Last updated: March 2026

Privacy Policy

At Gabriel Labs LLC ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use Sanctum, our health sharing community and Gabriel Intelligence platform.

1. Information We Collect

Account Information

When you create a Gabriel Care account, we collect:

  • Name
  • Email address
  • Date of birth
  • State of residence
  • Phone number

Health Information

To provide personalized recommendations and process claims, we collect:

  • Health interests and wellness goals
  • Current insurance status
  • Experience with integrative and functional medicine
  • Medical claims data (provider, service type, amount, receipts)
  • Treatment protocols and outcomes (if voluntarily shared)

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card numbers. We receive from Stripe:

  • Last four digits of your payment card
  • Card type and expiration date
  • Billing address
  • Transaction history

Wearable & Biometric Data

If you connect a wearable device via Terra API, we collect:

  • Daily step count
  • Heart rate and heart rate variability (HRV)
  • Sleep duration and quality metrics
  • Activity and exercise data
  • Other metrics available through your connected device

Usage Data

We automatically collect information about how you use Sanctum:

  • Pages visited and features used
  • Time spent on the platform
  • Device type, operating system, and browser
  • IP address and general location
  • Interactions with Gabriel Intelligence (queries, chat history)

Communications

We collect communications you send to us, including:

  • Support messages and inquiries
  • SMS messages (if you opt in to text notifications)
  • Email correspondence
  • Feedback and survey responses

2. How We Use Your Information

We use the information we collect to:

  • Process membership and claims: Verify eligibility, process payments, and reimburse approved medical expenses
  • Provide AI health scoring and recommendations: Gabriel Intelligence uses your health data, wearable metrics, and claims history to generate personalized health scores and treatment recommendations
  • Correlate treatments and outcomes: Analyze anonymized data to identify patterns and improve our wellness benefit categories
  • Communicate with you: Send account updates, claim status notifications, educational content, and important service announcements via email, SMS, and in-app messages
  • Improve our services: Analyze usage patterns to enhance Gabriel Intelligence, optimize the user experience, and develop new features
  • Prevent fraud and abuse: Monitor claims for fraudulent activity and ensure fair use of community resources
  • Comply with legal obligations: Respond to legal requests, enforce our Terms of Service, and protect our rights and the rights of our members

3. How We Share Your Information

Service Providers

We share your information with trusted third-party service providers who help us operate Sanctum:

  • Stripe: Payment processing and bank transfers
  • Supabase: Database hosting and authentication
  • Vercel: Web hosting and application infrastructure
  • Terra API: Wearable device data integration
  • Twilio: SMS notifications
  • Resend: Transactional email delivery

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

We Never Sell Your Data

Your personal information is never sold to third parties. We do not share your data with advertisers or data brokers.

Legal and Regulatory Disclosures

We may disclose your information if required by law or in response to:

  • Subpoenas, court orders, or legal process
  • Requests from government agencies or regulators
  • Situations involving potential threats to safety or security

Aggregated and Anonymized Data

We may use and share aggregated, anonymized data that cannot identify you personally for research, analytics, and to improve health outcomes for our community. For example, we may publish insights like "Members using peptide protocols reported a 23% improvement in recovery time."

4. HIPAA Compliance

Gabriel Labs is committed to protecting your health information in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

  • Encryption: All health data is encrypted in transit (TLS) and at rest (AES-256)
  • Access controls: Only authorized personnel can access identifiable health information
  • Business Associate Agreements (BAAs): All service providers handling health data have signed BAAs
  • Audit logging: All access to health data is logged and monitored
  • Regular security assessments: We conduct routine security audits and vulnerability assessments

5. Your Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:

  • Right to Know: You can request details about the personal information we collect, use, and share
  • Right to Delete: You can request that we delete your personal information (subject to legal exceptions)
  • Right to Opt-Out of Sale: We do not sell personal information, so there is nothing to opt out of
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@askgabriel.com.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access controls: Role-based access with multi-factor authentication for staff
  • Regular backups: Automated daily backups stored in secure, redundant locations
  • Security monitoring: 24/7 intrusion detection and anomaly monitoring
  • Incident response: Documented procedures for responding to security breaches

While we take every precaution to protect your data, no system is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. After you cancel your membership, we retain your data for:

  • Seven (7) years: Financial and claims records (required for tax and legal compliance)
  • Anonymized permanently: Aggregated health insights used for research

You may request deletion of your account at any time by contacting privacy@askgabriel.com. We will delete your data within 30 days, except where retention is required by law.

8. Children's Privacy

Gabriel Care is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly.

9. International Users

Gabriel Care is designed for US residents only. If you access Gabriel Care from outside the United States, your information may be transferred to and processed in the US. By using our services, you consent to the transfer and processing of your information in the United States.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Email notification to your registered email address
  • In-app notification when you next log in
  • Posting the updated policy on this page with a new "Last updated" date

Changes will take effect 30 days after notification. Your continued use of Gabriel Care after the effective date constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact us:

Gabriel Labs LLC
Email: privacy@askgabriel.com
Address: Las Vegas, Nevada

For privacy-related requests (data access, deletion, etc.), please use privacy@askgabriel.com for fastest response.