Back to Home

Privacy Policy

Last updated: April 2026

1. Introduction

NexusWeaver Ltd ("we", "our", "us") operates the Ascend mobile application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Ascend.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), and other applicable data protection legislation.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data We Collect

2.1 Account Information

When you sign up via Google Sign-In, we receive your name, email address, and profile picture from Google. We store this information to create and manage your Ascend account.

2.2 Profile Data

Information you provide during onboarding and in your profile, including: date of birth, gender, height, weight, fitness goals, activity level, dietary preferences, and location (city/country).

2.3 Health & Fitness Data

We collect health and fitness data from connected sources, which may include:

  • Step count, distance walked/run, and active minutes
  • Heart rate, resting heart rate, and heart rate variability
  • Sleep duration, sleep stages, and sleep quality scores
  • Weight, body fat percentage, and body measurements
  • Workout logs, exercise types, sets, reps, and duration
  • Calorie burn estimates and basal metabolic rate
  • Blood oxygen saturation (SpO2) and respiratory rate
  • GPS route data for outdoor activities (running, cycling, hiking)

2.4 Nutrition Data

Food logs, meal photos, calorie and macronutrient intake, hydration tracking, and AI-analysed nutrition information from food images you submit.

2.5 User-Generated Content

Community posts, comments, shared workouts, achievements, and any content you publish within the Ascend community features.

2.6 Device & Usage Data

Device type, operating system version, app version, crash logs, interaction patterns, and feature usage analytics (anonymised).

2.7 Payment Data

Subscription transactions are processed by Apple In-App Purchase (iOS), Google Play Billing (Android), and Stripe (web). RevenueCat acts as our subscription middleware, receiving anonymised purchase receipts to manage entitlements across platforms. We do not store your credit card or payment-method details. Our payment providers supply us with a customer identifier, subscription status, plan tier, and billing dates only.

3. Device Permissions

Ascend requests certain Android and iOS permissions to deliver core functionality. We request only the permissions we use, explain the purpose at the moment of request, and you may revoke any permission at any time via your device settings.

3.1 Camera

Camera access is used to capture photos of meals for AI-powered nutrition analysis (calorie and macro estimation via Google Gemini Vision) and to set or update your profile picture. Photos taken for nutrition analysis are sent to Google's Gemini API for processing and are not retained server-side beyond the duration of the analysis. Profile photos are stored in Firebase Storage.

3.2 Microphone

Microphone access is used for voice commands to the AI Coach (e.g. "log a glass of water", "start workout") and the wake-word detector ("Hey Ascend"). Wake-word detection runs entirely on-device; recorded audio for command parsing may be sent to Google Gemini for transcription. You can disable voice features at any time in Settings.

3.3 Bluetooth

Bluetooth permissions (BLUETOOTH, BLUETOOTH_SCAN, BLUETOOTH_CONNECT) are used to connect to compatible heart-rate monitors, smart scales, and other fitness peripherals you choose to pair with Ascend. We do not scan for or track nearby Bluetooth devices for advertising, location inference, or any other purpose.

3.4 Location (Foreground & Background)

Foreground location (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION) is used to record GPS routes during outdoor workouts (running, cycling, hiking) and to find nearby parks, trails, and gyms.

Background location (ACCESS_BACKGROUND_LOCATION) is used only during an active outdoor workout, so we can continue recording your route when the screen is off or you switch to another app. We do not collect location data outside an active workout. You may revoke background location at any time in Android Settings; foreground location will continue to work for in-app navigation and route recording.

3.5 Activity Recognition

Activity recognition (ACTIVITY_RECOGNITION) is used to count steps, detect workout types automatically, and track active minutes when no wearable is connected. This data stays on your device unless you sync it to Health Connect or Apple HealthKit.

3.6 Notifications

Notification permission (POST_NOTIFICATIONS) is used to send workout reminders, fasting timer alerts, AI coach messages, and streak reminders. You can disable notifications globally or per-category at any time in Settings.

3.7 Health Connect / Apple HealthKit

On Android, Ascend requests granular Health Connect permissions (READ_STEPS, READ_HEART_RATE, READ_SLEEP, READ_EXERCISE, READ_WEIGHT, READ_NUTRITION, etc.) to read fitness data you have authorised in Health Connect. On iOS, Ascend requests equivalent Apple HealthKit permissions. Each data type is requested individually and you may grant or deny each one. We never write data back to Health Connect or HealthKit unless you explicitly enable that in Settings.

3.8 Exact Alarms

Exact alarm permissions (SCHEDULE_EXACT_ALARM, USE_EXACT_ALARM) are used to fire fasting-window completion alerts and timed workout reminders precisely on schedule.

4. How We Use Your Data

We use your data for the following purposes:

  • Provide the Service: Deliver personalised fitness plans, nutrition recommendations, and health insights.
  • AI Coaching: Generate personalised coaching cues, meal plans, and training protocols using AI models.
  • Health Monitoring: Display health metrics from connected wearables and health platforms on your dashboard.
  • Community Features: Enable social interactions within squads, leaderboards, and the community feed.
  • Improve the Service: Analyse anonymised usage data to improve features, fix bugs, and enhance user experience.
  • Communications: Send essential account notifications, subscription updates, and (with your consent) marketing communications.
  • Legal Compliance: Meet our obligations under applicable laws and regulations.

Our legal bases for processing under GDPR are: contract performance (providing the Service), legitimate interests (improving the Service), consent (marketing, optional data sharing), and legal obligation (regulatory compliance).

5. Third-Party Integrations

Ascend integrates with the following third-party health and fitness platforms to read your health data:

  • Google Health Connect (Android): Reads steps, heart rate, sleep, weight, workouts, and nutrition data from Health Connect-compatible apps.
  • Apple HealthKit (iOS): Reads health metrics from the Apple Health ecosystem with your explicit permission.
  • Fitbit: Syncs via the Fitbit app through Google Health Connect (Android) or Apple HealthKit (iOS). Ascend does not connect to Fitbit directly.
  • Garmin: Syncs via the Garmin Connect app through Health Connect or HealthKit.
  • Samsung Health: Syncs via Samsung Health through Google Health Connect on Samsung devices.
  • Strava: Optional integration for importing activity data via the Strava API with OAuth authorisation.

We only read data from these platforms with your explicit permission. You can revoke access at any time through your device settings or the respective app's permissions.

RevenueCat manages cross-platform subscription entitlements. Anonymised purchase receipts (transaction ID, product ID, price tier) are sent to RevenueCat to determine your subscription status. See RevenueCat's Privacy Policy.

Apple In-App Purchase and Google Play Billing handle all native iOS and Android subscription transactions. Apple and Google receive billing details directly from you; Ascend never sees your card number. See Apple's Privacy Policy and Google's Privacy Policy.

Stripe processes web subscription payments on our behalf. Please review Stripe's Privacy Policy for details on how they handle payment data.

6. AI Processing

Ascend uses Google Gemini AI models to power several features, including:

  • Personalised AI coaching conversations and training plans
  • Nutrition analysis from food photographs
  • Meal plan generation and recipe suggestions
  • Voice-based coaching commands

When you use these features, relevant data (such as your fitness profile, health metrics, or food images) is sent to Google's Gemini API for processing. This data is transmitted securely via TLS encryption.

Google processes this data according to their Google AI Terms of Service. Data sent to the Gemini API is not used by Google to train their models when accessed through the paid API tier.

Voice Data Collection

When you use voice commands, Ascend may collect and store anonymised voice recordings to improve voice recognition accuracy, including wake word detection and command understanding. Voice data is stored securely on Google Cloud and is used solely to train and improve Ascend's on-device voice models. Voice recordings are not shared with third parties and are not linked to your personal identity. You may request deletion of your voice data at any time by contacting info@nexusweaver.io.

Service Improvement Data

Ascend caches certain non-personal data to improve service quality and reduce response times. This includes: location-based search results (parks, trails, gyms near you), AI-generated content (meal plans, coaching tips), and text-to-speech audio. This cached data is shared across all users — for example, if one user searches for parks near a location, the results are stored and served to other users searching the same area, eliminating redundant external API calls. No personal data is included in these shared caches.

7. Data Storage & Security

Your data is stored in Firebase (Google Cloud Platform) infrastructure. We implement the following security measures:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at rest: Data stored in Google Cloud is encrypted at rest using AES-256 encryption.
  • Firestore Security Rules: Strict security rules ensure users can only access their own data. Server-side validation prevents unauthorised access.
  • Authentication: Google Sign-In with Firebase Authentication provides secure, token-based access control.
  • Server-side processing: Sensitive operations (subscriptions, AI calls, data exports) are handled by server-side Cloud Functions with authentication checks.

8. Analytics & Crash Reporting

  • Firebase Analytics: We collect anonymised usage data to understand how features are used and to improve the app. This data does not identify individual users.
  • Firebase Crashlytics: We collect crash reports and diagnostic data to identify and fix bugs. Crash reports may include device type, OS version, and app state at the time of the crash.

You can opt out of analytics data collection in your device settings.

9. Cookies

Ascend uses minimal cookies and local storage, limited to:

  • Firebase session tokens for authentication
  • Local preferences (theme, measurement units, dismissed tips)

We do not use third-party advertising cookies or cross-site tracking technologies. Our website may use essential cookies for functionality purposes only.

10. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Stored until you request account deletion.
  • Health and fitness data: Stored until you request deletion or delete your account.
  • Payment records: Retained for 7 years as required by UK tax and accounting regulations.
  • Anonymised analytics: May be retained indefinitely in aggregate form.

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

11. Your Rights (GDPR)

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): Request a copy of all personal data we hold about you.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing (Article 18): Request limitation of how we process your data.
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format (CSV export).
  • Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, you can:

  • Use the Data Export feature in the app (Settings → Privacy → Export My Data) to download your data in CSV format.
  • Use the Delete Account feature in the app (Settings → Account → Delete Account) to permanently delete your account and data.
  • Contact us at info@nexusweaver.io for any data rights requests.

We will respond to all data rights requests within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

12. Children's Privacy

Ascend is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@nexusweaver.io and we will promptly delete such data.

13. International Data Transfers

Your data may be transferred to and processed in countries outside the UK and EEA, including the United States (where Google Cloud servers are located). Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTAs)
  • Adequacy decisions where applicable

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the app and updating the "Last updated" date above. For significant changes, we will provide additional notice via in-app notification or email.

Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: