Legal
Privacy policy
What we collect, how we hold it apart, and what we will never do with it.
Draft for legal review. This document is a draft prepared for review by qualified legal counsel before publication. It is not legal advice and does not create a contract or any legal obligation until reviewed, approved, and published. Bracketed items marked [TO CONFIRM] are placeholders for facts that counsel must confirm.
Last updated: [TO CONFIRM]
1. Summary at a glance
This summary is for orientation only. The numbered sections below govern.
- What Ēnel is. Ēnel is a community-powered health-evidence platform. We measure real-world evidence on products that people already use, and we publish the result. We are observational. We never supply, prescribe, or recommend treatment, and nothing on the platform is medical advice.
- What you share. Participation is voluntary. You tell us who you are when you create an account, and you report on products you already use. You can withdraw and delete.
- How we hold it. Your identity and your evidence are stored in two separate databases. They are linked only by a one-way reference, a SHA-256 hash, that cannot be reversed to recover who you are.
- What we will never do. We never sell your personal data. We never share it with insurers. We never share it with employers. We never share it with law enforcement except under a valid legal order, which we record. We never let a brand buy, place, or edit a verdict.
- Your control. You can access, correct, export, restrict, or delete your data, withdraw consent, and opt out of any sale, sharing, or targeted advertising. We do not discriminate against you for exercising these rights.
- Consult your physician. Ēnel does not give medical advice. For medical decisions, consult your own physician. In an emergency, call your local emergency number.
2. Who we are, scope, and contact
2.1 Who we are
Ēnel (“Ēnel,” “we,” “us,” or “our”) operates the Ēnel platform at enelhealth.com and related services. The legal entity responsible for your personal data is [TO CONFIRM: legal entity name], located at [TO CONFIRM: registered address].
For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, the controller of your personal data is [TO CONFIRM: controller legal entity name]. Where required, our representative in the EU is [TO CONFIRM: EU representative], and our representative in the UK is [TO CONFIRM: UK representative]. Our Data Protection Officer, where one is appointed, can be reached at [TO CONFIRM: DPO contact].
2.2 Scope
This policy explains how we collect, use, disclose, and protect personal data when you visit enelhealth.com, create an account, submit observational reports, connect a device or wearable, or otherwise interact with Ēnel (together, the “Services”). It also describes your rights and how to exercise them.
This policy does not apply to third-party websites, products, or services that we do not control, including the makers of products you choose to report on and the providers of wearables or devices you choose to connect. Their handling of your data is governed by their own policies.
2.3 A note on HIPAA
Ēnel is most likely not a “covered entity” or a “business associate” under the US Health Insurance Portability and Accountability Act (HIPAA), because Ēnel is not a healthcare provider, a health plan, or a healthcare clearinghouse, and does not provide treatment, payment, or healthcare operations on behalf of such entities. As a result, HIPAA generally does not apply to the data you share with us. This does not lower our standard of care. We protect your sensitive consumer health data under the consumer privacy and consumer health data laws described in this policy. [TO CONFIRM: counsel to confirm HIPAA status for the final entity and service design.]
2.4 How to contact us
For privacy questions or to exercise your rights, contact us at [TO CONFIRM: privacy@ contact] or through our contact page. Postal mail can be sent to [TO CONFIRM: postal address for privacy requests].
3. Definitions
The following terms are used throughout this policy.
- Personal data (also “personal information”) means information that identifies, relates to, or could reasonably be linked with you or your household.
- Consumer health data means personal data that identifies your past, present, or future physical or mental health status, including the products you report using and any health-related inferences. This term is defined by laws such as the Washington My Health My Data Act, the Nevada consumer health data law (SB 370), and the Connecticut Data Privacy Act as amended.
- Special category data means the categories of data given heightened protection under GDPR Article 9, including data concerning health.
- Observational report means information you voluntarily submit about a product you already use and what you have observed.
- Evidence means the measured and de-identified records that make up the published record, separated from your identity as described in Section 8.
- De-identified and pseudonymized describe data that has been separated from direct identifiers so that it cannot, on its own, be attributed to you. Pseudonymized data can in principle be re-linked only through information we hold separately and protect; the one-way hash described in Section 8 is designed so that the evidence side cannot be walked back to you.
- Process means any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
- Sale and share have the meanings given under California law. “Sale” means disclosing personal data for monetary or other valuable consideration. “Share” means disclosing personal data for cross-context behavioral advertising. We do neither, as described in Section 11.
4. Information we collect and our sources
We collect only what we need to run the Services and to build the record. The categories below describe what we may collect and where it comes from.
4.1 Account and identity information
When you create an account, we collect information such as your name or chosen display name, email address, password credentials (stored only in hashed form), and any profile details you choose to add. We may collect a year of birth or an age confirmation to verify eligibility (see Section 16). Source: you.
4.2 Observational reports
When you report on a product you already use, we collect the content of that report, including the product, your observations, the period of use, and any structured measures you choose to provide. This is consumer health data and, under GDPR, special category data. Source: you.
4.3 Connected wearable and device data
If you choose to connect a wearable or device, or to import data from a third-party health service, we collect the data you authorize, which may include metrics such as heart rate, heart rate variability, sleep, activity, temperature, or other measurements offered by that source. We collect this only with your explicit consent and only to the extent you authorize. Source: you, and the device, wearable, or service you connect, acting on your instruction.
4.4 Technical and usage information
When you use the Services, we automatically collect technical data such as IP address, device and browser type, operating system, language settings, pages viewed, referring pages, and timestamps. We use this to operate, secure, and improve the Services. Source: your device and our systems.
4.5 Cookies and similar technologies
We and our service providers use cookies and similar technologies as described in Section 18 and in our cookie preferences. Source: your device.
4.6 Communications
When you contact us, respond to a survey, or otherwise communicate with us, we collect the content of those communications and our records of them. Source: you.
4.7 Payment information
If paid tiers are offered in the future (see the founding-member note in Section 14 and in the Terms of Use), payment is processed by a third-party payment processor. We do not store full payment card numbers. We may retain limited billing records such as the fact and date of a transaction. Source: you and our payment processor. [TO CONFIRM: payment processor and exact billing data retained.]
4.8 What we do not collect
We do not ask you to submit other people’s identifiable data. We do not seek to collect more sensitive data than the Services require. We do not build advertising profiles about you (see Section 17).
5. How and why we use your information, and our lawful bases
We use personal data for the purposes below. For each purpose, where GDPR or UK GDPR applies, we identify our lawful basis under Article 6 and, for health and other special category data, our condition under Article 9.
5.1 To provide the Services
We use your account and report data to create and maintain your account, to accept and process your observational reports, and to operate the platform.
- Article 6 basis: performance of a contract with you (Article 6(1)(b)).
- Article 9 condition (for health data): your explicit consent (Article 9(2)(a)).
5.2 To build and publish the record
We use de-identified evidence to measure efficacy and publish findings, including the effect index and credible interval, as part of the append-only record.
- Article 6 basis: your consent (Article 6(1)(a)) and our legitimate interest in producing reliable, independent health evidence (Article 6(1)(f)), balanced against your rights.
- Article 9 condition: your explicit consent (Article 9(2)(a)). Where relevant, processing for scientific or statistical purposes with appropriate safeguards may also apply (Article 9(2)(j)). [TO CONFIRM: counsel to confirm the combination of conditions for the research function.]
5.3 To connect devices and wearables you authorize
We use connection and import data to bring in the measurements you have authorized.
- Article 6 basis: performance of a contract and your consent.
- Article 9 condition: your explicit consent (Article 9(2)(a)).
5.4 To secure and maintain the Services
We use technical and usage data to keep the Services safe, to detect and prevent fraud and abuse, to debug, and to maintain reliability.
- Article 6 basis: our legitimate interests in security and reliability (Article 6(1)(f)) and, where applicable, legal obligation (Article 6(1)(c)).
5.5 To communicate with you
We use your contact details to respond to you, to send service messages, and, where you have opted in or where permitted, to send updates about Ēnel.
- Article 6 basis: performance of a contract, your consent for non-essential messages, and our legitimate interest in service communications.
5.6 To comply with law
We use personal data as needed to comply with legal obligations and valid legal orders, and to establish, exercise, or defend legal claims.
- Article 6 basis: legal obligation (Article 6(1)(c)) and legitimate interests (Article 6(1)(f)).
- Article 9 condition: establishment, exercise, or defense of legal claims (Article 9(2)(f)), where relevant.
5.7 Withdrawing consent
Where we rely on consent, you can withdraw it at any time (see Section 12). Withdrawal does not affect processing carried out before withdrawal, and it does not require us to alter the append-only record, which by then holds only de-identified evidence. We explain this in Sections 8 and 15.
6. Consumer health data notice
This section is a specific notice for consumer health data, provided to meet laws including the Washington My Health My Data Act, the Nevada consumer health data law (SB 370), and the Connecticut Data Privacy Act as amended. It supplements the rest of this policy.
6.1 What consumer health data we collect and why
We collect the consumer health data described in Sections 4.2 and 4.3: your observational reports and any wearable or device data you choose to connect. We collect it to operate the Services and to build the published record, as described in Section 5. We collect it from you and from sources you authorize.
6.2 Separate consent
We obtain your consent to collect consumer health data separately from any general acceptance of these documents. Consent is a clear affirmative act that is freely given, specific, informed, opt-in, voluntary, and unambiguous. Accepting a broad terms-of-use document, hovering over content, or any deceptive design does not count as consent. We obtain separate consent before sharing consumer health data with a service provider in a way that requires it.
6.3 No sale of consumer health data
We do not sell your consumer health data. Selling consumer health data would require a separate, specific, written authorization from you under Washington and Nevada law, and we do not seek one. Our position is firmer than the law requires: we will not sell it. See Section 10.
6.4 Who may receive consumer health data
We share consumer health data only with the service providers and processors needed to run the Services, under contracts that bind them, and only as described in Section 9. We name the categories of recipients in Section 9 and can provide, on request, a list of the specific third parties and affiliates that have received your consumer health data.
6.5 Your rights in consumer health data
You have the right to access your consumer health data, to obtain a list of third parties and affiliates with whom it has been shared, to withdraw your consent to its collection and sharing, and to have it deleted, including from backups and archives on the schedule described in Section 15. To exercise these rights, see Section 12.
6.6 Geofencing
We do not use geofences around healthcare, mental health, or reproductive or sexual health facilities to identify, track, collect data from, or send messages to consumers based on their consumer health data.
7. Special category data and explicit consent (GDPR and UK GDPR)
Data concerning your health is special category data under GDPR Article 9 and UK GDPR. We process it only where we have both a lawful basis under Article 6 and a condition under Article 9. For the core Services, that condition is your explicit consent under Article 9(2)(a).
Explicit consent means a clear, specific statement, separate from any general agreement, that names the categories of health data we process and the purposes for which we process them. You give this consent through a dedicated consent step, not by accepting a general agreement. You can withdraw it at any time, as described in Sections 5.7 and 12.
8. The two-database model and SHA-256 pseudonymization
How we hold your data is central to this policy.
8.1 Two databases, held apart
Your identity and your evidence are stored in two separate databases. One database holds who you are. The other holds what was measured. They are not joined by any shared identifier. Keeping them apart means that access to one does not reveal the other.
8.2 The one-way hash
The only link between the two databases is a SHA-256 one-way hash. A one-way hash is computed in a single direction and cannot be reversed to recover its input. The evidence database stores only the hash, never your identity, so a measurement in the evidence database cannot be traced back to you through that database.
8.3 What this means for you
This design means that the published record is built from de-identified evidence. It also shapes how deletion works: you can delete your identity, while the de-identified evidence that has already entered the append-only record remains, no longer connected to a person. Section 15 explains this in full.
9. How we share and disclose information
We share personal data only in the limited circumstances below. We do not sell it, and the five prohibitions in Section 10 always apply.
9.1 Service providers and sub-processors
We share personal data with vendors who process it on our behalf to run the Services, such as hosting and infrastructure providers, security tools, communications and email providers, analytics providers, and, if paid tiers launch, payment processors. They act on our instructions under data processing agreements (DPAs) that require them to protect the data and forbid them from using it for their own purposes. Categories of sub-processors and our vendor controls are described in the Data Security Policy. [TO CONFIRM: maintained list of sub-processors and where it is published.]
9.2 Legal compliance and protection
We may disclose personal data where required by law or a valid legal order, or to establish, exercise, or defend legal claims, or to protect the rights, safety, and security of users, the public, or Ēnel. Where we disclose personal data to law enforcement, we do so only under a valid legal order, and we record that order, as stated in Section 10.
9.3 Business transfers
If Ēnel is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal data may be transferred as part of that transaction. We will require any successor to honor this policy and the five prohibitions in Section 10, or to give you notice and a meaningful choice consistent with applicable law. [TO CONFIRM: counsel to confirm successor-obligation language.]
9.4 With your direction
We share data as you direct, for example when you connect a wearable or service at your instruction.
9.5 Who we never share with
We never share your personal data with insurers, employers, or brands as described in Section 10. We never let a brand buy, place, or edit a verdict. The evidence is uninfluenced.
10. The five absolute prohibitions
These prohibitions bind Ēnel. They are commitments, not preferences.
- We never sell your personal data.
- We never share it with insurers.
- We never share it with employers.
- We never share it with law enforcement, except under a valid legal order, which we record.
- We never let a brand buy, place, or edit a verdict. The evidence is uninfluenced.
11. Sale and sharing: we do neither
We do not sell personal data, and we do not share personal data for cross-context behavioral advertising, as those terms are defined under California law. We have not sold or shared personal data in the preceding 12 months, and we do not intend to. Because we do not sell or share, there is nothing for you to opt out of in that respect, but you may still record an opt-out preference and we will honor opt-out preference signals. See Section 12.
12. Your rights and choices
Depending on where you live, you have some or all of the rights below. We honor these rights for all users where we reasonably can, and we apply them as required by your local law.
12.1 The rights
- Access: know what personal data we hold about you and obtain a copy.
- Correct: fix inaccurate or incomplete data.
- Delete: ask us to delete your personal data, subject to the limits in Section 15.
- Port: receive certain data in a portable, machine-readable format.
- Restrict: ask us to limit processing in certain circumstances.
- Object: object to processing based on legitimate interests, and object to direct marketing at any time.
- Withdraw consent: withdraw any consent you have given, at any time.
- Opt out: opt out of any sale, sharing, or targeted advertising. As stated in Section 11, we do not engage in these, but you may still register your preference.
- Limit sensitive data use: direct us to use sensitive personal data only for permitted purposes.
- Non-discrimination: exercise your rights without being denied service, charged a different price, or given a lower quality of service.
- Human review of automated decisions: where applicable, see Section 17.
12.2 How to exercise your rights
You can exercise most rights from within your account, or by contacting us at [TO CONFIRM: privacy@ contact] or through our contact page. You do not need to pay to make a request.
12.3 Identity verification
To protect your data, we will take reasonable steps to verify your identity before acting on a request, using information already associated with your account. We will not use the information you provide for verification for any other purpose.
12.4 Authorized agents
You may use an authorized agent to submit a request on your behalf. We may require the agent to show written permission from you and may require you to verify your own identity directly. [TO CONFIRM: agent verification process.]
12.5 Our response times
We respond within the timeframes set by applicable law, generally within 45 days under US state laws (extendable once where permitted) and within one month under GDPR and UK GDPR (extendable by two further months for complex requests). We will tell you if we need more time.
12.6 Appeals
If we decline your request, you may appeal. Send your appeal to [TO CONFIRM: appeals contact]. We will respond to your appeal within the period required by your local law (for example, within 60 days under several US state laws) and will explain our decision. If your appeal is denied, we will tell you how to contact your state attorney general or relevant regulator.
13. Regional disclosures
13.1 EEA and UK
If you are in the European Economic Area or the United Kingdom, the controller and bases described in Sections 2 and 5 apply. You have the rights in Section 12. You may lodge a complaint with your local supervisory authority. In the UK, that is the Information Commissioner’s Office (ICO). See Section 20.
International transfers. Where we transfer personal data outside the EEA or UK, we rely on a lawful transfer mechanism, such as an adequacy decision, the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or another approved safeguard, together with supplementary measures where needed. You can ask us for more information about the safeguards we use. [TO CONFIRM: list of transfer mechanisms and recipient countries.]
13.2 California (CCPA and CPRA)
If you are a California resident, you have the rights to know, access, correct, and delete your personal information, to opt out of sale and sharing, to limit the use of sensitive personal information, and to non-discrimination, as described in Section 12.
Categories overview. In the preceding 12 months, we may have collected the following categories of personal information as defined by the CCPA: identifiers (such as name, email, IP address); customer records (such as account details and, if applicable, billing records); internet and network activity (such as usage data); geolocation (general, derived from IP); and sensitive personal information, specifically health data contained in your observational reports and any connected device data. We collect these for the business purposes in Section 5, from the sources in Section 4. We disclose them only to the categories of recipients in Section 9. We do not sell or share personal information, including sensitive personal information. We use sensitive personal information only for purposes permitted under the CPRA, such as providing the Services you request. [TO CONFIRM: counsel to finalize the CCPA categories table for the published version.]
13.3 Washington, Nevada, Connecticut, and other US states
If you are covered by the Washington My Health My Data Act, the Nevada consumer health data law (SB 370), the Connecticut Data Privacy Act, or another US state privacy or consumer health data law, the consumer health data notice in Section 6 and the rights in Section 12 apply to you. The rights available, and any appeal and complaint routes, follow your state’s law. [TO CONFIRM: full list of state-specific disclosures and effective dates as the team’s footprint grows.]
13.4 International users generally
Ēnel may process and store data in [TO CONFIRM: processing locations and regions]. Wherever your data is processed, the protections in this policy and the five prohibitions in Section 10 apply.
14. Founding members and future tiers
The “founding members free, forever” offer is described in the Terms of Use. Paid tiers may be introduced in the future. If they are, any associated payment processing will be handled as described in Section 4.7, and this policy will be updated. [TO CONFIRM: paid-tier plans and effective dates.]
15. Data retention and deletion
15.1 How long we keep data
We keep personal data only as long as needed for the purposes in this policy, then delete or de-identify it. Retention periods depend on the type of data, our legal obligations, and the need to resolve disputes and enforce agreements. [TO CONFIRM: specific retention periods by data category.]
15.2 Deletion and the append-only record
When you delete your account, we delete or de-identify the identity-side data we hold about you, subject to limited exceptions such as records we must keep by law. The published record is append-only: de-identified evidence that has already entered it is not removed, because it is no longer connected to you. The SHA-256 design in Section 8 is what makes this possible. In short, you can always delete who you are; what was measured remains in the record only in de-identified form.
15.3 Corrections to the record
Published findings are not quietly edited. Corrections are appended to the record with the date and the reason, so the history stays intact and visible.
16. Children’s privacy
The Services are for adults. You must be at least 18 years old to use Ēnel, as stated in the Terms of Use. We do not knowingly collect personal data from anyone under 18, and we do not knowingly collect personal data from children under 13 in a manner that would require parental consent under the US Children’s Online Privacy Protection Act (COPPA). If we learn that we have collected data from someone under 18, we will delete it. If you believe a minor has provided us data, contact us at [TO CONFIRM: privacy@ contact].
17. Automated decision-making
We do not use your personal data for advertising profiling, and we do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without a lawful basis and appropriate safeguards. The published findings are produced by a measurement method applied to de-identified evidence; they are statements about products, not automated judgments about you. Where any automated processing would have a significant effect on you, you have the right to request human review, to express your point of view, and to contest the decision, as provided by applicable law. [TO CONFIRM: counsel to confirm scope as the method evolves.]
18. Cookies and tracking
We use cookies and similar technologies to operate the Services, remember your preferences, keep the Services secure, and understand usage. We do not use them for cross-context behavioral advertising. You can manage non-essential cookies through our cookie preferences and through your browser settings. We honor recognized opt-out preference signals where required.
19. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, give you additional notice, such as by email or an in-product notice. Your continued use of the Services after an update means you accept the updated policy, to the extent permitted by law.
20. Contact and complaints
For privacy questions, requests, or complaints, contact us at [TO CONFIRM: privacy@ contact] or through our contact page.
If you are in the EEA or UK and believe we have not handled your data lawfully, you may complain to your local supervisory authority. In the UK, that is the Information Commissioner’s Office (ICO), https://ico.org.uk. You can find your EEA authority through the European Data Protection Board. If you are in a US state with a privacy or consumer health data law, you may contact your state attorney general. [TO CONFIRM: any additional regulator contacts and the supervisory authority for our lead establishment.]