Privacy Policy

Effective date: May 15, 2026

This Privacy Policy describes how Ascendify ("we," "us," or "our") collects, uses, and shares information in connection with the Ascendify mobile application ("Ascendify" or "the App"). By using Ascendify, you agree to the practices described here.

We collect the minimum information necessary to run the App. We do not sell your personal information, we do not track you across other apps or websites, and we do not show targeted advertising.

1. Summary (the short version)

We collect face photos you submit for analysis, but we do not store them on our servers after the analysis is returned.
Your scan history (past photos and scores) is saved to your own iCloud account, not to our servers.
We assign you an anonymous identifier so we can enforce subscription and rate-limit rules. We do not collect your name, email, phone number, location, contacts, or browsing history.
We use three third-party services to operate the App: Google Firebase (sign-in, server functions, abuse prevention), Google Gemini (the AI that analyzes your photo), and RevenueCat (subscription management).
You can delete your account and all server-side data from inside the App at any time (Profile → Account → Delete Account).

2. Information We Collect

2.1 Face photos

When you initiate a scan, you provide a photo of your face. The photo is transmitted to our server (a Firebase Cloud Function), which forwards it to Google's Gemini AI model to generate the analysis. The AI returns scores and suggestions, which the server returns to your device.

We do not retain your photos on our servers after the analysis is returned. Photos are processed in memory and discarded.

2.2 Anonymous identifiers

Firebase Authentication ID — an anonymous identifier assigned the first time you use a feature that requires our server (e.g., your first scan). Used to authenticate requests to our server and to ensure the one-time onboarding scan (whose result is shown blurred on the paywall until you subscribe) is provided only once per user.
RevenueCat App User ID — an anonymous identifier assigned by RevenueCat for subscription tracking. Also used by our server to enforce the rolling 24-hour scan limit for subscribers.
Firebase Installations ID — a per-install identifier used by the Firebase SDK for App Check (abuse prevention) and basic diagnostics.

None of these identifiers are tied to your real name, email, or any other personally identifying information unless you choose to contact us using a contact method that reveals those details.

2.3 Subscription and purchase data

When you purchase a subscription, Apple processes the transaction. Apple shares a subscription receipt with RevenueCat (our subscription-management provider), which RevenueCat uses to determine whether your subscription is active. We see only your subscription status and the anonymous RevenueCat ID — we do not see your Apple ID, payment method, or billing address.

2.4 Onboarding answers

During first-run setup we ask you questions about your age range, gender, and improvement goals. These answers are stored only on your device (in iOS's UserDefaults). They are not transmitted to our servers and are not used by the AI analysis. They influence local UI only.

2.5 Scan history

Your past scans (the photos and associated scores) are saved to your own iCloud Drive container when iCloud is available on your device, or to local device storage otherwise. We do not have access to your iCloud data. Apple's iCloud terms govern that storage.

2.6 Diagnostic data

The Firebase SDK may collect minimal diagnostic data (such as installation identifiers) for the SDK's own internal operation. We have not enabled Firebase Crashlytics or Firebase Performance Monitoring, and we do not run any custom analytics, telemetry, or crash-reporting service.

2.7 What we do NOT collect

We do not collect: your name, email address, phone number, postal address, precise or coarse location, contacts, calendar, photos other than the one you submit for analysis, browsing history outside the App, health or fitness data, biometric identifiers used for identification, advertising identifiers, or any data for tracking purposes.

We do not display the App Tracking Transparency prompt because we do not track you across apps or websites.

3. How We Use Your Information

We use the information described above only to:

Run the App and provide the face-analysis feature.
Enforce subscription entitlements and prevent abuse (rate limiting, App Check).
Diagnose technical problems and improve reliability.
Respond to your support requests.

We do not use your information for advertising, profiling, sale, or any purpose unrelated to running the App.

4. AI Processing of Your Photo

Your face photo is analyzed by Google's Gemini AI model, accessed through our backend. Google processes the photo solely to generate the analysis response. We use Gemini through Google's paid API, under terms that prohibit Google from using customer prompts and responses to train its models. See Google's Gemini API terms for detail.

The AI evaluates descriptive facial features (e.g., jawline, eyes, skin quality) for scoring purposes only. The AI is not used to identify you, match you to a database of people, or perform facial recognition in the legal sense of comparing you to other individuals.

5. Who We Share Data With

We share data only with service providers that help us run the App, and only the minimum necessary:

Provider	What they receive	Purpose
Google (Firebase)	Anonymous Auth UID, Installations ID, App Check tokens	Authentication, abuse prevention, server functions
Google (Gemini API)	The face photo you submit for a scan	AI analysis (returned immediately, not retained by us)
RevenueCat	RevenueCat App User ID, Apple subscription receipt data forwarded by Apple	Subscription management and entitlement verification
Apple	Subscription purchase, App Store transaction data	Processing your purchase; iCloud storage of your scan history (governed by Apple's terms)

We do not sell your personal information. We do not share it with advertisers or data brokers. We have no advertising network integrations.

Each of the service providers listed above is contractually bound to protect your information with safeguards equivalent to — and no less protective than — the standards set out in this Privacy Policy. In particular, Google is prohibited under its Gemini API Terms of Service from using the photos or other inputs you submit to train its AI models; Google's Firebase services are governed by Google's Data Processing and Security Terms; RevenueCat is bound by its Data Processing Addendum; and Apple is bound by its standard developer and iCloud terms.

We may disclose information if required by law (subpoena, court order) or to protect the safety, rights, or property of Ascendify, our users, or the public.

6. Data Retention

Face photos: Not retained on our servers; discarded after each analysis completes.
Anonymous Firebase Auth UID: Retained for the lifetime of the install, or until you delete your account.
Onboarding-scan record: A flag noting whether you have already used your one-time onboarding scan. Retained until you delete your account.
Subscriber scan-rate record: A list of recent scan timestamps within the past 24 hours, used to enforce the rolling 24-hour scan limit for subscribers. Old entries are pruned automatically; the underlying record is retained until you delete your account.
Subscription / RevenueCat records: Retained while your subscription is active, plus the period required for accounting and tax purposes.
Scan history (iCloud / device): Retained until you delete it. We do not control this — you do.
Onboarding answers (UserDefaults): Retained on your device until you delete the app or wipe local data.

7. Your Rights and Choices

7.1 Delete your account and data

You can delete your account at any time from inside the App (Profile → Account → Delete Account). This will:

Delete your Firebase Authentication account.
Delete the records tracking your onboarding-scan usage and subscriber scan-rate history on our servers.
Delete your RevenueCat subscriber record.
Delete all locally-stored scan history (including iCloud-synced scans) and local preferences on the device that initiated the deletion.

What account deletion does NOT do: It does not cancel any active App Store subscription — Apple requires you to cancel subscriptions yourself in Settings → Apple ID → Subscriptions. We will display a reminder during the deletion flow.

7.2 Access, correction, portability

Because we do not collect a meaningful amount of personal data and do not link it to a real-world identity, traditional "access" and "portability" requests have limited application. If you would like to know what anonymous identifiers we have associated with your install, contact us at getascendify@outlook.com and we will help where possible.

7.3 Region-specific rights

California (CCPA / CPRA): California residents have rights to know, delete, correct, and limit use of personal information. We do not sell or share personal information for cross-context behavioral advertising. Exercise rights at getascendify@outlook.com or via the in-app delete flow.

European Economic Area, UK, Switzerland (GDPR / UK GDPR): You have rights of access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is (a) performance of a contract (running the App for you) and (b) our legitimate interests in preventing abuse and operating securely. You have the right to lodge a complaint with your local supervisory authority. We do not have an EU representative; if you are an EU resident with a privacy question, contact us at getascendify@outlook.com.

Illinois (BIPA): Although Ascendify's AI does not identify you (it generates descriptive scores rather than performing facial recognition against a person database), we recognize Illinois has specific rules around facial data. We do not retain face photos beyond the moment of analysis, do not create face templates, and do not share face data with any party other than Google (Gemini) for the single-request analysis. We retain no biometric identifier.

8. Children's Privacy

Ascendify is rated 13+ on the App Store and is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If we learn that a child under 13 has provided personal information, we will delete it. If you believe a child has used the App, contact us at getascendify@outlook.com.

9. International Data Transfers

We operate from the United States, and our service providers (Google, RevenueCat, Apple) process data in the United States and other regions where they operate. If you are accessing Ascendify from outside the United States, your information will be transferred to and processed in the United States, which may have different data-protection laws than your country.

10. Security

We use industry-standard safeguards to protect data in transit (TLS) and at rest (provider-managed encryption). We use Firebase App Check (App Attest) to verify that requests to our backend originate from a genuine copy of our app running on a real Apple device, materially limiting abuse of our server endpoints. No system is perfectly secure; we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" at the top and, for material changes, provide reasonable notice (such as a notice in the App or on our website). Continued use of the App after the effective date constitutes acceptance of the updated Policy.

12. Contact

Questions about this Privacy Policy or your data? Contact us at getascendify@outlook.com.

Ascendify · United States