Ascent

Privacy Policy

Last updated: April 5, 2026

1. Data Controller

Ascent Health (“Ascent”, “we”, “us”) is the data controller responsible for your personal data. If you have any questions about how we handle your data, contact us at privacy@useascent.app.

2. Data We Collect

2.1 Data you provide

  • Waitlist: Email address and optional name when you join our waitlist.
  • Account data: Email, name, and authentication provider (Apple or Google) when you create an account.
  • Health data: Nutrition logs, fasting records, body metrics, and health goals you voluntarily enter.

2.2 Data collected automatically

  • Device data: Device type, operating system, browser type, and app version.
  • Usage data: Pages visited, features used, and interaction patterns (only with your cookie consent).
  • IP address: Used for rate limiting and security purposes. Not stored permanently.

2.3 Data from third parties

  • Wearable integrations: Health metrics from Apple Health, Whoop, Garmin, or Oura Ring — only the specific data categories you authorize.

3. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your data based on:

  • Consent (Art. 6(1)(a)): For analytics cookies, marketing communications, and health data processing.
  • Contract (Art. 6(1)(b)): To provide the Ascent service you signed up for.
  • Legitimate interest (Art. 6(1)(f)): For security, fraud prevention, and service improvement.

Health data is classified as special category data under GDPR Art. 9. We process it only with your explicit consent.

4. How We Use Your Data

  • Provide, maintain, and improve the Ascent service
  • Generate personalized health insights and AI recommendations
  • Process your waitlist registration
  • Send product updates and health tips (with your consent)
  • Analyze aggregate, anonymized usage patterns to improve the service
  • Ensure security and prevent abuse (rate limiting, fraud detection)

5. Cookies & Tracking

5.1 Essential cookies

Required for the website to function. These cannot be disabled.

  • cookie-consent — Stores your cookie preference (1 year)

5.2 Analytics cookies (optional)

Only loaded if you click “Accept All” on the cookie banner. Used to understand how visitors use our site.

5.3 Managing cookies

You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site. You can also disable cookies in your browser settings.

6. What We Never Do

  • Sell your personal data to third parties
  • Share your health data with advertisers
  • Use your data for targeted advertising
  • Access your data without your consent
  • Transfer data outside the EU/EEA without adequate safeguards

7. Data Security

We implement industry-standard security measures including:

  • End-to-end encryption for health data transmission and storage
  • Secure, SOC 2 compliant infrastructure
  • Regular security audits
  • On-device AI processing where possible to minimize data exposure
  • Access controls and audit logging for internal systems

8. Third-Party Services

We use carefully selected third-party service providers for:

  • Cloud hosting and infrastructure
  • Database services
  • AI processing for our chat assistant

All third-party providers are contractually bound to protect your data and comply with GDPR where applicable. A full list of sub-processors is available upon request at privacy@useascent.app.

When you connect Apple Health, Whoop, Garmin, or Oura, we only access data categories you explicitly authorize. You can revoke access at any time.

9. Data Retention

  • Waitlist data: Until you unsubscribe or the product launches.
  • Account data: For as long as your account is active.
  • Health data: Until you delete it or close your account.
  • Chat rate limiting: IP addresses are stored temporarily for 24 hours.

You can export all your data (JSON or CSV) or request complete deletion at any time.

10. Your Rights (GDPR Art. 15-22)

If you are in the EU/EEA, you have the right to:

  • Access (Art. 15): Request a copy of all data we hold about you.
  • Rectification (Art. 16): Correct inaccurate data.
  • Erasure (Art. 17): Request deletion of your data (“right to be forgotten”).
  • Restriction (Art. 18): Restrict processing of your data.
  • Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Objection (Art. 21): Object to processing based on legitimate interest.
  • Withdraw consent: Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact privacy@useascent.app. We will respond within 30 days.

11. International Transfers

If we transfer your data outside the EU/EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission, or by transferring only to countries with an adequacy decision.

12. Children's Privacy

Ascent is not intended for users under the age of 16. We do not knowingly collect data from children. If we discover we have collected data from a child under 16, we will delete it immediately.

13. Supervisory Authority

If you are in the EU/EEA and believe we have violated your data protection rights, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

14. Changes to This Policy

We will notify you of any material changes via email or in-app notification at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

15. Contact

For privacy questions, data requests, or complaints: