Back to Gabriel
Gabriel

Privacy Policy

Effective date: March 26, 2026 · Gabriel Labs LLC

01

Information We Collect

Account Information

When you create a Gabriel account, we collect your name, email address, and password (hashed). If you sign in via OAuth (Google, Apple, or X), we receive only your public profile and email from those providers.

Health Profile Data

You may choose to share health information to help Gabriel personalize recommendations. This includes:

  • Age, biological sex, height, weight, and health goals
  • Medical history, symptoms, diagnoses, and medications
  • Lab results and biomarkers you upload or connect
  • Dietary preferences, allergies, and supplement protocols

Chat Conversations

We store your messages with Gabriel to maintain context across sessions and improve the quality of responses. Your conversations are encrypted at rest and never used to train third-party AI models without your explicit consent.

Wearable & Device Data

If you connect a wearable (Apple Health, Oura, Whoop, Garmin, etc.), we receive the data you authorize — such as heart rate variability, sleep, activity, and blood glucose. You can disconnect any device at any time.

Usage Data

We automatically collect standard usage data: IP address, browser type, OS, pages viewed, session duration, and click patterns. This is used to improve the product, not to identify you personally.

02

How We Use Your Information

  • Personalize recommendations — Tailor health insights, supplement suggestions, and protocols to your unique profile.
  • Power Gabriel AI — Provide contextually relevant responses by referencing your health history in conversations.
  • Improve Gabriel — Analyze aggregated, de-identified usage patterns to make the product better.
  • Communicate with you — Send product updates, account notifications, and (with your consent) educational health content.
  • Fulfill purchases — Process supplement orders placed through Fullscript or other integrated services.
  • Legal compliance — Meet our obligations under applicable law and protect the rights and safety of our users.

We do not use your data for advertising, and we do not sell your data. Ever.

03

Data Storage & Security

Your data is stored on Supabase with AES-256 encryption at rest and TLS 1.3 in transit. Databases are hosted in SOC 2 Type II certified data centers in the United States.

We are designed with HIPAA-intent security practices: strict access controls, audit logging, and minimal data retention. Only engineers with a documented need-to-know may access production data.

We do not sell, rent, or broker your personal health data to any third party.

You may request deletion of your account and all associated data at any time from your account settings or by emailing hello@askgabriel.com. Deletion is processed within 30 days.

04

Third-Party Services

We integrate with the following third-party services to power Gabriel:

Authentication

  • Google OAuth — Optional sign-in. We receive only your name, email, and profile photo.
  • Apple Sign In — Optional sign-in. Apple may relay a private email address on your behalf.
  • X (Twitter) OAuth — Optional sign-in. We receive only your public profile and email.

AI Infrastructure

  • Anthropic — Powers Gabriel's conversational AI. Your messages are processed through Anthropic's API under a data processing agreement; Anthropic does not use your data to train their models.

Supplements & Commerce

  • Fullscript — If you purchase supplements through Gabriel, orders are fulfilled by Fullscript. Their privacy policy governs data related to your order.

Analytics

  • Plausible Analytics — Cookie-free, privacy-first analytics. No personal data is shared.
05

Your Rights

You have the following rights regarding your data:

  • Access — Request a copy of all personal data we hold about you.
  • Update — Correct inaccurate or incomplete information in your profile.
  • Delete — Request permanent deletion of your account and data.
  • Export — Download your health profile and conversation history in a portable format.
  • Restrict processing — Ask us to limit how we use your data while a dispute is resolved.
  • Withdraw consent — Opt out of optional data uses (e.g., research participation) at any time.

To exercise any of these rights, email us at hello@askgabriel.com with the subject line “Data Request.” We respond within 30 days.

06

Health Information Disclaimer

Gabriel is not a licensed medical provider. The information, recommendations, and insights provided by Gabriel are for educational and informational purposes only. They do not constitute medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional before making changes to your diet, supplements, medications, or health routine. In an emergency, call 911 or your local emergency number.

07

Cookies

We use a minimal set of cookies: a session cookie for authentication and a preference cookie to remember your settings. We do not use advertising or cross-site tracking cookies.

Our analytics partner (Plausible) is cookieless. You can disable session cookies in your browser, but Gabriel will not function without them.

08

Children's Privacy

Gabriel is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at hello@askgabriel.com and we will delete the account promptly.

09

Changes to This Policy

We may update this Privacy Policy as Gabriel evolves. When we make material changes, we will notify you by email and display a prominent notice in the app at least 14 days before the changes take effect.

Your continued use of Gabriel after the effective date of any update constitutes acceptance of the revised policy. If you disagree with a change, you may delete your account before it takes effect.

10

Contact

Questions, requests, or concerns about this Privacy Policy or how we handle your data:

Gabriel Labs LLC
hello@askgabriel.com

We take privacy seriously and will respond to all inquiries within 5 business days.