This Privacy Policy explains how the Ascent web application (the “App”, “we”, “us”) collects, uses, stores, and protects information when you use it, and your rights. The App is an independent, free, personal-use analytics dashboard for your own Strava data and is not affiliated with, endorsed by, or sponsored by Strava, Inc. By connecting your Strava account and using the App, you consent to the practices described here. If you do not agree, do not use the App.
The App is operated by the individual who deployed it (the “Operator”), who acts as data controller for the limited processing described below. Strava, Inc. is a separate, independent controller of the data it holds about you. Contact for privacy matters: doniwirawan166@gmail.com.
We process your data on the basis of your consent, which you give by authorizing the App through Strava’s OAuth and by using the features you choose. You may withdraw consent at any time (see “Your choices & rights” and “Retention & deletion” below). Where applicable law requires another basis (e.g., our legitimate interest in operating and securing the App), we rely on it to the minimum extent necessary.
With your authorization, the App accesses data associated with your Strava account, which may include:
The OAuth scopes requested are read, activity:read_all, profile:read_all, and activity:write. activity:write is used only when you explicitly choose to reassign gear on selected activities. We do not collect your Strava password, payment information, or any special-category data beyond what your activities inherently contain (e.g., heart rate, location), which you choose to share.
We do not sell, rent, trade, or share your personal data for advertising or marketing, and we do not use it to build profiles for third parties or for any purpose unrelated to operating the features you use.
localStorage): OAuth access/refresh tokens, your preferences (units, sport mode, last page viewed), and a copy of your recent activities.We do not keep a copy of your activity data, or your access/refresh tokens, on any server. All processing and caching happens in your browser; the App is a static site with no application database for your data. Your tokens are stored only in your browser and are sent directly from your browser to Strava’s API.
OAuth exchange. The one server-side step is a small serverless function that completes Strava’s OAuth token exchange and refresh. It exists so the App’s confidential Strava client secret stays on the server and is never exposed in your browser. When you connect (or your token is refreshed), your authorization code or refresh token passes transiently through this function to Strava and the resulting tokens are returned to your browser; the function does not store your code, tokens, or activity data. We never receive or store your Strava password.
The App relies on the following third parties, each governed by its own privacy policy and terms:
We are not responsible for the independent practices of these providers.
The App uses Google Analytics (gtag.js) to understand aggregate, largely anonymous usage — such as page views and basic device, browser and approximate region information — so we can improve the App. This may set cookies and share that usage data with Google, governed by Google’s Privacy Policy. Your Strava activity data and tokens are not sent to Google Analytics — they stay in your browser. We do not use advertising cookies and we do not sell your data. You can opt out via your browser settings, a tracker-blocking extension, or Google’s opt-out add-on.
Our providers may process and store data on servers located in countries other than your own, which may have different data-protection laws. By using the App you consent to such international processing.
Subject to applicable law (which may include Indonesia’s Personal Data Protection Law, the EU/UK GDPR, or the CCPA), you may have the right to access, correct, delete, restrict, or object to the processing of your personal data, to withdraw consent, to data portability, and to lodge a complaint with your data-protection authority. To exercise these rights, contact us at the email below. Note that much of your data can be controlled directly through Strava and through your browser.
The App is not directed to children below the minimum age required to hold a Strava account in their jurisdiction, and we do not knowingly collect their data. If you believe a child has used the App, contact us.
We use reasonable technical measures to help protect data: your data and tokens stay in your browser (no server-side data store), the App’s confidential Strava client secret is kept server-side and never shipped to the browser, and traffic uses HTTPS. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You use the App at your own risk, as further described in our Terms of Service. In the event of a data incident, we will take reasonable steps and provide any notices required by applicable law.
We may update this Policy from time to time by posting a revised version with a new “Last updated” date. Your continued use of the App after changes constitutes acceptance of the updated Policy.