Trust center
Consent, security, and the things we refuse to do.
How your data is held, who can never reach it, and what the badge does and does not mean.
Consent
You report only what you already do. Participation is observational. You decide what you share, and you can withdraw. Nothing is sold or prescribed by Ēnel.
The two-database model
Identity and evidence are held apart. One database holds who you are. A separate database holds what was measured. They are linked only through a one-way reference, never a shared identifier, so an evidence record cannot be walked back to a person.
SHA-256 one-way hash
The link between the two databases is a SHA-256 one-way hash. A hash goes one direction only: it cannot be reversed to recover the input. The evidence side never stores your identity, only the hash.
The five absolute prohibitions
- We never sell your personal data.
- We never share it with insurers.
- We never share it with employers.
- We never share it with law enforcement, except where compelled by a valid legal order, which we publish in the record.
- We never let a brand buy, place, or edit a verdict.
The refusals charter
These prohibitions are commitments we hold against pressure. When we are asked to cross one of them, the answer is no, and the request is recorded. The charter answers to the method, not to a buyer.
What the badge attests
The validated badge is an efficacy attestation: it states that an entry was measured and met the threshold. It is not medical advice. It is not a recommendation. It never replaces a physician.
Commitments held against pressure
When we are asked to cross one of the prohibitions, the answer is no, and the request is recorded. The charter answers to the method, not to a buyer.
Related reading