1. Introduction
This Privacy Policy describes how ascentX collects and processes personal data in connection with our websites, applications, vertical AI workspaces, integrations, APIs, MCP services, support, sales and related services.
By using our services, you acknowledge that we process personal data as described in this Privacy Policy. If you use our services on behalf of an organization, that organization may also control certain personal data processed through the platform.
We may update this Privacy Policy from time to time. If changes materially affect your rights or obligations, we will take reasonable steps to notify you.
2. Controller and contact details
The controller for website, sales, marketing, account administration and direct support data is ascentX, the operator of ascentx.dev and the provider of the ascentX services.
Privacy questions, legal privacy notices and rights requests must be sent to privacy@ascentx.dev. ascentX has not appointed a data protection officer because one is not required for the processing described in this policy. ascentX has not appointed an EU representative or UK representative because ascentX does not maintain an establishment in the EEA or UK and provides the services to business customers, not directly to individuals for personal, household or consumer use.
Customers using ascentX as a workspace for their own data are usually the controller, business or equivalent decision-maker for data they submit to, connect with or generate in ascentX ("Customer Data"). ascentX acts as their processor, service provider or contractor under the applicable customer agreement and data processing addendum.
3. Our role in relation to personal data
We act as a controller when we decide how and why personal data is processed, such as when you visit our website, contact us, subscribe to communications, request a demo, apply for a role or use an account we administer directly.
We act as a processor or service provider when a customer uses ascentX to upload, connect, organize, enrich or act on data inside its workspace. In those circumstances, we process personal data according to our customer's instructions and the applicable agreement with that customer.
If your personal data appears in an ascentX workspace because one of our customers provided it or connected a system containing it, please contact that customer first to exercise privacy rights related to that data.
4. Personal data we collect
4.1 Data you provide to us
We may collect personal data that you provide when you:
- Use our website, platform or mobile-accessible services.
- Create an account, join a workspace or authenticate to our services.
- Request a demo, contact sales, receive support or subscribe to updates.
- Purchase services, sign agreements or otherwise communicate with us.
- Apply for a job or provide services to us.
This data may include your name, business email address, phone number, employer, job title, location, account credentials, billing details, support messages, communications preferences and any information you choose to include in forms, messages, files or job applications.
4.2 Data we collect automatically
When you use our website or services, we may automatically collect:
- Device, browser, operating system, IP address and approximate location information.
- Log data, pages viewed, features used, links clicked, referring pages and timestamps.
- Workspace activity, audit logs, authentication events and usage metrics.
- Email engagement data, such as whether messages were delivered, opened or clicked.
We may use cookies, pixels, local storage and similar technologies to operate our site, remember preferences, measure performance, understand product usage and support marketing. You can control cookies through your browser settings and any consent tools we provide.
4.3 Data we receive from customers and third parties
Customers may provide or connect data from CRM, ERP, service, compliance, payment, data warehouse, productivity, communication, document and industry-specific systems. This may include customer, employee, vendor, account, case, transaction, document, task, message, status, evidence, workflow and audit information.
We may also receive data from identity providers, integration partners, payment providers, analytics providers, security services, recruiters, public sources and business data providers.
4.4 Sensitive personal data
Customer Data may contain sensitive personal data or sensitive personal information if a customer chooses to connect systems that contain it, such as government identifiers, financial account information, compliance records, health-related information, communications content or account credentials. We process this data only as needed to provide, secure, support and comply with law for the services, or as otherwise instructed by the customer. We do not use sensitive personal information to infer characteristics about you except as permitted by law and necessary for the services.
5. US state notice at collection
This section is intended to provide disclosures required by California and other US state privacy laws. It describes the categories of personal information we may collect, the sources, purposes, retention criteria and disclosures for business purposes during the last 12 months.
| Category | Examples | Sources | Purposes | Disclosures |
|---|---|---|---|---|
| Identifiers | Name, business email, phone, company, account ID, IP address. | You, your organization, identity providers, business partners. | Account setup, authentication, support, sales, security, communications. | Service providers, customer-authorized systems, advisors, authorities where required. |
| Commercial and contract information | Plan, purchase, invoice, subscription, order and support records. | You, your organization, payment and billing providers. | Contracts, billing, support, records, compliance. | Payment processors, finance systems, advisors, authorities where required. |
| Internet or network activity | Device data, browser data, log data, pages viewed, features used, timestamps. | Your browser or device, cookies, pixels, product logs. | Operate, secure, debug, measure and improve the services. | Hosting, analytics, security and infrastructure providers. |
| Professional information | Employer, role, department, business contact details, job application data. | You, your organization, recruiters, public business sources. | Sales, support, account administration, recruiting and business operations. | Service providers, recruiters, advisors and customer-authorized systems. |
| Workspace and integration data | Customer, case, task, transaction, document, message, evidence, workflow, audit and writeback data. | Customers, authorized users and connected services. | Provide vertical workspaces, AI summaries, MCP context, governance, audit logs and approved writebacks. | Customer-authorized integrations, infrastructure, AI and security providers under contract. |
| Sensitive personal information | Credentials, financial account data, government IDs, communications contents, health or compliance information where included in Customer Data. | You, customers, authorized integrations and connected systems. | Provide, secure, support and comply with law for the services; process Customer Data under customer instructions. | Service providers, customer-authorized systems and authorities where legally required. |
| Inferences | Product usage insights, workspace summaries, risk signals, workflow state and predicted next actions. | Use of the services, Customer Data, connected systems. | Analytics, product improvement, AI insights, workflow recommendations and customer-requested features. | Service providers and customer-authorized systems. |
We retain each category for as long as needed for the purposes described in this policy, according to the applicable customer agreement and workspace settings, or as required to comply with law, resolve disputes, maintain security and enforce agreements.
We do not sell personal information for money. We do not "share" personal information for cross-context behavioral advertising under California law, and we do not use Customer Data for targeted advertising. We do not knowingly sell or share personal information of individuals under 16.
6. Connected services and integrations
ascentX is designed to connect systems behind operational journeys. If you or your organization authorize an integration, we may collect and process data from that connected service to provide the workspace, workflow, search, summary, insight, writeback, automation and governance features requested by the customer.
Connected services may include Google, Microsoft, CRM, ERP, support, case management, compliance, financial, data warehouse, messaging and storage services. The exact data processed depends on the permissions granted, the integration configured and the customer's instructions.
If ascentX receives information from Google APIs, our use and transfer of that information will comply with the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to serve advertisements, and we do not permit humans to read Google user data unless necessary to provide or secure the service, comply with law, respond to user-authorized support needs or use aggregated and de-identified data for internal operations.
7. AI features, MCP services and automated decisions
ascentX may use artificial intelligence and machine learning service providers to generate summaries, identify blockers, propose next actions, classify workflow state, answer workspace questions, support MCP endpoints and improve user-facing features.
We use AI providers and internal controls to support the service under the customer's instructions and our agreements. We do not sell customer workspace data. We do not use customer workspace data to train third-party foundation models unless the customer has expressly agreed.
ascentX does not, as a controller, make decisions based solely on automated processing that produce legal effects or similarly significant effects for individuals. Customers may configure their own workflows, approvals, risk flags, account actions or writebacks. Where such customer-configured processing could significantly affect an individual, the customer is responsible for identifying a lawful basis, providing required notices, enabling appropriate human review and honoring applicable rights.
AI output may be inaccurate or incomplete. Customers and users are responsible for reviewing AI-generated content before relying on it, especially for regulated, financial, compliance, employment, health or customer-impacting decisions.
8. Purposes and lawful bases for Europe
If you are located in the European Economic Area, United Kingdom or Switzerland, we process personal data as a controller only when we have a lawful basis. The table below maps our main controller processing activities to lawful bases.
| Processing activity | Purpose | Lawful basis |
|---|---|---|
| Website and product operation | Provide, maintain, secure, troubleshoot and improve the services. | Contract; legitimate interests in operating and securing services. |
| Account administration | Create accounts, authenticate users, manage permissions and send service communications. | Contract; legitimate interests in account management and security. |
| Customer workspace processing | Process Customer Data according to customer instructions. | Customer's lawful basis; ascentX acts as processor unless otherwise stated. |
| Sales, support and relationship management | Respond to requests, provide demos, support customers and manage contracts. | Contract; legitimate interests in business communications. |
| Marketing | Send product, event and business communications where permitted. | Consent where required; legitimate interests where permitted by law. |
| Analytics and improvement | Measure performance, understand use and develop features. | Consent for non-essential cookies where required; legitimate interests for service analytics. |
| Legal, compliance and safety | Comply with law, enforce terms, protect rights and respond to security or legal claims. | Legal obligation; legitimate interests in compliance, security and legal protection. |
| Recruiting | Evaluate candidates and manage hiring processes. | Contract steps at your request; legitimate interests; legal obligation when required by law. |
Where we rely on legitimate interests, those interests include providing and improving the services, securing our systems, communicating with business contacts, preventing misuse, protecting legal rights and operating our business. You may object to processing based on legitimate interests when the law gives you that right.
9. Marketing communications and cookies
We may send marketing communications if you requested information, purchased or used services, attended an event, interacted with us or otherwise have not opted out where marketing is permitted by law.
You may unsubscribe from marketing emails at any time by using the unsubscribe link in the message or contacting us. Even if you opt out of marketing, we may still send transactional, account, security, legal and service-related communications.
We use strictly necessary cookies to operate the site and services. We use analytics, preference or marketing cookies only where permitted by law and, where required, with your consent. You can control cookies through your browser settings and any cookie or consent tool we make available. Where legally required, we will honor opt-out preference signals such as Global Privacy Control for the browser or device that sends the signal.
11. US state privacy disclosures
Depending on where you live, US state privacy laws may give you rights to know, access, correct, delete and port personal information, to opt out of certain targeted advertising, sale or profiling, to limit certain uses of sensitive personal information and to appeal a rights decision.
The categories of personal information we may collect include identifiers, commercial information, internet or electronic network activity, geolocation at an approximate level, professional or employment-related information, account credentials, communications, inferences and sensitive personal information where necessary to provide or secure the services. We use and disclose these categories for the business and commercial purposes described in this policy.
We do not use sensitive personal information to infer characteristics about you except as necessary to provide, secure or comply with law for the services. Authorized agents may submit requests where permitted by law, but we may require verification of the requester and the agent's authority.
To exercise US state privacy rights, contact privacy@ascentx.dev. We will verify your request by asking for information reasonably related to your relationship with us, such as your email address or account information. If we deny your request and your state provides an appeal right, you may appeal by replying to our decision or contacting the same address with "Privacy Appeal" in the subject line.
We will not discriminate against you for exercising privacy rights. We do not currently offer financial incentives or price/service differences in exchange for personal information.
12. International transfers
We may process and store personal data in the United States, the United Kingdom, the European Economic Area and other countries where we or our service providers operate.
Where required, we use appropriate safeguards for international transfers, such as adequacy decisions, the European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum or International Data Transfer Agreement, Swiss transfer safeguards, data processing agreements and other lawful transfer mechanisms. You may contact us to request information about the transfer safeguards relevant to your personal data.
13. Security
We use reasonable technical and organizational measures designed to protect personal data, including access controls, encryption where appropriate, monitoring, logging and vendor review. No system is completely secure, and we cannot guarantee that personal data will always remain secure.
14. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, export or port personal data, restrict or object to processing, opt out of certain processing, withdraw consent and lodge a complaint with a data protection authority.
If we process your personal data as a controller, you can exercise your rights by contacting us using the details below. We will respond within the time required by applicable law. If we process your personal data as a processor, service provider or contractor for a customer, we may direct your request to that customer or help the customer respond.
EEA, UK and Swiss individuals may also have the right to complain to a supervisory authority in their country of residence, place of work or place of the alleged infringement. California residents may have the right not to receive discriminatory treatment for exercising CCPA rights.
If provision of personal data is required to enter into or perform a contract with you or your organization, failure to provide it may prevent us from providing the requested service. Optional data can be withheld, but some features may not work without it.
15. Retention
We retain personal data for as long as necessary to provide the services, fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, enforce agreements and maintain appropriate business records.
Customer workspace data is retained according to the applicable customer agreement, workspace settings and customer instructions, unless a longer retention period is required by law.
- Account, contract and billing records are generally retained for the customer relationship and for a reasonable period afterward for legal, tax, audit and dispute purposes.
- Security logs and audit records are retained for security, compliance and troubleshooting according to operational need and customer agreement.
- Marketing data is retained until you opt out or it is no longer needed for legitimate business purposes.
- Recruiting data is retained for the hiring process and for a reasonable period afterward unless law requires a different period.
16. Children's privacy
Our services are not directed to children under 18, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can take appropriate action.
17. Third-party sites and services
Our services may link to or integrate with third-party websites, platforms and applications. We do not control those third parties and are not responsible for their privacy practices. Please review their privacy policies before using them.
18. Contact us
If you have questions about this Privacy Policy or want to exercise privacy rights, contact us at privacy@ascentx.dev.
Customer Data is also governed by the customer agreement, data processing addendum, security terms, subprocessor terms, deletion terms and international transfer terms agreed between ascentX and the customer.