Gilpin Health, Inc.

Privacy Policy

Effective Date: June 23, 2026  ·  Last Updated: June 23, 2026

1. Who We Are

Nell is a brain health application built and operated by Gilpin Health, Inc. ("Gilpin Health," "we," "us," or "our"). We help adults protect and improve their cognitive health through personalized daily habits, wearable data analysis, and periodic cognitive assessments.

Gilpin Health, Inc.

2829 W 34th Ave, Denver, CO 80211

rye@gilpinhealth.com

2. What This Policy Covers

This Privacy Policy describes how we collect, use, store, and share information about you when you use the Nell mobile application ("App") and related services. It applies to all users, including beta participants.

By creating an account and using Nell, you acknowledge that you have read and understood this Privacy Policy and agree to the data practices described herein. If you do not agree, please do not use the App.

3. Information We Collect

3.1 Information You Provide Directly

Account information: Name, email address, date of birth, and password.

Personal profile (collected during onboarding): Gender, height and weight, and working status (full-time, part-time, retired, or not currently working).

Health profile (collected during onboarding): Self-reported lifestyle habits including exercise frequency, typical sleep duration, alcohol consumption frequency, home cooking frequency, mentally stimulating activity frequency, social interaction frequency, and typical daily stress level. Self-reported health conditions, provided voluntarily, including cardiovascular disease, high blood pressure, metabolic disease, sleep disorders, mental health conditions, neurological conditions, and thyroid disease. You may also select "None / Prefer not to say." This information is stored but does not currently modify the coaching or scoring you receive.

Monthly check-in responses (collected approximately every 30 days): Responses to 8 questions about your subjective cognitive experience over the prior month, covering short-term memory, name and face recognition, word-finding, focus, mental clarity, orientation, task follow-through, and mental energy.

Quarterly benchmark health data (collected approximately every 90 days):

Cognitive assessment results (collected at each quarterly benchmark): Performance data from a 7-task cognitive battery measuring memory encoding, delayed recall, attention and processing speed, language and semantic association, visuospatial function, cognitive motor integration, and executive function. Individual task scores, response times, accuracy metrics, a composite cognitive score, and age-normed percentile derived from your performance.

Monthly Anchor selections and completions: The specific anchor habits you select each month across six lifestyle pillars, daily completion records for each anchor, including whether they were confirmed in your Morning Daily Review.

3.2 Information Collected Through Connected Wearable Devices

When you choose to connect a compatible wearable device — Apple Watch, WHOOP, Oura Ring, Garmin, or Biostrap — we collect health and activity data through our integration partner Junction, powered by Vital Health, Inc. This data is retrieved through each device manufacturer's authorized API with your explicit permission. We do not access your wearable account credentials directly.

Data collected through connected wearables includes:

For Apple Watch users who do not have a native device recovery score, we calculate a proxy readiness estimate from your raw sleep, HRV, and resting heart rate signals. Your Health tab will indicate when an estimated score is being used rather than a native device score.

All wearable data is stored permanently in our secure database. This longitudinal signal data is preserved to enable future deep analysis of your brain health trajectory over time.

3.3 Information Generated by the App

3.4 Usage and Technical Information

4. How We Use Your Information

We use your information solely to provide, personalize, and improve the Nell service. We do not use your data for advertising. Specifically:

To calculate your scores. Your wearable recovery data and daily anchor completion rate are used to calculate your Readiness and Reserve scores. Your Mindspan Age is derived from these scores combined with your quarterly cognitive assessment results. All calculations occur on our secure servers.

To personalize your daily experience. Your health profile, monthly check-in responses, anchor selections, and completion history inform the coaching guidance Nell provides, including your Today's Plan, Morning Daily Review, Ask Nell responses, and quarterly recalibration summaries.

To power AI coaching. We use your data to generate personalized coaching content through an AI system powered by Anthropic's Claude API. When you interact with Ask Nell or receive generated insights, relevant context about your scores, anchors, health profile, and completion history is sent to Anthropic solely for the purpose of generating your response. Anthropic does not use your data to train its AI models. Anthropic's privacy policy is available at anthropic.com/privacy.

To send you notifications. With your permission, we send push notifications for your daily morning plan, evening check-ins, monthly check-in reminders, quarterly benchmark reminders, movement break reminders, and streak milestones. You may adjust or disable notifications at any time in More → Settings → Notifications or through your device settings.

To improve the App. We may use aggregated and de-identified usage patterns to understand how the App is performing and to guide product improvements. Individual-level identifiable data is never used for this purpose.

We do not:

5. How Long We Retain Your Data

We retain your account and health data for as long as your account remains active. Health data — including wearable signals, cognitive assessment results, monthly check-in responses, anchor completion records, and Mindspan score history — is stored permanently and is never automatically deleted. This permanent retention is intentional: the long-term value of Nell depends on longitudinal data that accumulates over months and years.

If you request deletion of your account, we will delete or irreversibly de-identify all of your personal data within 30 days of a verified request, except where retention is required by applicable law. De-identified data that cannot be linked back to you may be retained for research and product improvement purposes.

6. Third Parties We Share Data With

We share your data only with the service providers listed below, each under a data processing agreement that prohibits them from using your data for their own purposes.

Provider Purpose Data Shared
Supabase, Inc. Secure database hosting and user authentication All stored user and health data
Anthropic, PBC AI-generated coaching responses via Claude API Health scores, anchor data, health profile context, conversation history
Junction / Vital Health, Inc. Wearable device data integration Wearable device connection credentials, raw biometric signals
Expo / EAS App build infrastructure and push notification delivery Push notification tokens

We do not currently use third-party analytics services that receive identifiable health data. If we introduce analytics tooling in the future, we will update this policy and notify you in advance.

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Gilpin Health, our users, or the public.

In the event of a merger, acquisition, or sale of all or substantially all of Gilpin Health's assets, your data may be transferred to the acquiring entity. We will notify you via email and in-app notice before your data becomes subject to a different privacy policy.

7. Data Security

We take the security of your health data seriously. Our current security measures include:

Nell is currently in beta. We have not yet completed a formal third-party security audit or penetration test. We are committed to conducting one before the App moves to general availability and will update this section accordingly.

No system is completely secure. If you believe your account has been compromised, or if you have identified a potential security vulnerability in the App, please contact us immediately at rye@gilpinhealth.com.

8. Your Rights and Choices

Regardless of where you are located, we honor the following rights for all users:

Access. You may request a complete copy of the personal and health data we hold about you at any time by contacting rye@gilpinhealth.com.

Correction. You may update your name, date of birth, height, weight, working status, and notification preferences at any time within the App under More → Settings. To correct health condition or assessment data, contact us directly.

Deletion. You may delete your account by navigating to More → Settings → Account → Delete Account, or by contacting rye@gilpinhealth.com. Deletion is permanent and irreversible. We will complete the deletion within 30 days of a verified request.

Data portability. Upon request, we will provide a copy of your personal and health data in a machine-readable format (JSON or CSV) within 30 days.

Withdrawal of consent. You may disconnect your wearable device at any time from More → Settings → Wearable. You may disable push notifications at any time from More → Settings → Notifications or your device settings. Withdrawing consent for these specific features does not delete your account or other data.

California residents (CCPA). You have the right to know what categories of personal information we collect and how they are used, to request deletion of your personal information, and to opt out of the sale of your personal information. We do not sell your personal information. To exercise any of these rights, contact rye@gilpinhealth.com. We will not discriminate against you for exercising your privacy rights.

European residents (GDPR). If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to access, rectify, erase, restrict processing of, and receive a portable copy of your personal data. You also have the right to object to certain processing and to withdraw consent at any time without affecting the lawfulness of prior processing. Our lawful basis for processing your health data is your explicit consent, provided at account creation. To exercise any of these rights or to lodge a complaint, contact rye@gilpinhealth.com. You also have the right to lodge a complaint with your local data protection supervisory authority.

9. Children's Privacy

Nell is intended exclusively for adults aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If you believe that a minor has created a Nell account, please contact us at rye@gilpinhealth.com and we will promptly delete the account and all associated data.

10. Beta Program Notice

Nell is currently in beta. During this period:

We will notify you of any material changes to this Privacy Policy by email and in-app notification at least 14 days before those changes take effect. Your continued use of the App after the effective date of any update constitutes your acceptance of the revised policy.

11. Medical Disclaimer

Nell is a brain health and wellness application. It is not a medical device and is not intended to diagnose, treat, cure, or prevent any disease or medical condition. Cognitive assessment results, Mindspan scores, and coaching content are for informational and wellness purposes only. Nothing in the App should be interpreted as medical advice.

If you have concerns about your cognitive health, memory, or any other medical condition, please consult a licensed healthcare provider. If you are experiencing a medical emergency, call 911 or your local emergency services immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this document reflects when it was most recently revised.

For material changes — particularly those that affect how we use your health data — we will notify you by email and through a prominent in-app notice at least 14 days before the changes take effect. For non-material changes such as clarifications or corrections, we may update this policy without advance notice.

13. Contact Us

If you have questions, concerns, or requests related to your privacy, your data, or this policy, please contact:

Rye Finegan

Gilpin Health, Inc.

2829 W 34th Ave, Denver, CO 80211

rye@gilpinhealth.com

We will respond to all privacy-related inquiries within 10 business days.