Back to Ascend

Privacy Policy

Last Updated: March 25, 2026

1. Introduction

Ascend is committed to protecting your privacy. This privacy policy explains what information we collect, how we use it, and what rights you have. We believe you deserve complete transparency about how we handle your data.

We've kept this policy in plain language, without legal jargon where possible. If you have questions after reading, please contact us at support@hills-dev.com.

2. Data We Collect

Ascend collects information necessary to provide our core functionality and improve your experience.Here's exactly what we gather:

Account Data

When you sign up or update your profile, we store:

  • Email address — used for login and account recovery
  • Display name — shown to other users in the community
  • Bio — optional description you choose to share
  • Avatar — your profile picture (uploaded by you)
  • Password — encrypted using bcrypt (we never see your actual password)
  • Account preferences — notification settings, privacy controls

Behavioral & Activity Data

As you use Ascend, we track:

  • Habits — names, frequency (daily/weekly/monthly), difficulty levels, descriptions you create
  • Habit completions — dates and times when you marked habits complete, skipped, or logged
  • Journal entries — text content, mood selections, timestamps (stored in your private journal, never visible to others)
  • Community posts — content you share, photos you upload, captions, timestamps
  • Community activity — posts you like/comment on, users you follow, communities you join
  • XP and progression — earned points, rank tier, streaks, achievements unlocked

Analytics Data

To understand how the app is used and improve performance:

  • TelemetryDeck — anonymized event data (what screens you visit, features you use, crashes if they happen)
  • AppsFlyer — app installation and conversion tracking (which marketing campaign led you to download)

These services receive:

  • Event names (e.g., "Habit Completed", "Post Created")
  • Timestamps and frequency
  • Device type, OS version, app version
  • General location (country/region only, never exact coordinates)

Device Data

  • IDFA (Identifier for Advertisers) — only if you grant ATT permission; used by AppsFlyer for ad attribution
  • Device model — iPhone 15, iPad Pro, etc.
  • OS version — iOS 17.6, iPadOS 18, etc.
  • Language and timezone settings

What We Don't Collect

For clarity, Ascend explicitly does NOT collect:

  • Your location (we never access GPS or coarse location services)
  • Your contacts list or phone number
  • Photos from your library (only photos you explicitly upload to share)
  • Biometric data (Face ID, Touch ID)
  • Health data or medical information
  • Detailed browsing history outside the app
  • Your browsing history or search queries

3. How We Use Your Data

Core Functionality

Your data powers Ascend's core features:

  • Storing your habits and tracking progress
  • Rendering your PRISM chart (5-attribute visual progress)
  • Recording XP earned and rank progression
  • Enabling community posts and comments
  • Maintaining your private journal
  • Displaying your profile to other users

Improving & Operating the App

  • Bug fixes: crash reports help us identify and fix issues
  • Feature usage: we see which features are popular and which need work
  • Performance monitoring: we detect slow screens and fix them
  • Server maintenance: Supabase (our backend) uses anonymized data to optimize database performance
  • Security: we monitor for suspicious activity and prevent fraud

Marketing & Attribution

  • AppsFlyer receives your installation event and campaign source so we can measure marketing ROI
  • We use this to decide which ad channels are effective
  • You are in control: if you don't grant ATT permission, AppsFlyer receives no IDFA and cannot track you across apps

Legal Compliance

  • Preventing fraud and abuse (e.g., spam accounts, harassment)
  • Responding to law enforcement requests (we'll fight unfair requests)
  • Complying with GDPR, CCPA, and other privacy laws
  • Protecting users from harm

What We Never Do

  • We do NOT sell your data to third parties for profit
  • We do NOT share your data with advertisers directly (only AppsFlyer in aggregate)
  • We do NOT use your data to build profiles for other apps/services
  • We do NOT rent your email list
  • We do NOT use your journal entries for training AI models without explicit consent

4. Data Sharing

Ascend partners with trusted service providers. Here's who has access to your data:

Supabase (Database & Backend)

  • What they get: All account, habit, journal, community, and profile data
  • How: Encrypted in transit via HTTPS; encrypted at rest in their secure data centers
  • Why: They host our infrastructure
  • Their privacy: Supabase Privacy Policy

RevenueCat (Subscriptions)

  • What they get: Your subscription plan, purchase dates, receipt data
  • Why: They manage in-app purchases and entitlements
  • Their privacy: RevenueCat Privacy Policy

AppsFlyer (Attribution)

  • What they get: Installation event, campaign source, IDFA (if you grant ATT), device model, OS version
  • Why: To measure which marketing campaigns bring quality users
  • Their privacy: AppsFlyer Privacy Policy

TelemetryDeck (Analytics)

  • What they get: Anonymized event data (no user identifiers attached)
  • Why: To understand feature usage and detect crashes
  • Their privacy: TelemetryDeck Privacy Policy

OpenAI (AI Coach Conversations)

  • What they get: Only the text of conversations you have with AI Coach (if you use this feature)
  • Why: To generate responses to your questions
  • Important: OpenAI may store conversations per their terms, but they don't use your data to train models without consent
  • Their privacy: OpenAI Privacy Policy
  • Control: Conversations are deleted after your session ends

Law Enforcement

  • We comply with valid warrants from law enforcement, but only with legally binding requests
  • We notify you when possible before disclosing data (unless legally forbidden)
  • We never voluntarily share data without a court order

5. Your Rights

You have significant control over your data.

Right to Access

You can request a complete export of all data we hold about you. Contact support@hills-dev.com with your request.

Right to Correct

You can update your profile, display name, bio, and email directly in the Settings screen.

Right to Delete

You can permanently delete your account using the "Delete Account" button in Settings. This will:

  • Remove all your personal data (profile, bio, avatar)
  • Delete all your habits and completions
  • Delete all your journal entries
  • Remove all your community posts and comments
  • Unfollow all users
  • Clear your XP and achievements

Data is removed from our systems within 30 days of deletion.

Right to Export

You can request an export of your data in a portable format. Email support@hills-dev.com with "Data Export Request" in the subject line.

Right to Opt-Out

  • Turn off notifications in Settings
  • Disable tracking by denying ATT permission on your device (Settings > Privacy > Tracking)
  • Disable analytics — this feature is coming soon; email support@hills-dev.com to request it

GDPR Rights (EU Residents)

If you're in the EU, you have additional rights under the General Data Protection Regulation:

  • Right to data portability: we'll provide your data in a standard format
  • Right to be forgotten: we'll delete your data upon request
  • Right to object: you can object to marketing communications
  • Right to restrict processing: you can limit how we use your data
  • Right to lodge a complaint: contact your local data protection authority

Contact support@hills-dev.com to exercise any GDPR rights.

CCPA Rights (California Residents)

If you're in California, you have rights under the California Consumer Privacy Act:

  • Right to know: what personal information we collect
  • Right to delete: we can delete your data upon request
  • Right to opt-out of sale: we don't sell your data, but you can opt-out of targeted advertising
  • Right to non-discrimination: we won't discriminate against you for exercising privacy rights

Contact support@hills-dev.com with "CCPA Request" in the subject line.

6. Security

We take security seriously. Here's what we do to protect your data:

Encryption

  • In transit: all communication with Supabase uses HTTPS/TLS encryption
  • At rest: Supabase encrypts data in their database using AES-256 encryption
  • Passwords: we never store your actual password; we hash it using bcrypt (one-way encryption)

Access Controls

  • Row-Level Security (RLS): Supabase enforces policies so users can only access their own data
  • No API keys in app: we keep credentials in secure build settings (xcconfig), not in code
  • Edge Functions: sensitive operations (like AI Coach API calls) happen on Supabase Edge Functions, never exposed in the app

Code Security

  • Regular audits: we review code for vulnerabilities
  • No hardcoded secrets: API keys are injected at build time, never committed
  • Third-party libraries: we audit dependencies for known vulnerabilities

User Responsibilities

  • Keep your password strong and unique
  • Don't share your login credentials
  • Log out on shared devices
  • Immediately report suspicious account activity to support@hills-dev.com

7. Children's Privacy

Ascend is not designed for children under 13 years old.

  • We do not knowingly collect data from children under 13
  • If a parent or guardian believes their child's data was collected, contact support@hills-dev.com immediately and we'll delete it
  • Under COPPA (Children's Online Privacy Protection Act), we may not use collected child data for marketing purposes

If you're under 18 but over 13, you may use Ascend with parental consent.

8. Third-Party Services

We've embedded links to all third-party services used by Ascend:

You're responsible for reviewing each provider's privacy policy. We recommend reading their policies so you understand their practices.

9. Policy Updates

We may update this privacy policy from time to time. Here's how we'll handle changes:

  • Material changes (e.g., we start collecting a new type of data) will be announced in the app or via email
  • Minor updates (typos, clarifications) may be made without notice
  • Continued use of Ascend = acceptance of the updated policy
  • Your continued use of the app 30 days after a material update means you've accepted the new policy

We'll always date this policy so you know when it was last updated.

10. Contact Us

Questions about privacy? We're here to help.

Email: support@hills-dev.com

Mailing Address:
Ascend Privacy Team
ascend.hills-dev.com
United States

Response Time: We'll respond to privacy inquiries within 30 days.

For GDPR/CCPA Requests: Please include "GDPR Request" or "CCPA Request" in the subject line.

11. Summary

We believe your data is yours. Ascend is built to be transparent about what we collect, how we use it, and who we share it with. You have control over your data through our in-app settings and privacy tools. If we ever change our practices in ways that reduce your privacy, we'll tell you first and give you options.

Thank you for trusting Ascend with your personal growth journey.

Effective Date: March 25, 2026  · Version: 1.0  · Next Review: March 25, 2027