Privacy Policy
 

Last Updated: June 18, 2026

Your privacy matters to us. This Privacy Policy explains how Ascent HI (“we,” “our,” or “us”) collects, uses, shares, and protects your personal information when you use our website, applications, meeting intelligence platform, and associated services (collectively, the “Service”).

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Name, email address, password, and organizational details used for account creation, identity verification, and authentication.

• Meeting Content: Audio files, video recordings, live streams, transcripts, and uploaded documents provided by you to enable our core transcription, summarization, and analysis services.

• Payment Information: Credit card details and billing addresses. All payments are securely handled via certified third-party payment processors (e.g., Stripe); we do not store raw card credentials on our servers.

• Communications: Support requests, feedback, emails, or messages sent directly to our team.

1.2 Information Collected Automatically

When you interact with our Service, we automatically record:

• Device Information: Browser type, operating system, device identifiers, and IP addresses.

• Usage Data: Specific features utilized, time spent on pages, user flows, interaction patterns, access times, and referring URLs.

• Cookies and Tracking: Technical session and persistent cookies used strictly for user authentication, security, and persistence of user preferences.

1.3 Information From Third-Party Integrations

We may receive or sync information when you explicitly link third-party productivity suites to your Ascent HI account. The list below identifies each integration and clarifies whether it involves Google API Services, since Google-sourced data is subject to the additional Limited Use commitments in Section 5.

• Calendar systems (e.g., Microsoft Outlook, Google Calendar): used to display meeting schedules inside the Service. Note: Ascent HI's current Google integration is limited to Google Drive as described in Section 5; it does not request Google Calendar API scopes. If calendar sync with Google is enabled in the future, this policy will be updated before that scope is requested.

• Video conferencing applications (such as Zoom, Microsoft Teams, or Google Meet): used to ingest meeting audio/video for transcription. These integrations rely on each provider's own meeting-bot or webhook APIs, not Google OAuth scopes.

• Identity and Single Sign-On (SSO) providers: used to authenticate your sign-in. Where Google is used as an SSO provider, only the basic profile scopes described in Section 5.1 are requested.

• Google Drive: used to provide website users the capability to connect their Google Drive and select files for import or analysis, via the restricted drive.readonly scope as described in Section 5.

2. How We Use Your Information

We process and utilize your information under strict data minimization guidelines to:

• Deliver the Core Service: Process, transcribe, summarize, and analyze your authorized meeting content.

• Maintain and Enhance Features: Monitor technical performance and analyze usage patterns to debug errors and improve user experience.

• Communicate Vital Updates: Deliver critical system notifications, security alerts, administrative alerts, and dedicated customer support responses.

• Enforce Platform Security: Detect, investigate, and mitigate fraudulent behavior, unauthorized access, or policy violations.

• Regulatory Compliance: Adhere to legal obligations, statutory mandates, and lawful government requests.

3. Artificial Intelligence and Machine Learning Processing

Ascent HI leverages artificial intelligence (AI) and machine learning (ML) models to generate high-fidelity transcriptions, executive summaries, and action items.

• Infrastructure Security: All AI processing occurs inside heavily encrypted, sandboxed environments.

• Strict Feature Boundary: Data processing by AI is used exclusively to fulfill the user-directed feature (e.g., creating a meeting summary).

• No Model Training: We do NOT use your proprietary meeting text, audio, transcripts, or connected third-party data to train, optimize, or fine-tune public, commercial, or generalized AI models.

• Vendor Governance and Flow-Down: Any downstream sub-processors or AI API infrastructure providers (such as OpenAI) are bound by Data Processing Addendums (DPAs) that strictly prohibit data retention or use for model training purposes. This prohibition applies with equal force to any data originally obtained via Google API Services: our DPAs with AI sub-processors specifically incorporate the Google API Services User Data Policy's Limited Use requirements by reference, so a sub-processor may never use Google-sourced content for training or evaluation, even where our general no-training commitment would otherwise apply only at the Ascent HI level.

4. How We Share Your Information

Ascent HI does not sell, rent, trade, or monetize your personal information under any circumstances.

We only disclose data to third parties under these rigid constraints:

• Sub-Processors and Service Providers: We share specific data sets with trusted cloud vendors who maintain infrastructure essential to our operation (e.g., Amazon Web Services, Google Cloud Platform). All such vendors are strictly bound by confidentiality mandates and DPAs.

• Legal and Regulatory Mandates: We may disclose information if required to do so by a binding legal process, subpoena, or valid judicial order, or to protect the immediate safety and rights of our users or the general public.

• Corporate Transformations: In the event of an asset sale, corporate merger, consolidation, or restructuring, user records may be transferred as an operational asset, subject to the continuous protections outlined in this Privacy Policy.

5. Google API Services User Data Policy & OAuth Compliance

This section applies specifically to all data, metadata, and files obtained, accessed, or processed through your connection to Google API Services via our platform's OAuth integration. This section takes strict precedence over any generalized or conflicting terms found elsewhere in this policy.

5.1 Scope of Data Accessed via Google OAuth

Ascent HI requests access strictly through user-initiated OAuth consent prompts. As of the date of this policy, our application requests only the following scopes, and no others:

• Basic Profile Scopes: openid, userinfo.email, userinfo.profile — Classification: Non-sensitive. Used solely to verify your identity, provision your account, populate your profile name, and securely sign you into the platform.

• Restricted Google Drive Scope: drive.readonly — Classification: Restricted scope under Google's API Services User Data Policy. This scope allows our website users to connect to their Google Drive to browse, view, and select specific files or documents for import, meeting context, or transcription analysis directly inside the Ascent HI interface.

• Security review status: Because drive.readonly is a restricted scope, Ascent HI is committed to completing or maintaining Google's required Cloud Application Security Assessment (CASA) for this integration. Documentation of the current assessment is available to Google's API review team upon request and is renewed on the cadence Google's policy requires.

No other Google scopes are requested. In particular, Ascent HI's Calendar, video-conferencing, and SSO integrations described in Section 1.3 do not use the Google Calendar API, Google Meet API, or any other Google scope beyond those listed above. If that changes, this section will be updated, and re-consent will be obtained from users, before any new scope is requested.

5.2 Mechanics of Explicit User Action

Our system only accesses your Google Drive ecosystem following direct user intent. When you connect your Google Drive to our platform, the Service reads and lists your files inside our secure interface so that you can browse and select content for transcription or summary generation. We do not autonomously perform background scans or sync your drive contents without active, ongoing interaction or specific integration parameters initiated by you.

5.3 Google Limited Use Requirement Adherence

Ascent HI strictly adheres to the Google API Services User Data Policy, including the Limited Use requirements. Your data received from Google APIs is handled under these four absolute prohibitions:

• No Transfer for Advertising/Monetization: We do not transfer, sell, or disclose Google user data to third-party entities, advertising networks, data brokers, or data marketplaces.

• No Secondary Data Transfers: We do not transfer Google user data to any external parties unless doing so is strictly necessary to provide or improve user-facing features that are prominently disclosed and explicitly authorized by you. For example, if you choose to export or share a derived meeting summary to another connected task-management tool, the relevant excerpt may be passed to that tool only because you directly authorized that specific workflow — never as a routine background transfer.

• Absolute AI Training Prohibition: We do NOT use data, text, or files obtained via Google APIs to train, refine, or evaluate machine learning or artificial intelligence models. Google user data is completely excluded from any internal or external training or evaluation loops, including those operated by sub-processors (see Section 3).

• No Human Inspection: No employees, engineers, or contractors at Ascent HI are permitted to read or view your Google data, unless:

• We obtain your explicit, documented consent to review a specific file for a troubleshooting or support ticket;

• It is absolutely necessary for security forensics or fraud prevention; or

• We must comply with an unavoidable legal obligation.

5.4 Token Storage and Retention of Google Data

• Secure Token Handling: Access tokens and refresh tokens received from Google are stored in heavily locked-down environments using industry-standard database encryption (AES-256).

• Data Minimization: We do not maintain or cache permanent copies of your Google Drive files on our platform servers. Files viewed via the read-only connection live safely inside your Google ecosystem. Any file content or metadata transiently cached during active processing sessions is purged automatically when no longer needed to execute the active user feature.

• Backup Consistency: Because Google Drive file content is never cached permanently outside an active session, disaster-recovery backups do not contain copies of Google Drive file content. The 90-day backup-overwrite window described in Section 7 applies only to OAuth tokens and connection metadata that may transiently exist in backup snapshots, not to file content, which is never retained in the first place.

5.5 User Revocation and Data Deletion

You possess absolute control over your connection to Google API Services:

• Immediate Revocation: You can sever our platform's access instantly at any time via your Google Third-Party Security Permissions Page.

• In-App Disconnection: You can disconnect your Google Account inside the Ascent HI integration dashboard.

• Purge Execution: Upon user disconnection or account deletion, all associated Google OAuth tokens and linked session parameters are immediately and permanently erased from our active databases, and any residual copies in disaster-recovery backups are overwritten within the window described in Section 7.

6. Data Security Controls

We protect your data using an enterprise-grade security framework aligned with SOC 2 standards:

• Data in Transit: Encrypted universally using Transport Layer Security (TLS 1.3).

• Data at Rest: Encrypted completely using Advanced Encryption Standard (AES-256).

• Access Isolation: Strict role-based access controls (RBAC) paired with mandatory multi-factor authentication (MFA) for all production system administrators.

• Defensive Audits: Continuous 24/7 security logging, automated intrusion detection, and annual independent cryptographic penetration testing.

7. Data Retention & Erasure

We retain user records only for the duration required to provide active services or as mandated by applicable statutory retention laws. Upon a user's formal request or account termination, data is systematically overwritten or permanently dropped from active production systems. Residual fragments held within disaster-recovery backups — including OAuth tokens and connection metadata described in Section 5.4 — are entirely overwritten within a maximum window of 90 days.

8. Regional Privacy Rights (GDPR, CCPA, and International Transfers)

8.1 European Economic Area (EEA) & UK Users (GDPR Compliance)

If you reside within the EEA or UK, your data processing is grounded in explicit legal bases: the execution of our contract with you, our legitimate interests in securing our system, or your explicit consent. You possess the right to access, rectify, object to, or permanently erase your data, as well as data portability rights.

8.2 California Residents (CCPA/CPRA Compliance)

We confirm that we do not sell or “share” (for cross-contextual behavioral advertising) your personal data as defined under California privacy laws. California residents retain the right to request disclosure of collected data categories, request erasure, and do not face discriminatory service changes for exercising these choices.

9. Children's Privacy

Our platform is engineered exclusively for professionals and businesses, and our terms of service require account holders to be at least 18 years old. We do not knowingly market to or collect information from individuals under 18. This threshold is intentionally set above the general age thresholds used in children's privacy laws such as COPPA, reflecting that the Service is designed for business use rather than for use by minors. If we discover that a minor has provided us with personal information, we will immediately delete the records from our infrastructure.

10. Modifications to this Privacy Policy

We reserve the right to modify this Privacy Policy to ensure alignment with changing legal regulations or updated third-party platform rules (such as updates to Google's Developer Policies).

If we execute material updates, we will notify you by:

• Posting an alert inside the active application environment.

• Transmitting a direct advisory email to your registered account email.

• Refreshing the “Last Updated” date at the top of this page.

Material changes affecting Google API Services data use: Consistent with Section 5.1, any change that adds, removes, or alters the Google OAuth scopes we request will be reflected here and re-consented to by affected users before the new scope is used, separate from the general notice process above.

11. Contact & Regulatory Inquiry Information

For any questions, clarifications regarding our handling of data, or requests to exercise your data rights, please contact our privacy compliance team:

Email: privacy@ascenthi.com

Data Protection Officer: dpo@ascenthi.com

Corporate Website: ascenthi.com

Physical Address:

Ascent HI LLC

527 Mills Ave, Suite 102A

Greenville, SC 29605

United States

© 2026 Ascent HI LLC — hello@ascenthi.com