Ascend
Product Pricing About
GET STARTED

Privacy Policy

Last updated: 19 March 2026

Introduction

This privacy policy explains how Ascend Platform Ltd, a company registered in England and Wales (company number 16442743) ("Ascend", "we", "our", "us"), collects, uses, and safeguards your information when you use our website at ascendplatform.net, our browser extension, and our platform services (together, the "Service").

We are the data controller for the personal data described in this policy. Our registered office is 34b-34f Westbourne Gardens, London, England, W2 5PU, and our Information Commissioner's Office registration reference is ZB987705. You can contact us at privacy@ascendplatform.net or by post at the registered office address above. We have not appointed a Data Protection Officer as we do not currently meet the threshold requiring one, but you can direct any data protection queries to the email address above.

Information we collect

We collect information in the following ways:

  • Information you provide: When you sign up or create an account, we collect your email address, name, and any other information you choose to provide.
  • Automatically collected information: We use analytics tools to collect information about how you interact with our website, including pages visited, time spent, and general location (country/city level).
  • Browser extension data: When you use the Ascend browser extension, we capture your interactions with AI tools (prompts, responses, and outputs) to build your personal logbook. This data is stored securely and is private to you by default.
  • Third-party integrations: When you connect external services (such as Google Calendar or Microsoft Outlook), we access only the data necessary to provide the requested feature. See "Third-party integrations" below for details.

How we use your information

We use the collected information to:

  • Provide and improve our services
  • Send you updates about Ascend (if you've opted in)
  • Analyse website usage to enhance user experience
  • Respond to your inquiries

Legal basis for processing

Under the UK GDPR, we must have a lawful basis for each type of processing. The bases we rely on are:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service to you, including account creation, authentication, logbook capture, session storage, playbook management, and optional integrations or automations you explicitly ask us to enable.
  • Consent (Art. 6(1)(a)): Website analytics cookies (PostHog and Plausible), marketing measurement cookies (Google Ads conversion tags), and marketing communications. You may withdraw consent at any time (see "Your rights" below).
  • Legitimate interests (Art. 6(1)(f)): Improving the Service based on aggregated operational usage patterns, ensuring security and preventing fraud, and maintaining a reliable service. Our legitimate interest is to maintain and improve a secure, functional service. We balance this against your rights and only process data that is strictly necessary for these purposes.
  • Legal obligation (Art. 6(1)(c)): Where we are required to retain data for tax, accounting, or regulatory purposes.

Cookies

We use cookies to enhance your experience on our website. Cookies are small text files stored on your device that help us remember your preferences and analyse how you use our site.

Types of cookies we use:

  • Essential cookies: Required for the website to function properly (e.g., remembering your cookie consent choice)
  • Analytics cookies: Help us understand how visitors interact with our website using PostHog and Plausible Analytics
  • Marketing measurement cookies: Help us measure whether ads lead to sign-ups using Google Ads conversion tags

We will ask for your consent before placing any non-essential cookies. You can withdraw or change your preferences at any time through our cookie controls, or by clearing your browser data and revisiting our site.

Analytics

If you consent to analytics cookies, we use Plausible Analytics and PostHog to understand how visitors use our website. If you separately consent to marketing measurement cookies, we also use Google Ads conversion tags to understand whether ad campaigns lead to sign-ups. Our controls are designed so these tools are not loaded until you opt in.

  • Plausible is designed to be privacy-friendly and is only loaded if you enable analytics cookies
  • PostHog is configured with EU data hosting and only tracks analytics with your consent
  • Google Ads conversion measurement is only loaded if you enable marketing measurement cookies
  • We do not use these tools to make solely automated decisions with legal or similarly significant effects

Third-party integrations

Ascend allows you to connect external services to enhance your experience. When you connect a service, we request only the permissions necessary for the feature to work.

Google Calendar and Microsoft Outlook:

  • We request the following Google OAuth scopes: calendar.readonly (to read your calendar events and free/busy information) and calendar.events (to create time-blocking events on your behalf when you request it). No other Google data is accessed.
  • We read your calendar events to identify free time windows and display them on your Ascend home screen.
  • With your permission, we create calendar events to block time for focused experiment sessions.
  • Calendar data is used solely within the Ascend platform to help you plan your work. We do not share, sell, or use your calendar data for advertising or any purpose unrelated to providing the Ascend service.
  • Calendar credentials are encrypted at rest using AES-GCM encryption. Access tokens are short-lived and refresh tokens are stored securely.
  • You can disconnect any integration at any time from your Ascend settings. When you disconnect, we revoke our access and delete stored credentials.

Other integrations: As we add support for additional services (such as GitHub, Slack, or Notion), this section will be updated to describe the data accessed and how it is used.

AI and automated processing

Ascend uses artificial intelligence and machine learning to enhance your experience. Specifically:

  • Logbook intelligence: We use large language models (LLMs) to analyse your captured sessions and logbook entries in order to suggest patterns, generate summaries, and identify potential playbook candidates. This processing is performed on your data within the Service and is not used to train third-party AI models.
  • Embeddings and search: We generate vector embeddings of your logbook content to power semantic search and memory retrieval within the platform.
  • Morph chat assistant: An AI assistant is available within the Service to help you explore your work, answer questions about your captured data, and suggest improvements.

These features assist and augment your use of the Service. No automated decisions with legal or similarly significant effects are made solely by AI. You always retain control over which content is saved, promoted, or shared.

The AI and embedding providers we use for these features are listed in the "Sub-processors" section below. The exact provider used can vary by feature, resilience path, and service configuration. Your data is processed under our data processing agreements with these providers and is not used by them for their own purposes.

Google API Services User Data Policy

Ascend's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data (calendar events and free/busy information) to provide and improve the Ascend time-blocking feature visible to you within the app.
  • We do not use Google user data for advertising, and we do not sell or transfer it to third parties.
  • We do not use Google user data to build user profiles for advertising or to serve targeted ads.
  • Human access to Google user data is limited to what is necessary for security purposes, to comply with applicable law, or when aggregated and anonymised for internal operations.

Data sharing

We do not sell your personal data. We may share data only in the following circumstances:

  • Service providers: We use trusted infrastructure providers to host and operate the Service. These providers process data on our behalf under strict contractual obligations. See "Sub-processors" below for details.
  • Legal requirements: We may disclose data if required by law, regulation, or legal process.
  • With your consent: When you choose to publish playbooks or share content with your team, that content becomes visible to the audience you select.

International data transfers

Your personal data is primarily stored and processed within the European Union (Google Cloud Platform, europe-west1 region, Belgium). However, some of our service providers may process data in the UK, the EU, or the United States depending on the feature and resilience path being used:

  • Google Cloud Platform / Vertex AI: Primary infrastructure is hosted in the EU (`europe-west1`, Belgium). Some Google support or resilience paths may involve transfers outside the UK/EU.
  • AWS Bedrock and Anthropic-related model paths: Some model inference paths are routed through EU AWS regions, while direct fallback paths may involve processing in the United States.
  • Mistral, OpenAI, PostHog, Plausible, and Vercel: These providers may process data in the EU, UK, or United States depending on the service used.

Where transfers are made to countries without an adequacy decision, we ensure appropriate safeguards are in place (for example Standard Contractual Clauses, the UK Addendum / IDTA, or another valid transfer mechanism). You may request a copy of the relevant safeguards by contacting us.

Sub-processors

We use the following current or supported sub-processors to deliver the website and Service:

  • Google Cloud Platform / Vertex AI (infrastructure, database, storage, embeddings, and core AI processing) - EU/US
  • Firebase / Google Identity Platform (authentication) - EU/US
  • Amazon Web Services Bedrock (Claude model inference fallback) - EU
  • Mistral AI (LLM and vision inference) - EU
  • Anthropic (direct fallback model inference where enabled) - US
  • OpenAI (embeddings and AI processing where configured) - EU/US
  • PostHog (website and product analytics, EU-hosted) - EU
  • Plausible Analytics (website analytics) - EU
  • Vercel (marketing website hosting) - EU/US

All sub-processors operate under data processing agreements that require them to process your data only on our instructions and to implement appropriate security measures.

Data retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Account data (name, email): Retained for the lifetime of your account. Deleted within 30 days of account deletion.
  • Logbook entries and sessions: Retained for as long as your account is active. You may delete individual entries at any time.
  • Analytics data: Plausible retains no personal data. PostHog session data is retained for up to 12 months.
  • Integration credentials: Deleted immediately when you disconnect an integration.
  • Server logs: Retained for up to 30 days for security and debugging purposes.
  • Backups: Database backups that may contain personal data are retained for up to 7 days and then automatically deleted.

During beta, some export and deletion requests are fulfilled manually after we verify the request. Once verified, we aim to erase or anonymise personal data within 30 days, except where retention is required by law.

Data protection and security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit (TLS) and at rest for all user data
  • AES-GCM encryption for stored integration credentials
  • IAM-based access controls with least-privilege principles
  • Infrastructure hosted within the EU (Google Cloud, europe-west1 region)
  • Regular security reviews of our codebase and infrastructure

Your rights

Under the UK GDPR, you have the following rights:

  • Access (Art. 15): Request a copy of the personal data we hold about you.
  • Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Restriction (Art. 18): Request that we limit how we process your data in certain circumstances.
  • Data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent (Art. 7(3)): Where we process data based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. You can withdraw cookie consent through our cookie preferences controls, by clearing your browser data and revisiting our site, or by disconnecting integrations from your Ascend settings.
  • Automated decision-making (Art. 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently make such decisions.

To exercise any of these rights, please contact us at privacy@ascendplatform.net. During beta, we currently fulfil access, export, rectification, and erasure requests through manual workflows after verifying identity. We will respond within one month. In complex cases, we may extend this by a further two months, and we will inform you if we need to do so.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint, telephone 0303 123 1113. If you are in the EU, you may contact the supervisory authority in your country of residence.

Provision of personal data

Providing your email address and name is necessary to create an account and use the Service. If you do not provide this information, we cannot provide the Service to you. Connecting third-party integrations (such as Google Calendar) is entirely optional and not required to use the core features of Ascend.

Children

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

Contact us

If you have questions about this privacy policy or our practices, please contact us at:
privacy@ascendplatform.net

Ascend Platform Ltd
Company number: 16442743
ICO registration: ZB987705
34b-34f Westbourne Gardens, London, England, W2 5PU
Registered in England and Wales