Privacy & Security

We only collect what is necessary to run your trust group. This includes:

• Your name and email address (from Google Sign-In or registration)
• Optional profile details you choose to fill in: website, business summary, phone, industry
• Your monthly check-in responses: work/personal highs and lows, emotions, goals, discoveries
• Meeting attendance and calendar events within your group
• Push notification subscription tokens (to send you alerts)

We do not collect financial data, government IDs, location data, or any information outside what you explicitly provide.

Every piece of data — check-ins, goals, attendance, insights — is tagged to your specific group. No member of another group can access your data, and we enforce this at the database level on every API call.

• Members only see data from their own group
• Group admins can see their group's submissions and attendance — not those of any other group
• The platform operator (super admin) can only see group names and member counts — not check-ins, goals, birthdays, or any internal group content

TrustGroup uses Claude (by Anthropic) to generate insights from your check-in data.

• AI analysis is triggered only when you view the Insights page or click on a discovery card
• Only your group's check-in data is sent to Claude — it is not combined with any other group's data
• We use Anthropic's API under their standard data processing terms. Anthropic does not use API inputs to train models by default
• AI-generated insights are cached so your data is sent as infrequently as possible
• No raw personal identifiers (like email addresses) are included in AI prompts — only the content of responses

How We Store and Protect Your Data

• All data is stored in a PostgreSQL database on Neon — a SOC 2 compliant cloud database provider
• All traffic is encrypted in transit via HTTPS/TLS
• Authentication uses Google OAuth 2.0 — we never store your Google password
• Sessions are server-side and expire automatically
• The platform is hosted on Vercel, which provides DDoS protection and edge security
• Database credentials and API keys are stored as encrypted environment variables — never in code

• Check-in summary emails are sent only to you after you submit — no one else receives your individual summary
• Group-level insight emails are sent to all members of your group
• Push notifications are delivered only to members of your group for relevant events (goal updates, new check-ins)
• We use Resend for email delivery. Emails are sent from notifications@ascentcheckins.com
• You can disable push notifications at any time from your browser or device settings

• You can edit your profile at any time from the Members page
• You can edit a submitted check-in before the next meeting cycle
• Your group admin can export group data (for record-keeping)
• You can request deletion of your account and all associated data by emailing us

You have the right to request deletion of your personal data at any time.

To delete your account and all associated data, email us at hello@ascentcheckins.com with the subject "Delete my account". We will process your request within 7 business days.

Note: If you are part of a group, your check-in history may remain in the group's records even after your account is deleted, unless you request full erasure.