Privacy Policy

Last Updated: June 18, 2026

Your privacy matters to us. This Privacy Policy explains how Ascent HI (“we,” “our,” or “us”)

collects, uses, shares, and protects your personal information when you use our website,

applications, meeting intelligence platform, and associated services (collectively, the “Service”).

By using our Service, you agree to the collection and use of information in accordance with this

policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Information You Provide Directly

● Account Information: Name, email address, password, and organizational details used

for account creation, identity verification, and authentication.

● Meeting Content: Audio files, video recordings, live streams, transcripts, and uploaded

documents provided by you to enable our core transcription, summarization, and analysis

services.

● Payment Information: Credit card details and billing addresses. All payments are

securely handled via certified third-party payment processors (e.g., Stripe); we do not

store raw card credentials on our servers.

● Communications: Support requests, feedback, emails, or messages sent directly to our

team.

1.2 Information Collected Automatically

When you interact with our Service, we automatically record:

● Device Information: Browser type, operating system, device identifiers, and IP

addresses.

● Usage Data: Specific features utilized, time spent on pages, user flows, interaction

patterns, access times, and referring URLs.

● Cookies and Tracking: Technical session and persistent cookies used strictly for user

authentication, security, and persistence of user preferences.

1.3 Information From Third-Party Integrations

We may receive or sync information when you explicitly link third-party productivity suites to

your Ascent HI account. The list below identifies each integration and clarifies whether it

involves Google API Services, since Google-sourced data is subject to the additional Limited

Use commitments in Section 5.

● Calendar systems (e.g., Microsoft Outlook, Google Calendar): used to display

meeting schedules inside the Service. Note: Ascent HI's current Google integration is

limited to Google Drive as described in Section 5; it does not request Google Calendar

API scopes. If calendar sync with Google is enabled in the future, this policy will be

updated before that scope is requested.

● Video conferencing applications (such as Zoom, Microsoft Teams, or Google Meet):

used to ingest meeting audio/video for transcription. These integrations rely on each

provider's own meeting-bot or webhook APIs, not Google OAuth scopes.

● Identity and Single Sign-On (SSO) providers: used to authenticate your sign-in. Where

Google is used as an SSO provider, only the basic profile scopes described in Section 5.1

are requested.

● Google Drive: used to provide website users the capability to connect their Google Drive

and select files for import or analysis, via the restricted drive.readonly scope as described

in Section 5.

2. How We Use Your Information

We process and utilize your information under strict data minimization guidelines to:

● Deliver the Core Service: Process, transcribe, summarize, and analyze your authorized

meeting content.

● Maintain and Enhance Features: Monitor technical performance and analyze usage

patterns to debug errors and improve user experience.

● Communicate Vital Updates: Deliver critical system notifications, security alerts,

administrative alerts, and dedicated customer support responses.

● Enforce Platform Security: Detect, investigate, and mitigate fraudulent behavior,

unauthorized access, or policy violations.

● Regulatory Compliance: Adhere to legal obligations, statutory mandates, and lawful

government requests.

3. Artificial Intelligence and Machine Learning

Processing

Ascent HI leverages artificial intelligence (AI) and machine learning (ML) models to generate

high-fidelity transcriptions, executive summaries, and action items.

● Infrastructure Security: All AI processing occurs inside heavily encrypted, sandboxed

environments.

● Strict Feature Boundary: Data processing by AI is used exclusively to fulfill the

user-directed feature (e.g., creating a meeting summary).

● No Model Training: We do NOT use your proprietary meeting text, audio, transcripts, or

connected third-party data to train, optimize, or fine-tune public, commercial, or

generalized AI models.

● Vendor Governance and Flow-Down: Any downstream sub-processors or AI API

infrastructure providers (such as OpenAI) are bound by Data Processing Addendums

(DPAs) that strictly prohibit data retention or use for model training purposes. This

prohibition applies with equal force to any data originally obtained via Google API

Services: our DPAs with AI sub-processors specifically incorporate the Google API

Services User Data Policy's Limited Use requirements by reference, so a sub-processor

may never use Google-sourced content for training or evaluation, even where our general

no-training commitment would otherwise apply only at the Ascent HI level.

4. How We Share Your Information

Ascent HI does not sell, rent, trade, or monetize your personal information under any

circumstances.

We only disclose data to third parties under these rigid constraints:

● Sub-Processors and Service Providers: We share specific data sets with trusted cloud

vendors who maintain infrastructure essential to our operation (e.g., Amazon Web

Services, Google Cloud Platform). All such vendors are strictly bound by confidentiality

mandates and DPAs.

● Legal and Regulatory Mandates: We may disclose information if required to do so by a

binding legal process, subpoena, or valid judicial order, or to protect the immediate safety

and rights of our users or the general public.

● Corporate Transformations: In the event of an asset sale, corporate merger,

consolidation, or restructuring, user records may be transferred as an operational asset,

subject to the continuous protections outlined in this Privacy Policy.

5. Google API Services User Data Policy & OAuth

Compliance

This section applies specifically to all data, metadata, and files obtained, accessed, or

processed through your connection to Google API Services via our platform's OAuth integration.

This section takes strict precedence over any generalized or conflicting terms found elsewhere

in this policy.

5.1 Scope of Data Accessed via Google OAuth

Ascent HI requests access strictly through user-initiated OAuth consent prompts. As of the date

of this policy, our application requests only the following scopes, and no others:

● Basic Profile Scopes: openid, userinfo.email, userinfo.profile — Classification:

Non-sensitive. Used solely to verify your identity, provision your account, populate your

profile name, and securely sign you into the platform.

● Restricted Google Drive Scope: drive.readonly — Classification: Restricted scope

under Google's API Services User Data Policy. This scope allows our website users to

connect to their Google Drive to browse, view, and select specific files or documents for

import, meeting context, or transcription analysis directly inside the Ascent HI interface.

● Security review status: Because drive.readonly is a restricted scope, Ascent HI is

committed to completing or maintaining Google's required Cloud Application Security

Assessment (CASA) for this integration. Documentation of the current assessment is

available to Google's API review team upon request and is renewed on the cadence

Google's policy requires.

No other Google scopes are requested. In particular, Ascent HI's Calendar, video-conferencing,

and SSO integrations described in Section 1.3 do not use the Google Calendar API, Google

Meet API, or any other Google scope beyond those listed above. If that changes, this section

will be updated, and re-consent will be obtained from users, before any new scope is requested.

5.2 Mechanics of Explicit User Action

Our system only accesses your Google Drive ecosystem following direct user intent. When you

connect your Google Drive to our platform, the Service reads and lists your files inside our

secure interface so that you can browse and select content for transcription or summary

generation. We do not autonomously perform background scans or sync your drive contents

without active, ongoing interaction or specific integration parameters initiated by you.

5.3 Google Limited Use Requirement Adherence

Ascent HI strictly adheres to the Google API Services User Data Policy, including the Limited

Use requirements. Your data received from Google APIs is handled under these four absolute

prohibitions:

● No Transfer for Advertising/Monetization: We do not transfer, sell, or disclose Google

user data to third-party entities, advertising networks, data brokers, or data marketplaces.

● No Secondary Data Transfers: We do not transfer Google user data to any external

parties unless doing so is strictly necessary to provide or improve user-facing features

that are prominently disclosed and explicitly authorized by you. For example, if you

choose to export or share a derived meeting summary to another connected

task-management tool, the relevant excerpt may be passed to that tool only because you

directly authorized that specific workflow — never as a routine background transfer.

● Absolute AI Training Prohibition: We do NOT use data, text, or files obtained via

Google APIs to train, refine, or evaluate machine learning or artificial intelligence models.

Google user data is completely excluded from any internal or external training or

evaluation loops, including those operated by sub-processors (see Section 3).

● No Human Inspection: No employees, engineers, or contractors at Ascent HI are

permitted to read or view your Google data, unless:

○ We obtain your explicit, documented consent to review a specific file for a

troubleshooting or support ticket;

○ It is absolutely necessary for security forensics or fraud prevention; or

○ We must comply with an unavoidable legal obligation.

5.4 Token Storage and Retention of Google Data

● Secure Token Handling: Access tokens and refresh tokens received from Google are

stored in heavily locked-down environments using industry-standard database encryption

(AES-256).

● Data Minimization: We do not maintain or cache permanent copies of your Google Drive

files on our platform servers. Files viewed via the read-only connection live safely inside

your Google ecosystem. Any file content or metadata transiently cached during active

processing sessions is purged automatically when no longer needed to execute the active

user feature.

● Backup Consistency: Because Google Drive file content is never cached permanently

outside an active session, disaster-recovery backups do not contain copies of Google

Drive file content. The 90-day backup-overwrite window described in Section 7 applies

only to OAuth tokens and connection metadata that may transiently exist in backup

snapshots, not to file content, which is never retained in the first place.

5.5 User Revocation and Data Deletion

You possess absolute control over your connection to Google API Services:

● Immediate Revocation: You can sever our platform's access instantly at any time via

your Google Third-Party Security Permissions Page.

● In-App Disconnection: You can disconnect your Google Account inside the Ascent HI

integration dashboard.

● Purge Execution: Upon user disconnection or account deletion, all associated Google

OAuth tokens and linked session parameters are immediately and permanently erased

from our active databases, and any residual copies in disaster-recovery backups are

overwritten within the window described in Section 7.

6. Data Security Controls

We protect your data using an enterprise-grade security framework aligned with SOC 2

standards:

● Data in Transit: Encrypted universally using Transport Layer Security (TLS 1.3).

● Data at Rest: Encrypted completely using Advanced Encryption Standard (AES-256).

● Access Isolation: Strict role-based access controls (RBAC) paired with mandatory

multi-factor authentication (MFA) for all production system administrators.

● Defensive Audits: Continuous 24/7 security logging, automated intrusion detection, and

annual independent cryptographic penetration testing.

7. Data Retention & Erasure

We retain user records only for the duration required to provide active services or as mandated

by applicable statutory retention laws. Upon a user's formal request or account termination, data

is systematically overwritten or permanently dropped from active production systems. Residual

fragments held within disaster-recovery backups — including OAuth tokens and connection

metadata described in Section 5.4 — are entirely overwritten within a maximum window of 90

days.

8. Regional Privacy Rights (GDPR, CCPA, and

International Transfers)

8.1 European Economic Area (EEA) & UK Users (GDPR Compliance)

If you reside within the EEA or UK, your data processing is grounded in explicit legal bases: the

execution of our contract with you, our legitimate interests in securing our system, or your

explicit consent. You possess the right to access, rectify, object to, or permanently erase your

data, as well as data portability rights.

8.2 California Residents (CCPA/CPRA Compliance)

We confirm that we do not sell or “share” (for cross-contextual behavioral advertising) your

personal data as defined under California privacy laws. California residents retain the right to

request disclosure of collected data categories, request erasure, and do not face discriminatory

service changes for exercising these choices.

9. Children's Privacy

Our platform is engineered exclusively for professionals and businesses, and our terms of

service require account holders to be at least 18 years old. We do not knowingly market to or

collect information from individuals under 18. This threshold is intentionally set above the

general age thresholds used in children's privacy laws such as COPPA, reflecting that the

Service is designed for business use rather than for use by minors. If we discover that a minor

has provided us with personal information, we will immediately delete the records from our

infrastructure.

10. Modifications to this Privacy Policy

We reserve the right to modify this Privacy Policy to ensure alignment with changing legal

regulations or updated third-party platform rules (such as updates to Google's Developer

Policies).

If we execute material updates, we will notify you by:

● Posting an alert inside the active application environment.

● Transmitting a direct advisory email to your registered account email.

● Refreshing the “Last Updated” date at the top of this page.

Material changes affecting Google API Services data use: Consistent with Section 5.1, any

change that adds, removes, or alters the Google OAuth scopes we request will be reflected

here and re-consented to by affected users before the new scope is used, separate from the

general notice process above.

11. Contact & Regulatory Inquiry Information

For any questions, clarifications regarding our handling of data, or requests to exercise your

data rights, please contact our privacy compliance team:

Email: privacy@ascenthi.com

Data Protection Officer: dpo@ascenthi.com

Corporate Website: ascenthi.com

Physical Address:

Ascent HI LLC

527 Mills Ave, Suite 102A

Greenville, SC 29605

United States