Trust center

Consent, security, and the things we refuse to do.

How your data is held, who can never reach it, and what the badge does and does not mean.

You report only what you already do. Participation is observational. You decide what you share, and you can withdraw. Nothing is sold or prescribed by Ēnel.

The two-database model

Identity and evidence are held apart. One database holds who you are. A separate database holds what was measured. They are linked only through a one-way reference, never a shared identifier, so an evidence record cannot be walked back to a person.

SHA-256 one-way hash

The link between the two databases is a SHA-256 one-way hash. A hash goes one direction only: it cannot be reversed to recover the input. The evidence side never stores your identity, only the hash.

The five absolute prohibitions

  1. We never sell your personal data.
  2. We never share it with insurers.
  3. We never share it with employers.
  4. We never share it with law enforcement, except where compelled by a valid legal order, which we publish in the record.
  5. We never let a brand buy, place, or edit a verdict.

The refusals charter

These prohibitions are commitments we hold against pressure. When we are asked to cross one of them, the answer is no, and the request is recorded. The charter answers to the method, not to a buyer.

What the badge attests

The validated badge is an efficacy attestation: it states that an entry was measured and met the threshold. It is not medical advice. It is not a recommendation. It never replaces a physician.

Commitments held against pressure

When we are asked to cross one of the prohibitions, the answer is no, and the request is recorded. The charter answers to the method, not to a buyer.