Ascend LogoAscend

Privacy Policy

Effective Date: April 1, 2026

Aneva LLC ("we," "us," or "our") operates the Ascend SaaS application for the Microsoft 365 platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and visit our website at myascend.io.

1. Information We Collect

1.1 Account & Identity Data

Ascend authenticates users exclusively through Microsoft Entra ID (formerly Azure AD) single sign-on. We receive and store:

  • Display name, email address, and user principal name
  • Microsoft user ID and organization membership
  • Job title and department (as provided by your directory)
  • Account enabled/disabled status

We do not collect or store passwords. Authentication is handled entirely by Microsoft's identity platform.

1.2 Microsoft 365 Data

With your organization's consent, Ascend accesses Microsoft 365 data via the Microsoft Graph API to deliver its core functionality:

  • Email: Message metadata, subject lines, body content, sender/recipient information, and attachments for AI classification and prioritization
  • Tasks: Microsoft To Do task lists, task details, subtasks, due dates, and completion status for two-way synchronization
  • Calendar: Calendar events, attendees, meeting details, and availability for scheduling features
  • Contacts: Address book entries for email composition and meeting attendee resolution

1.3 AI-Processed Data

Ascend uses enterprise-grade AI services to provide intelligent features including email classification, task creation, smart suggestions, and knowledge base retrieval. Data sent to our AI providers includes:

  • Email content for classification and summarization
  • Task descriptions for priority detection and step generation
  • Conversational context for AI assistant interactions
  • Knowledge base documents for retrieval-augmented generation (RAG)

AI processing occurs within secure cloud infrastructure. Your data is not used to train or improve third-party AI models.

1.4 Knowledge Base Documents

Organization administrators may upload documents to Ascend's knowledge base. These documents are stored in encrypted cloud storage and indexed in a vector database for AI-powered retrieval. All knowledge base data is isolated by organization.

1.5 Usage & Analytics Data

We may collect anonymized usage analytics to improve our service, including page views, feature usage patterns, and performance metrics. We use a privacy-focused analytics platform that does not use cookies or collect personally identifiable information.

2. How We Use Your Information

  • Service Delivery: To provide Ascend's core features — email prioritization, task management, calendar scheduling, AI assistance, and KPI tracking
  • Microsoft 365 Synchronization: To maintain two-way sync between Ascend and your Microsoft 365 environment
  • AI Features: To generate intelligent classifications, summaries, task suggestions, and knowledge base responses
  • Notifications: To deliver actionable alerts and summaries based on your email and task activity
  • Security & Compliance: To maintain audit logs, enforce role-based access controls, and detect unauthorized access
  • Service Improvement: To analyze aggregate usage patterns and improve platform performance and features

3. Multi-Tenant Data Isolation

Ascend is a multi-tenant platform with strict data isolation between organizations:

  • All data queries are scoped to your organization at both the middleware and service level
  • Knowledge base documents, AI conversations, tasks, and notifications are isolated by organization ID
  • Role-based access control (RBAC) enforces granular permissions within each organization
  • Cross-tenant data access is architecturally prevented through mandatory organization scoping on all data operations

4. Data Storage & Security

4.1 Infrastructure

Ascend's infrastructure is hosted on enterprise-grade cloud platforms. Data is stored across:

  • Relational databases for structured data (user profiles, tasks, settings)
  • Document databases for flexible data storage
  • Encrypted cloud storage for uploaded files and knowledge base documents
  • Vector databases for AI-powered search and retrieval
  • In-memory caching for session management (with automatic expiration)

4.2 Security Measures

  • All data in transit is encrypted via TLS 1.2+
  • Authentication exclusively via Microsoft Entra ID SSO
  • Asymmetric encryption for sensitive administrative operations
  • Industry-standard security headers (CSP, HSTS, X-Frame-Options)
  • Firewall rules restricting access to essential ports only
  • Automated intrusion detection and brute-force protection
  • Security audit logging for administrative actions
  • Short-lived permission caching with token-based session management

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only with:

  • Microsoft: Via the Graph API for Microsoft 365 integration (email, tasks, calendar, directory sync)
  • AI Service Providers: For AI-powered features (email classification, task generation, knowledge base retrieval). Processed within secure cloud infrastructure; not used for model training.
  • Infrastructure Providers: Cloud hosting and managed database services for platform infrastructure

We may disclose information if required by law, regulation, legal process, or governmental request.

6. Data Retention

  • Account Data: Retained while your organization maintains an active subscription. Deleted upon account termination and completion of any required retention period.
  • Microsoft 365 Data: Cached and synchronized data is refreshed continuously. Historical data is retained only as needed for platform features (task history, notification archives).
  • AI Conversations: Retained for session continuity. Conversation history can be cleared by the user at any time.
  • Knowledge Base Documents: Retained until deleted by an organization administrator.
  • Audit Logs: Security audit logs are retained for compliance purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal obligations)
  • Object to or restrict certain processing activities
  • Receive your data in a portable format
  • Withdraw consent where processing is based on consent

Since Ascend authenticates via Microsoft Entra ID, many identity data changes (name, email, job title) should be made in your organization's Microsoft 365 admin center. Changes will sync to Ascend automatically during directory synchronization.

To exercise any of these rights, contact us at support@aneva.io.

8. Cookies

Ascend does not use tracking cookies. Session management is handled via secure tokens stored in the browser. Our analytics provider is cookie-free and does not track individual users across sessions.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Your continued use of Ascend after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Aneva LLC
Email: support@aneva.io