Privacy Policy
PRIVACY POLICY
Effective Date: March 31, 2026
Ascendia Group LLC (“Ascendia”, “we”, “us”, or “our”) respects your privacy and is committed to protecting the Personal Data we process in connection with our Services. This Privacy Policy explains how Ascendia collects, uses, discloses, and protects Personal Data — including Full Name, Email Address, and Phone Number — and describes your rights and how to exercise them. This Privacy Policy is incorporated into and forms part of the Master Services Agreement.
P.1 SCOPE; RESPONSIBLE ENTITY; DEFINITIONS
P.1.1 Responsible Entity
Ascendia Group LLC | Dover, DE 19901, United States | privacy@ascendiagroup.ai
P.1.2 Scope
P.1.2.1 This Privacy Policy covers Personal Data collected through Ascendia-controlled websites, mobile applications, APIs, offline interactions, and third-party integrations where Ascendia acts as Controller. It does not govern third-party sites, applications, or services.
P.1.3 Definitions
P.1.3.1 Terms such as “Personal Data,” “Processing,” “Controller,” and “Processor” have the meanings given by applicable data protection laws including GDPR, PIPEDA, and CCPA/CPRA as applicable. Capitalized terms not defined here have the meanings given in the Master Services Agreement.
P.2 CATEGORIES OF PERSONAL DATA COLLECTED
P.2.1 Primary Identifiers
P.2.1.1 Full Name (first and last name, professional names); Email Address (primary and alternate); Phone Number (mobile and landline, SMS-capable numbers where relevant).
P.2.2 Additional Categories
P.2.2.1 Account and contact information (company, job title, mailing address); authentication and security data; transactional and billing data; support and communications records; usage and technical data (device identifiers, browser type, clickstream); marketing and preference data; enrichment and public data; and AI interaction data where AI-powered features are used.
P.3 SOURCES OF PERSONAL DATA
P.3.1 Directly from You. When you submit forms, register an account, contact support, make purchases, or otherwise provide information.
P.3.2 Automatically. Through cookies, tracking technologies, server logs, and analytics tools.
P.3.3 From Third Parties. From integrations, public sources, data enrichment providers, partners, and Affiliates.
P.3.4 From Service Providers. Vendors acting on Ascendia’s behalf.
P.4 PURPOSES OF PROCESSING AND LAWFUL BASES
P.4.1 Purposes
P.4.1.1 Ascendia processes Personal Data for: (a) provisioning Services and performing contracts; (b) account administration and authentication; (c) customer service and support; (d) transactional communications; (e) marketing where consented; (f) fraud prevention, security, and risk management; (g) analytics and service improvement; (h) legal and regulatory compliance; and (i) AI-powered service features where applicable.
P.4.2 Lawful Bases
P.4.2.1 Contract performance (to provide the Services); Consent (for marketing and optional processing); Legitimate interests (operational needs, fraud prevention) after balancing tests; and Legal obligations.
P.5 FORM SUBMISSIONS AND EXPRESS CONSENT
P.5.1.1 When you submit forms (contact forms, demo requests, intake forms), you expressly consent to Ascendia’s collection and processing of the Personal Data provided, consistent with this Privacy Policy.
P.5.2.1 By providing Email and Phone, you authorize Ascendia to contact you for the stated purposes (transactional or marketing where consented).
P.5.3.1 Ascendia retains records of consent including timestamp, IP address, and mechanism to demonstrate compliance.
P.5.4.1 You may withdraw consent at any time by contacting privacy@ascendiagroup.ai. Withdrawal will not affect the lawfulness of prior processing.
P.6 HOW PERSONAL DATA IS SHARED; PROCESSORS AND RECIPIENTS
P.6.1.1 Ascendia shares Personal Data with the following categories of recipients: (a) CRM and sales platform providers; (b) email and marketing automation providers; (c) SMS and telephony providers; (d) analytics providers; (e) hosting and cloud infrastructure providers; (f) payment processors; (g) identity verification and fraud prevention vendors; (h) artificial intelligence and automated processing service providers; (i) support platform providers; (j) professional advisors; and (k) business transaction parties.
P.6.2.1 Ascendia requires all processors to enter into Data Processing Agreements or equivalent contracts imposing processing limits, confidentiality, security measures, and assistance obligations. Cross-border transfers use Standard Contractual Clauses or equivalent safeguards where required.
P.6.3.1 Ascendia does not sell Personal Data for monetary consideration. Where any activity might constitute a “sale” or “share” under applicable law (including CCPA/CPRA), Ascendia will provide notice and an opt-out mechanism.
P.7 MARKETING CONSENT; OPT-IN AND OPT-OUT; COMPLIANCE
P.7.1.1 Ascendia obtains affirmative consent for marketing where required by law, using unchecked checkboxes, explicit subscribe interactions, or double opt-ins where applicable.
P.7.2.1 You may withdraw marketing consent via unsubscribe links in emails, by replying STOP to SMS messages, through account settings, or by contacting privacy@ascendiagroup.ai. Ascendia will act promptly on withdrawal requests.
P.7.3.1 Ascendia complies with TCPA for United States telephone and SMS marketing, CAN-SPAM for United States commercial email, CASL for Canadian commercial electronic messages (as further described in Section 5.5.3 of the Master Services Agreement), and applicable local law for other jurisdictions.
P.8 INDIVIDUAL RIGHTS AND PROCEDURES
P.8.1.1 Depending on your jurisdiction, you have rights including: access; rectification; erasure (right to be forgotten); restriction of processing; data portability; objection to processing; withdrawal of consent; and the right to lodge complaints with supervisory authorities.
P.8.2.1 Submit requests via privacy@ascendiagroup.ai, the webform on Ascendia’s website, or by postal mail to Ascendia Group, Attn: Privacy Requests, Dover, DE 19901.
P.8.3.1 Ascendia will respond to GDPR requests within one (1) month (extendable by two months for complex requests) and to CCPA requests within forty-five (45) days (with one permitted extension of forty-five (45) days). Ascendia will notify you of any extension and the reason.
P.8.4.1 Upon request, Ascendia will provide Personal Data in a structured, commonly used, machine-readable format.
P.9 DATA RETENTION; DELETION; ANONYMIZATION
P.9.1.1 Personal Data is retained only as long as needed for the purposes described and consistent with legal, tax, and regulatory obligations.
P.9.2.1 Illustrative Retention Periods. Accounts: while active and 3–7 years thereafter; Transactional records: 7 years; Support tickets: 3–7 years; Marketing data: until opt-out plus suppression list period; Logs and backups: per operational schedule.
P.9.2.2 Healthcare-Adjacent Data. Where Services are provided to healthcare providers and Personal Data relates to or is associated with patient records, retention periods are governed by applicable health privacy legislation — including HIPAA, Ontario’s PHIPA, or equivalent provincial legislation — and shall override the illustrative periods above where required by law. Clients in regulated healthcare sectors are responsible for communicating applicable retention requirements to Ascendia in writing.
P.9.3.1 When Personal Data is no longer required, Ascendia deletes, anonymizes, or aggregates it. Anonymized or aggregated datasets that are irreversibly de-identified are not treated as Personal Data.
P.10 SECURITY MEASURES
P.10.1.1 Ascendia implements technical and organizational measures to protect Personal Data, including encryption in transit and at rest, role-based access control, multi-factor authentication for privileged users, centralized logging and monitoring, intrusion detection, secure software development practices, and periodic vulnerability assessments.
P.10.2.1 Ascendia requires vendors and subprocessors to meet security and privacy standards and maintains contractual security requirements with all processors.
P.10.3.1 Ascendia will investigate security incidents, notify affected persons and authorities as required by applicable law, and provide information regarding the nature of any breach, categories of Personal Data involved, and remedial steps taken.
P.11 CALIFORNIA RESIDENTS — CCPA / CPRA RIGHTS
P.11.1.1 California residents have rights under CCPA/CPRA including the right to: know what Personal Data is collected and disclosed; delete Personal Data; correct inaccurate Personal Data; opt out of the sale or sharing of Personal Data; and receive non-discriminatory treatment for exercising these rights.
P.11.2.1 Submit CCPA requests via privacy@ascendiagroup.ai. Ascendia will verify requests and respond within legally required timeframes. California residents may designate an authorized agent with proof of authorization.
P.11.3.1 Ascendia does not sell Personal Data for monetary consideration.
P.12 EU / EEA — GDPR PROVISIONS
P.12.1.1 Ascendia relies on contract performance, consent, legitimate interests, or legal obligations as lawful bases for processing EU/EEA personal data, and documents legitimate interest assessments where applicable.
P.12.2.1 EU/EEA data subjects have the rights set out in Section P.8, including the right to lodge a complaint with their local supervisory authority.
P.12.3.1 Ascendia conducts Data Protection Impact Assessments for high-risk processing activities and implements appropriate mitigations.
P.12.4.1 Transfers from the EEA or UK to third countries are protected by Standard Contractual Clauses, Binding Corporate Rules, or adequacy decisions. Contact privacy@ascendiagroup.ai for transfer documentation.
P.12A CANADIAN PRIVACY RIGHTS — PIPEDA AND QUEBEC LAW 25
P.12A.1.1 Scope. Processing of Personal Data relating to Canadian residents is conducted in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Law 25 / Bill 64), as amended from time to time.
P.12A.2.1 PIPEDA Rights. Canadian individuals have the right to: (a) access their Personal Data held by Ascendia; (b) challenge the accuracy and completeness of their Personal Data and have it amended where appropriate; (c) withdraw consent to processing, subject to legal or contractual restrictions; and (d) submit complaints to the Office of the Privacy Commissioner of Canada (OPC).
P.12A.3.1 Quebec Law 25 Rights. Quebec residents additionally have the right to: (a) data portability — receiving Personal Data in a structured, commonly used format; (b) de-indexation or cessation of dissemination where applicable; and (c) be informed of automated decision-making that significantly affects them. Ascendia will conduct Privacy Impact Assessments for high-risk processing involving Quebec residents where required by Law 25.
P.12A.4.1 Cross-Border Transfers — Canada. Personal Data relating to Canadian individuals may be transferred to and processed in the United States or other jurisdictions outside Canada. Ascendia takes reasonable contractual and technical measures to protect such data. Canadian individuals acknowledge that
data transferred outside Canada may be subject to lawful access by foreign governments under applicable law.
P.12A.5.1 Contact — Canadian Privacy Matters. Canadian residents may direct privacy requests to privacy@ascendiagroup.ai. Complaints may be submitted to the Office of the Privacy Commissioner of Canada at www.priv.gc.ca, or for Quebec residents, to the Commission d’accès à l’information (CAI) at www.cai.gouv.qc.ca.
P.13 COOKIES; TRACKING; OPT-OUT
P.13.1.1 Ascendia uses Strictly Necessary, Performance/Analytics, Functionality, and Advertising/Targeting cookies on its controlled websites. A cookie banner and preference centre allow users to consent to or reject non-essential cookies.
P.13.2.1 Third parties may set cookies or use tracking pixels on Ascendia’s sites. Ascendia does not control these and recommends reviewing third-party privacy policies.
P.13.3.1 Ascendia’s services do not currently respond to browser Do Not Track signals.
P.14 AUTOMATED DECISION-MAKING AND PROFILING
P.14.1.1 Ascendia may use automated processing, including profiling, to personalize Services, detect fraud, and conduct analytics. Where automated decisions produce legal effects or similarly significant effects, Ascendia will provide meaningful information about the logic involved and permit rights to human review where required by applicable law.
P.15 INTERNATIONAL TRANSFERS AND SAFEGUARDS
P.15.1.1 Cross-border transfers are protected by Standard Contractual Clauses, Binding Corporate Rules, or equivalent safeguards. Ascendia adopts additional technical and organizational safeguards where required by applicable law.
P.15.2.1 Ascendia will comply with applicable data localization obligations and will inform affected data subjects of any significant limitations on processing arising from such obligations.
P.16 CHILDREN’S PRIVACY
P.16.1.1 The Services are not intended for children under the age of thirteen (13). Ascendia does not knowingly collect Personal Data from children under the applicable minimum age without parental consent. If Ascendia becomes aware of such collection, it will take prompt steps to delete the data and, where required, notify applicable authorities.
P.17 CHANGES TO THIS PRIVACY POLICY
P.17.1.1 Ascendia may modify this Privacy Policy from time to time. Material changes will be communicated by posting an updated Effective Date on the relevant site and, where required by law, by direct notice to affected individuals. Continued use of the Services after notice of changes constitutes acceptance of the updated Privacy Policy.
P.18 CONTACT; DATA SUBJECT REQUESTS; SUPERVISORY AUTHORITIES
P.18.1.1 Ascendia requests that data subjects contact privacy@ascendiagroup.ai in the first instance so that Ascendia may attempt to resolve concerns directly before a complaint is submitted to a supervisory authority.
P.18.1.2 This Privacy Policy is incorporated into and governed by the Master Services Agreement. For conflicts on privacy matters, this Privacy Policy governs to the extent of the inconsistency.