ASCEND was built with a single rule: your body data belongs to you. We collect only what's needed to scan, score, and coach. We do not sell your data. We do not run third-party analytics. We do not use advertising identifiers. This document explains exactly what we collect, where it goes, and how to delete it.
01 Personal information
Collected during onboarding to build your 3D body model and personalize your protocol.
| Display name | Shown in the app and on the leaderboard. |
| Email address | Via Sign in with Apple, Google Sign-In, or email registration. |
| Gender | Male / female — drives the 3D body model. |
| Age | Must be 18 or older. |
| Height & weight | Used for body-composition scoring. |
| Goal weight | Anchors your transformation timeline. |
| Body concerns / target zones | The muscle groups you tap during the "Problem Areas" step. |
| Training frequency | How often you plan to train. |
| Fitness timeline | Goal horizon — used to calibrate your 12-week protocol. |
| Schedule preferences | Scan day, rest day, and reminder notification time. |
02 Body photos Sensitive
This is the most sensitive category of data the app handles. We treat it accordingly.
- What we capture: front, side, and back body photos taken through the device camera during a scan.
- Where they live: stored locally on your device in compressed JPEG format, inside ASCEND's sandboxed app container. The OS encrypts them at rest. Photos may also be uploaded to our secure cloud infrastructure (Amazon Web Services S3 with AES-256 server-side encryption) for backend AI analysis processing.
- How they are analyzed: for each scan, photos are transmitted over HTTPS to a Cloudflare Worker proxy at
ascend-proxy.advisingbyivan.workers.dev, which forwards the request to Anthropic's Claude AI API for body analysis. - Retention on Anthropic: photos are sent as part of a single API request and are not stored beyond the request lifecycle, per Anthropic's zero-retention API policy.
- Retention on the proxy: the Cloudflare Worker proxy does not store or log photo data. It exists only to keep the API key out of the mobile binary.
- Retention on the app: photos remain on your device until you delete them. Deleting a scan removes the photo. Deleting your account removes everything.
03 Apple HealthKit data
If you opt in, ASCEND reads — but never writes — the following from HealthKit to surface fitness insights inside the app:
- Step count (read-only)
- Active energy burned (read-only)
- Sleep analysis (read-only)
HealthKit data never leaves your device. It is used only for on-device insights and is not transmitted to our servers, the AI proxy, Anthropic, or any third party. HealthKit integration is optional — you can skip it during onboarding or revoke permission at any time in iOS Settings → Privacy → Health → ASCEND.
04 Authentication data
To keep your account secure and synced across devices:
- Apple User ID from Sign in with Apple, stored in the iOS Keychain.
- Google User ID from Google Sign-In (token verification only — we do not receive your Google password).
- Email + hashed password for users who register without a third-party provider. Passwords are salted and hashed with industry-standard bcrypt; the plaintext is never stored.
- JWT authentication token stored in the device Keychain to keep you signed in.
05 Subscription & purchase data
All payments are handled by Apple StoreKit 2. ASCEND never sees, stores, or transmits your credit card or payment information.
- Stored locally: subscription status (active / expired / trial) and your scan-credit balance.
- Managed by Apple: billing, renewal, refunds, and tax. Manage your subscription in
iOS Settings → [your name] → Subscriptions.
06 Usage & engagement
Anonymous engagement events (e.g. "scan completed," "milestone reached") are buffered locally in UserDefaults on your device to power streaks and milestones. Nothing is shipped to a third-party analytics vendor.
07 Push notifications
If you grant permission, your device's push notification token is stored so we can send:
- Streak reminders
- Scan day reminders at the time you choose
- Occasional encouragement and milestone notifications (yes, from IRIS — they're not always nice)
Push notifications are optional. Revoke permission anytime in iOS Settings → Notifications → ASCEND.
08 Where your data is stored
| Location | What lives there |
|---|---|
| On-device SQLite | Profile, scan history, body photos, IRIS diagnosis results. |
| iOS Keychain | API key, auth token, Apple User ID — encrypted by iOS. |
| UserDefaults | Analytics event buffer (local only). |
| PostgreSQL on Railway | Profile basics, streak counters, leaderboard entries. No body photos. No HealthKit data. |
09 Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude API) | Body photo analysis | Body photos & analysis prompt — zero-retention API. |
| Cloudflare Workers | API proxy — keeps our API key out of the binary | Pass-through only. No data stored or logged. |
| Apple | Sign in with Apple, StoreKit 2, HealthKit, Push Notifications | Per Apple's privacy policies. |
| Google Sign-In | OAuth token verification only. | |
| RevenueCat | Subscription management | User IDs and subscription/purchase data. |
| Amazon Web Services (S3) | Encrypted cloud storage | Body scan photos for backend AI analysis processing (AES-256 encryption). |
| Railway | Backend hosting (PostgreSQL) | Profile basics, streaks, leaderboard. |
10 Data retention & deletion
Delete from inside the app
Open Profile → Settings → Delete Account. This removes:
- Local SQLite database (scan history, photos, diagnosis results)
- Keychain data (auth token, Apple User ID, API key)
- UserDefaults (analytics buffer, app state)
Backend deletion
To request deletion of any backend data (profile, streak counters, leaderboard entry), email support@ascendapp.us. We process deletion requests within 30 days.
11 Children's privacy
ASCEND requires a minimum age of 18. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we will delete the account and any associated data.