Last updated: May 19, 2026 · Effective immediately
Ascend ("we", "us", "our") is operated by Ascend Coach Online. This policy explains what personal data we collect when you use Ascend, how we use it, who we share it with, how long we keep it, and what rights you have. Because Ascend processes facial images, special rules under GDPR (Article 9), CCPA, and BIPA apply — we address those explicitly below.
1
Data we collect
PhotosUp to three facial photos per scan — front, side, angled. Uploaded from your device gallery or camera.
ProfileName, email address, and authentication credentials, collected via Clerk.
Scan resultsOverall score, individual category scores, and AI-generated tips stored against your account.
Usage dataPages visited, feature interactions, and error logs collected via PostHog and Sentry.
Payment dataPayment method details processed by Razorpay (India) or Dodo Payments (global). We never store full card numbers.
2
How we use your data
Run AI analysis on your photos to produce facial scores and personalised improvement tips.
Deliver personalised coaching content through the AI Coach feature.
Track your progress over time and maintain your scan history.
Improve the accuracy and quality of our scoring models (aggregate, de-identified statistics only — never your individual photos).
Send transactional emails such as scan results, receipts, and account security notices via Resend.
Detect and prevent fraud, abuse, or security incidents.
Comply with legal obligations.
Important: Your photos are never used to train AI models, sold to third parties, used for identification, or shared for advertising purposes.
3
Who we share data with
We share the minimum data necessary with the following sub-processors. Each is bound by a Data Processing Agreement (DPA) or equivalent.
OpenRouter / OpenAIReceives your photos for AI-powered facial analysis and coaching via the OpenRouter gateway (model: gpt-4o). Governed by OpenAI DPA.
AWS RekognitionReceives your photo for celebrity-lookalike matching. Governed by AWS Data Processing Addendum.
SupabaseStores your account data, scan results, and photo URLs. Data encrypted at rest with AES-256.
ClerkManages authentication, session tokens, and identity verification.
RevenueCatManages in-app purchase entitlements and subscription state for the mobile app.
Google Play BillingProcesses in-app purchases on Android. Governed by Google Play Developer Distribution Agreement.
RazorpayProcesses web payments for users in India. PCI-DSS Level 1 certified.
Dodo PaymentsProcesses web payments for users outside India. PCI-DSS Level 1 certified.
PostHogCollects anonymised product analytics. No photos transmitted.
SentryReceives error traces and crash reports. No photos transmitted.
ResendDelivers transactional email. Receives your email address only.
We do not sell your personal data. We do not share it with advertisers. We will disclose data to law enforcement only when required by a valid legal process.
4
Your rights
You can exercise any of the following rights at any time by emailing supportchronicai@gmail.com. We respond within 30 days.
AccessRequest a copy of all personal data we hold about you, including scan results and photos.
DeleteRequest permanent deletion of your account, all photos, and all scan data.
ExportRequest a machine-readable export (JSON) of your scan history and profile data.
CorrectRequest correction of any inaccurate profile information.
Withdraw consentWithdraw biometric consent at any time. This will disable the scan feature for your account.
Object / RestrictObject to or restrict processing of your data in certain circumstances.
California residents: the above rights satisfy your rights under CCPA/CPRA including the right to know, delete, opt-out, and non-discrimination. Illinois residents: the above also constitutes your BIPA rights regarding biometric data. EU/UK residents: these rights are provided under GDPR/UK GDPR Article 15–22.
5
Data retention
Face photosDeleted 90 days after the associated scan is deleted by the user. Deleted immediately upon account deletion.
Scan results & scoresRetained for 1 year from scan date, or until account deletion, whichever comes first.
Account profileRetained until you request account deletion.
Payment recordsRetained for 7 years as required by financial regulations.
Error logsRetained for 90 days then automatically purged.
6
GDPR, CCPA, and BIPA compliance
GDPR (EU/UK)
Our legal basis for processing biometric data (Article 9(2)(a)) is your explicit consent, obtained via the in-app consent modal before your first scan. You may withdraw consent at any time. For routine profile and usage data our basis is contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)). Our Data Protection contact is supportchronicai@gmail.com.
CCPA/CPRA (California)
We do not sell or share personal information for cross-context behavioural advertising. California residents have the right to know, delete, correct, and opt-out of sale/sharing. To exercise these rights, email supportchronicai@gmail.com.
BIPA (Illinois)
Ascend collects facial geometry data that may constitute a biometric identifier under BIPA. We obtain informed written consent before collection, do not sell or profit from biometric data, and destroy biometric data within 90 days of the later of: scan deletion or the purpose for collection being fulfilled. To submit a BIPA request, email supportchronicai@gmail.com.
7
Contact us
For all privacy-related inquiries, data subject requests, or concerns:
We aim to respond to all privacy requests within 30 days. For urgent matters involving a data breach or imminent harm, please indicate "URGENT" in your subject line.
8
Changes to this policy
We may update this policy when we add new features, change sub-processors, or when regulations require it. We will notify you by email or in-app notice at least 14 days before material changes take effect. Continued use of Ascend after that date constitutes acceptance of the revised policy.