Your data,
your trust.

Ascentor ("we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform — including our website, mobile Progressive Web App (PWA), and all related services.

By creating an account or using Ascentor, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

• Account registration data — name, email address, password (hashed, never stored in plain text)
• Profile information — current role, goal role, industry, career summary, biggest challenge
• Onboarding responses — experience level, life stage (Explorer / Builder / Climber), mentorship goals
• Mentor application data — if you apply to become a mentor: LinkedIn URL, professional background, availability
• Community content — posts, replies, and upvotes you create in Mentorship Circles
• Payment information — billing cycle and plan selected; card details are processed by Paystack and never stored on Ascentor servers
• Referral codes — if you share or use a referral link
• Support communications — messages you send to our team

• Usage data — pages visited, features used, session duration, button clicks
• Device information — browser type, operating system, screen size, PWA install status
• Sage AI session data — your conversation inputs with our AI mentor and the responses generated
• Learning progress — video completion percentage, last playback position, completed courses
• Goal and commitment activity — 90-day goals created, milestones updated, commitments checked
• Expert session registrations — which sessions you register for and attend
• Push notification subscription data — device endpoint for delivering notifications (no personally identifiable data in the subscription itself)

• Google OAuth — if you sign in with Google, we receive your name and email address from Google. We do not receive your Google password or access to your Google account beyond authentication.
• Paystack — payment status and transaction reference for verifying subscription payments. We receive confirmation of payment, not your card details.

We use the information we collect for the following purposes, all of which are necessary to provide you with a meaningful mentorship experience:

When you start a Sage AI mentor session, your input is sent to Anthropic's API (claude-sonnet model) to generate a structured response. The following applies:

• Your Sage session inputs and AI responses are stored in our database (Supabase/PostgreSQL) linked to your user ID, so you can access your history.
• We do not use your Sage conversations to train AI models — neither our own nor Anthropic's.
• Anthropic processes your inputs under their own Privacy Policy and API Data Use terms. They do not use API inputs to train their models by default.
• Sage session data is only accessible to you (your history) and to our engineering team for debugging purposes, subject to strict access controls.
• You can request deletion of your Sage session history at any time by contacting us.

The four session types (Navigate a Challenge, Prep a Conversation, Weekly Reflection, Accountability Check) each use a distinct system prompt. Your session type selection is stored alongside your input and response.

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

• Service providers — Supabase (database & auth), Anthropic (AI processing), Paystack (payments), Vercel (hosting). Each is bound by data processing agreements.
• Other users — your display name, profile role, and community posts are visible to other Ascentor members within Mentorship Circles you join.
• Expert mentors — if you register for a live Expert Session, your name may be shared with the session host for facilitation purposes.
• Legal requirements — we may disclose information if required to do so by law, regulation, or valid legal process (e.g. court order).
• Business transfers — if Ascentor is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you in advance.
• With your explicit consent — for any other purpose not listed here, we will ask you first.

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

• Active account data — retained for the lifetime of your account.
• Sage session history — retained indefinitely unless you request deletion.
• Payment records — retained for 7 years to comply with financial regulations.
• Audit logs — retained for 12 months for security and compliance purposes.
• Deletion requests — processed within 30 days. After deletion, anonymised aggregate data (e.g. total sessions count) may be retained for analytics.
• Push notification subscriptions — deleted automatically when a device endpoint returns an expired or invalid response.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request deletion of your account and personal data. You can initiate this from Settings → Account → Delete Account, or by emailing us.
• Portability — request an export of your data in a machine-readable format.
• Restrict processing — request that we limit how we use your data in certain circumstances.
• Withdraw consent — where processing is based on consent (e.g. push notifications), you may withdraw it at any time without affecting prior processing.
• Opt out of marketing — you can unsubscribe from email communications at any time via the unsubscribe link or in your notification preferences.

To exercise any of these rights, contact us at hello@ascentorbi.com. We will respond within 30 days. We may need to verify your identity before processing your request.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our security measures include:

• Row-Level Security (RLS) on all database tables — users can only access their own data
• HTTPS/TLS encryption in transit across all endpoints
• Passwords hashed using Supabase Auth's bcrypt implementation — never stored in plain text
• Session-based authentication — payment and sensitive operations require a verified server-side session
• API route middleware — all sensitive API endpoints are protected and return 401 for unauthenticated requests
• Password re-authentication required for account changes — current password must be verified before updates
• Server-side validation — promotional codes and payment amounts validated server-side only
• Audit logs — sensitive actions (account deletion requests, plan changes) are logged

No system is 100% secure. If you discover a vulnerability, please report it responsibly to hello@ascentorbi.com. We are committed to addressing security issues promptly.

Ascentor uses cookies and similar technologies for the following purposes:

• Authentication cookies — set by Supabase Auth to maintain your logged-in session. These are strictly necessary and cannot be disabled.
• Preference cookies — to remember your notification preferences and UI settings.
• Analytics — we may use anonymised, aggregated analytics to understand platform usage. No advertising-based tracking is used.

We do not use third-party advertising cookies, cross-site tracking pixels, or any technology designed to track you across websites for advertising purposes.

Ascentor is designed to serve professionals from age 15 upward — our Explorer tier specifically targets students aged 15–22. For users under the age of 18:

• We recommend that parents or guardians review this Privacy Policy with their child before account creation.
• We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us at hello@ascentorbi.com and we will delete it promptly.
• Users between 13 and 18 use the platform under the assumption that a parent or guardian has reviewed and accepted these terms on their behalf.

Ascentor is based in Nigeria and primarily serves African professionals. However, our service providers (Supabase, Anthropic, Vercel) may process data in the United States and other countries.

Where data is transferred outside your country of residence, we ensure appropriate safeguards are in place through contractual agreements with our service providers that require them to protect your data to standards consistent with this policy.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the 'Last updated' date at the top of this page
• Send an in-app notification to all active users
• For significant changes, send an email notification to your registered email address

Your continued use of Ascentor after changes take effect constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:

We aim to respond to all privacy-related requests within 30 days.