Back to Home

Privacy Policy

Last updated: March 2026

1. Introduction

NexusWeaver Ltd ("we", "our", "us") operates the Ascend mobile application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Ascend.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), and other applicable data protection legislation.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data We Collect

2.1 Account Information

When you sign up via Google Sign-In, we receive your name, email address, and profile picture from Google. We store this information to create and manage your Ascend account.

2.2 Profile Data

Information you provide during onboarding and in your profile, including: date of birth, gender, height, weight, fitness goals, activity level, dietary preferences, and location (city/country).

2.3 Health & Fitness Data

We collect health and fitness data from connected sources, which may include:

  • Step count, distance walked/run, and active minutes
  • Heart rate, resting heart rate, and heart rate variability
  • Sleep duration, sleep stages, and sleep quality scores
  • Weight, body fat percentage, and body measurements
  • Workout logs, exercise types, sets, reps, and duration
  • Calorie burn estimates and basal metabolic rate
  • Blood oxygen saturation (SpO2) and respiratory rate
  • GPS route data for outdoor activities (running, cycling, hiking)

2.4 Nutrition Data

Food logs, meal photos, calorie and macronutrient intake, hydration tracking, and AI-analysed nutrition information from food images you submit.

2.5 User-Generated Content

Community posts, comments, shared workouts, achievements, and any content you publish within the Ascend community features.

2.6 Device & Usage Data

Device type, operating system version, app version, crash logs, interaction patterns, and feature usage analytics (anonymised).

2.7 Payment Data

Subscription transactions are processed by Stripe. We do not store your credit card details. Stripe provides us with a customer identifier, subscription status, and billing dates only.

3. How We Use Your Data

We use your data for the following purposes:

  • Provide the Service: Deliver personalised fitness plans, nutrition recommendations, and health insights.
  • AI Coaching: Generate personalised coaching cues, meal plans, and training protocols using AI models.
  • Health Monitoring: Display health metrics from connected wearables and health platforms on your dashboard.
  • Community Features: Enable social interactions within squads, leaderboards, and the community feed.
  • Improve the Service: Analyse anonymised usage data to improve features, fix bugs, and enhance user experience.
  • Communications: Send essential account notifications, subscription updates, and (with your consent) marketing communications.
  • Legal Compliance: Meet our obligations under applicable laws and regulations.

Our legal bases for processing under GDPR are: contract performance (providing the Service), legitimate interests (improving the Service), consent (marketing, optional data sharing), and legal obligation (regulatory compliance).

4. Third-Party Integrations

Ascend integrates with the following third-party health and fitness platforms to read your health data:

  • Google Health Connect (Android): Reads steps, heart rate, sleep, weight, workouts, and nutrition data from Health Connect-compatible apps.
  • Apple HealthKit (iOS): Reads health metrics from the Apple Health ecosystem with your explicit permission.
  • Fitbit: Syncs via the Fitbit app through Google Health Connect (Android) or Apple HealthKit (iOS). Ascend does not connect to Fitbit directly.
  • Garmin: Syncs via the Garmin Connect app through Health Connect or HealthKit.
  • Samsung Health: Syncs via Samsung Health through Google Health Connect on Samsung devices.
  • Strava: Optional integration for importing activity data via the Strava API with OAuth authorisation.

We only read data from these platforms with your explicit permission. You can revoke access at any time through your device settings or the respective app's permissions.

Stripe processes payments on our behalf. Please review Stripe's Privacy Policy for details on how they handle payment data.

5. AI Processing

Ascend uses Google Gemini AI models to power several features, including:

  • Personalised AI coaching conversations and training plans
  • Nutrition analysis from food photographs
  • Meal plan generation and recipe suggestions
  • Voice-based coaching commands

When you use these features, relevant data (such as your fitness profile, health metrics, or food images) is sent to Google's Gemini API for processing. This data is transmitted securely via TLS encryption.

Google processes this data according to their Google AI Terms of Service. Data sent to the Gemini API is not used by Google to train their models when accessed through the paid API tier.

6. Data Storage & Security

Your data is stored in Firebase (Google Cloud Platform) infrastructure. We implement the following security measures:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at rest: Data stored in Google Cloud is encrypted at rest using AES-256 encryption.
  • Firestore Security Rules: Strict security rules ensure users can only access their own data. Server-side validation prevents unauthorised access.
  • Authentication: Google Sign-In with Firebase Authentication provides secure, token-based access control.
  • Server-side processing: Sensitive operations (subscriptions, AI calls, data exports) are handled by server-side Cloud Functions with authentication checks.

7. Analytics & Crash Reporting

  • Firebase Analytics: We collect anonymised usage data to understand how features are used and to improve the app. This data does not identify individual users.
  • Firebase Crashlytics: We collect crash reports and diagnostic data to identify and fix bugs. Crash reports may include device type, OS version, and app state at the time of the crash.

You can opt out of analytics data collection in your device settings.

8. Cookies

Ascend uses minimal cookies and local storage, limited to:

  • Firebase session tokens for authentication
  • Local preferences (theme, measurement units, dismissed tips)

We do not use third-party advertising cookies or cross-site tracking technologies. Our website may use essential cookies for functionality purposes only.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Stored until you request account deletion.
  • Health and fitness data: Stored until you request deletion or delete your account.
  • Payment records: Retained for 7 years as required by UK tax and accounting regulations.
  • Anonymised analytics: May be retained indefinitely in aggregate form.

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

10. Your Rights (GDPR)

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): Request a copy of all personal data we hold about you.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing (Article 18): Request limitation of how we process your data.
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format (CSV export).
  • Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, you can:

  • Use the Data Export feature in the app (Settings → Privacy → Export My Data) to download your data in CSV format.
  • Use the Delete Account feature in the app (Settings → Account → Delete Account) to permanently delete your account and data.
  • Contact us at info@nexusweaver.io for any data rights requests.

We will respond to all data rights requests within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

11. Children's Privacy

Ascend is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@nexusweaver.io and we will promptly delete such data.

12. International Data Transfers

Your data may be transferred to and processed in countries outside the UK and EEA, including the United States (where Google Cloud servers are located). Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTAs)
  • Adequacy decisions where applicable

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the app and updating the "Last updated" date above. For significant changes, we will provide additional notice via in-app notification or email.

Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: