Security
Passwords are bcrypt-hashed. All data is encrypted in transit (TLS 1.2+). Payment data never touches our servers. Webhooks are signature-verified. The application uses role-based access control to ensure members cannot see each other's data.
No system is perfectly secure. If we ever become aware of a breach affecting your data, we will notify you within 72 hours.
8 · International transfers
We are based in the United Kingdom. Our processors (Stripe, Resend, hosting) may transfer data to the United States or European Economic Area under Standard Contractual Clauses or equivalent safeguards.
9 · Children
The Protocol is built for adult men. We do not knowingly collect data from anyone under 18. If you believe a minor has registered, contact us immediately and we will remove the account.
10 · Changes
We may update this policy as the service evolves. Material changes will be emailed to active members. The "Last updated" date at the top of this page is always authoritative.
11 · Contact
Privacy questions, data requests, complaints: Ali@unclealimaclean.com.