Skip to main content

Last updated: 2026-05-16

Gila Child Safety Notice

Plain-language summary: Gila is for adults aged 16 and over. We do not knowingly accept users under 16. If we discover that a user is under 16 (or under the local digital-consent age, whichever is higher), we will suspend the account, delete the data within seven days, and notify the address on file. This notice explains why we chose 16+, what happens if a child slips through the gate, and how parents, guardians, and supervisory authorities can reach us.

This notice is a companion to the main Privacy Policy. The jurisdiction-specific notes (EU/UK, Turkiye, Switzerland) cross-reference this document for all questions about minors.

1. Minimum age and how we check it

Gila requires every user to be 16 years of age or older. The age check is performed at two points:

  1. Account creation — the LegalConsentGate step of onboarding presents a checkbox that the user must affirmatively tick to confirm they are at least 16 years of age. We do not auto-tick this checkbox; the form will not progress until the user takes positive action. The consent record (timestamp, policy version, IP-derived country, app version) is persisted in public.consent_log as audit evidence under GDPR Art 7(1) and KVKK Madde 5.
  2. Ongoing self-attestation — when a user later edits their profile (e.g., updates date-of-birth or year-of-birth fields used for activity-goal personalisation), the resulting age is recomputed. A profile change that would imply an age below 16 is rejected at the application layer.

We do not currently perform government-ID-based age verification or third-party age-assurance (e.g., Yoti, AgeChecked). Gila is a habit-and-health-tracking app targeted at adults using GLP-1 medications and adult-focused behaviour-change content; ID verification would be disproportionate to the actual under-age risk profile (the product itself has little appeal to users below 16). We re-evaluate this stance annually and would adopt third-party age-assurance if regulatory guidance shifts (e.g., the UK Information Commissioner's Office tightening the Age-Appropriate Design Code recommended methods) or if observed under-age signups exceed an internal threshold.

As of the effective date of this notice we are pre-launch and have not observed under-age signups against an audited baseline; the first 6-month figure will be added at the next review cycle.

2. Why 16+ and not a lower age

Gila operates globally. Different jurisdictions set different "digital age of consent" thresholds — the age at which a child can give valid consent for an information-society service without parental authority:

Jurisdiction Digital-consent age Source
Germany 16 GDPR Art 8(1) as transposed by BDSG
Netherlands 16 UAVG
Turkiye 18 (general civil-law capacity for valid explicit consent) Turkish Civil Code Art 13 + KVKK Kurul guidance
France 15 Loi Informatique et Libertes Art 7-1
United Kingdom 13 UK Data Protection Act 2018 § 9
Spain 14 LOPDGDD Art 7
United States (federal) 13 (COPPA threshold for "knowing collection from children") 15 USC §§ 6501-6506
EEA default 16 (member states may lower to 13) GDPR Art 8(1)

Picking the highest value (16) avoids per-region branching, eliminates the need to build parental-consent workflows for any market, and offers a defensible single global standard. The trade-off is that we exclude 13- to 15-year-olds who could lawfully use the service under their local regime. We consider that acceptable because:

  • The product is designed for adult metabolic-health journeys (GLP-1 medication tracking, calorie scanning, mood and journal reflections).
  • We process Article 9 / Madde 6 special-category health data — body weight, medication, dose, side-effect severity, mental-state data, dietary intake — at scale.
  • We use AI-generated content (Google Gemini coaching, food-vision, narrative reports). Under-18 users would attract the UK Age-Appropriate Design Code's 15-standard checklist and the EU AI Act's child-specific safeguards in Art 5(1)(b), neither of which we are presently resourced to operate.
  • A lower threshold would force us to build a separate child-account UX, default-high-privacy settings, simplified disclosures, suitable-age-content controls, and a parental-consent workflow. That would be a multi-quarter engineering investment for a small expected child user base.

Turkiye warrants additional explanation because Turkish civil law sets full contractual capacity at 18 and the KVKK Kurul has expressed (Decision 2020/65 and related guidance) that valid acik riza (explicit consent) for special-category data from a minor below age of majority generally requires parental authorisation. Our 16+ gate therefore permits 16- and 17-year-olds in Turkiye to use the service for non-special-category features, while the LegalConsentGate separately requires explicit confirmation that the user has reached the age at which they may give valid explicit consent under their local law. See ./jurisdictions/turkey.md § 10 for the Turkish-language version of this disclosure.

3. What happens if a user under 16 signs up anyway

We rely on self-attestation, so it is foreseeable that some under-age users will sign up dishonestly. When we discover an under-age account — through a report from a parent, guardian, school, teacher, supervisory authority, or our own moderation signals (e.g., journal-content review surfacing references to school-age life events) — we follow this procedure:

  1. Immediate suspension (T+0) — the account is disabled within one business day of discovery. The user can no longer log in, log new data, or receive notifications.
  2. Email notification (T+0 to T+1) — a notice is sent to the email on file explaining the suspension, the reason, the right to dispute (e.g., if the under-age claim is a mistake and the user is in fact 16+), and how to contact us for a verified appeal. If a parent or guardian made the report and provided their contact details, they are also notified.
  3. Data deletion (T+0 to T+7) — within seven days of suspension (or seven days after the appeal window closes if an appeal is filed), the account record, all linked personal data, all storage objects (avatars, habit-evidence photos), all push tokens, all newsletter subscriptions, and all downstream-processor footprints (Beehiiv, Firebase, RevenueCat where applicable) are deleted via the same pipeline used for ordinary deletion requests. Backups roll off within 30 additional days.
  4. Consent log retention — the consent receipt for the original signup is preserved as audit evidence under Art 7(1), with the user_id foreign key set to NULL.
  5. Internal logging — the discovery, suspension, and deletion are logged in our DSAR ledger with the trigger (e.g., "COPPA self-report by parent") and outcome (e.g., "deleted T+5 days").
  6. Refunds — if the account had any paid subscription, we refund the most recent period as a goodwill measure regardless of the in-app store's normal refund window. We do not retain the user's payment data; refunds are processed via Apple App Store or Google Play in their normal flow.

If we receive a credible report that a child's account contains content posted by an adult (e.g., adult writing journal entries in a child's account), we additionally preserve evidence as required for any criminal-law referral and consult the appropriate Turkish or destination-country authority.

4. COPPA (United States, under-13)

The US Children's Online Privacy Protection Act (15 USC §§ 6501-6506) governs the "knowing collection" of personal information from children under 13. Our position:

  • We do not knowingly collect personal information from children under 13.
  • Gila is not directed at children. Our marketing, content, and feature set target adults using GLP-1 medications or pursuing adult behaviour-change goals.
  • If we learn that we have collected personal information from a child under 13, we will: (a) suspend the account immediately, (b) delete the personal information from our systems within 30 days, (c) send a notice to the email on file (which, in this scenario, the FTC's COPPA Rule directs to be reasonably calculated to reach a parent — we provide a parent-facing notice URL and instructions to delete promptly), and (d) instruct downstream processors (Beehiiv, Firebase, RevenueCat) to delete any mirrored data under the COPPA "actual knowledge" safe-harbour timeline.
  • Parents who believe their child has provided personal information to Gila may contact dpo@gila.coach with the child's email address; we will verify the parent's identity (per the verifiable-parental-consent methods listed in 16 CFR § 312.5(b)) and process the deletion request without charge.

We do not operate a COPPA-compliant under-13 sub-product (e.g., a "Gila Kids" account type with verifiable parental consent and limited personal-information collection). Building such a sub-product is parked and not on the v1 or v2 roadmap.

5. GDPR-K and EU member-state digital-consent ages

GDPR Art 8 applies the "child's consent in relation to information society services" rule between ages 13 and 16, with the precise age set by each member state in transposing law. Where a child under the local digital-consent age uses Gila, the lawful basis for processing must come from the parental holder of responsibility rather than from the child.

Because our gate is set at 16, we are above the threshold in every EU member state and accept user-given consent in all of them. If a parent or guardian asserts that a child under 16 has used Gila in a member state whose digital-consent age is lower (e.g., a 14-year-old in Spain), we treat the user account in the same way as any under-age discovery: suspend, notify, delete within 7 days. We do not maintain a parallel "parental-consent-validated" account path because — as explained in § 2 above — building one would be disproportionate to the under-age population we serve.

Member-state transposition references for the EU/EEA digital-consent age (non-exhaustive): Belgium 13, Croatia 16, Cyprus 14, Czechia 15, Denmark 13, Estonia 13, Finland 13, France 15, Germany 16, Greece 15, Hungary 16, Iceland 13, Ireland 16, Italy 14, Latvia 13, Liechtenstein 16, Lithuania 14, Luxembourg 16, Malta 13, Netherlands 16, Norway 13, Poland 16, Portugal 13, Romania 16, Slovakia 16, Slovenia 15, Spain 14, Sweden 13. [VARIABLE — last verified: 2026-05-16; check supervisory-authority publications before next review]

6. UK Age-Appropriate Design Code

The UK ICO's Age-Appropriate Design Code (effective 2 September 2021) sets 15 standards that "online services likely to be accessed by children" must meet for users under 18. Gila is not designed for users under 18 — our content, marketing, distribution channels, and feature set are adult-focused — and we apply the 16+ gate to keep the user population out of the under-18 cohort.

However, if a UK user's signals at any point indicate they may be under 18 (e.g., self-reported age in a profile-edit subsequently revealing under-18 status, or in-app content suggesting a school-age life event), we treat the account as subject to the AADC default-high-privacy expectations until the situation is resolved. In practice this means: analytics off, marketing email suppressed, AI-features consent revoked, no inferential profiling. The user is offered a clear path to either (a) confirm 16+ status and re-enable features if they wish, or (b) request deletion under the under-age procedure in § 3.

We do not currently operate a separate UK-AADC-compliant under-18 account type. ICO guidance does not require operators of clearly-adult services to do so; it requires that operators take reasonable measures to assure themselves of user age, which our self-attestation gate satisfies subject to ongoing review. We will revisit if the ICO updates the AADC to mandate more stringent assurance for health-data services.

7. Reporting concerns about a minor

Parents, guardians, teachers, school administrators, supervisory authorities, journalists, or any concerned party may report an under-age account or under-age data exposure by emailing dpo@gila.coach with:

  • The account email address (if known)
  • The reason for the concern (e.g., "my child told me they made an account, they are 14")
  • Whether the reporter is the parent or legal guardian (we do not require proof at intake, but for fulfilment of the report we may request reasonable verification such as a copy of a parental-authority document, redacted of unrelated personal data)
  • A preferred response channel and language (English, Turkish, Spanish)

We acknowledge such reports within 72 hours and complete the suspension-and-deletion procedure within seven days as described in § 3.

Reports may also be sent in writing to the controller's registered address (available on request from dpo@gila.coach or to a supervisory authority). Turkish-residing reporters may exercise their KVKK Madde 11 rights through the same channel; see ./jurisdictions/turkey.md § 8 for the formal application procedure.

8. Contact

  • Data Protection Officer: dpo@gila.coach — primary channel for any concern about a minor's account or data
  • General support: support@gila.coach
  • EU Representative (GDPR Art 27): being appointed; in the interim, contact dpo@gila.coach
  • UK Representative (UK GDPR Art 27): being appointed; in the interim, contact dpo@gila.coach

Supervisory authorities of relevance to children's data are listed in ./jurisdictions/eu-uk.md § 4 (ICO, AEPD, CNIL, BfDI), ./jurisdictions/turkey.md § 9 (KVKK Kurul), and ./jurisdictions/switzerland.md § 7 (FDPIC).