PRIVACY
POLICY

Ascend AI ("we," "us," "our") is operated by Souhail ZAKI, a French micro-entreprise located at 13 BD DES PROVINCES, 69110 STE FOY LES LYON, France. We provide an AI-powered facial analysis and self-improvement application available on iPhone (the "Service").

This Privacy Policy explains how we collect, use, store, and protect your personal information. By using the Service, you agree to the practices described here.

• Account: Email address, authentication provider, and account identifier
• Profile: Name, age, and onboarding answers
• Payment: No card data is collected directly by the app; subscription and transaction status are processed through Apple and RevenueCat
• Support: Messages you send to our team

• Usage data: Limited in-app usage data necessary for core service operation
• Device info: Device and app metadata necessary for authentication, purchases, and security
• Score history: Scan scores, category scores, grade, analysis confidence, analysis warnings, and scan timestamps
• Task data: Plan progress, completed action IDs, and daily execution state
• Crash reports: We do not use a dedicated crash reporting provider at this time

When you use the scan feature, you voluntarily submit a photograph. See Section 4 for full details on how we handle this sensitive data.

• Service delivery: Processing scans, calculating scores, generating your guidance, and operating premium features
• Account management: Creating and maintaining your account
• Progress tracking: Storing history to power the tracking features
• Service improvement: Analyzing anonymized, aggregate usage patterns
• Customer support: Responding to inquiries
• Security: Detecting fraud and preventing abuse
• Legal compliance: Meeting our obligations under applicable law
• Communications: Transactional emails and, with your consent, product updates

When you submit a photo, it is transmitted over an encrypted connection to our processing infrastructure. The system analyzes the image to compute your results. The original photograph is retained only as long as necessary to provide the scan analysis and is deleted within 24 hours.

• Always stored: Numeric scores, category scores, grade, analysis confidence, warnings, and timestamps
• Not stored beyond service necessity: Your original face photograph after analysis
• No separate thumbnail retention: We do not retain separate thumbnails beyond service necessity

Where facial data is treated as sensitive or biometric data under applicable law, we process it on the basis of your voluntary submission and informed consent for scan analysis. You may withdraw consent at any time by requesting deletion of your account data.

We do not use users' facial images or account-linked numeric score data to train AI models.

Your data is stored using Supabase infrastructure hosted in Europe. Our security measures include:

• Encryption in transit
• Encryption at rest
• Authenticated access through Supabase Auth and restricted backend access
• Reasonable administrative, technical, and organizational safeguards
• Restricted access on a need-to-know basis
• Automated deletion pipelines for facial images

In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by applicable law.

We share data only with trusted providers bound by confidentiality and data processing agreements:

Provider	Purpose	Data Shared
Supabase	Database, hosting, and authentication	Account data, app data, scores
Google / Apple	Authentication providers	Sign-in identity data
RevenueCat / Apple App Store	Subscription management and payment processing	Purchase and subscription status
OpenAI (if used in production)	AI processing related to analysis or generated outputs	Only the data necessary to provide the feature

• Access: Request a copy of all data we hold on you
• Deletion: Request deletion of your account and account-linked data from within the app
• Export: Data export is not currently available as a self-service feature
• Opt-out: Unsubscribe from marketing communications at any time
• Withdraw consent: Revoke facial processing consent by requesting deletion of your account data

• Right to rectification, restriction, and objection
• Right to data portability in machine-readable format
• Right to lodge a complaint with your national data protection authority

If you have privacy-related questions or want to exercise your rights, contact: support@acsndai.com

• Facial images: Deleted within 24 hours of analysis
• Score history & metrics: Retained until account deletion request or service termination
• Account information: Retained until account deletion request or service termination
• Payment records: 10 years where required by tax or accounting law
• Support communications: 3 years
• Anonymized aggregate data: We do not retain user image data for model training

When you request deletion of your account, personal data is deleted or anonymized within 30 days, except where retention is required by law.

Ascend AI is intended for users 18 years of age or older. We do not knowingly collect data from individuals under 18. If we become aware of such data, we will delete it and terminate the account where appropriate. If you believe a minor has used the Service, contact support@acsndai.com.

Our primary infrastructure is located in Europe. Where personal data is transferred outside the European Economic Area through service providers, we rely on appropriate safeguards such as Standard Contractual Clauses where applicable.

The Ascend AI website may use essential cookies required for core functionality. We do not use advertising cookies, analytics cookies, or cross-site tracking technologies.

We will notify you of material changes via email and/or a prominent in-app notice at least 30 days before changes take effect where required. Continued use after the effective date constitutes acceptance of the updated policy.