Privacy & Trust

Plaintext in the database

Alex, as database admin, can technically read:

• Username, display name, saint icon
• Packing progress
• Photos you upload

Encrypted in your browser

Nobody can read without your password — including the database admin:

• 🔒 Journal entries (including rich text and drawings)
• 🔒 Talk notes from speakers
• 🔒 Private intentions

These are encrypted with a key derived from your password using PBKDF2 and AES-GCM, industry-standard cryptography. The encryption happens in your browser before anything is sent to the database. Even Alex, who owns the database, sees only scrambled text.

• Never read any plaintext personal content without your explicit permission
• Never share your data with anyone outside the group
• Never use your data for ads, tracking, or analytics
• Always log every admin action so you can see it
• Always let you export your data
• Always let you delete your account

These are trust promises, not technical guarantees. You can verify the audit log is real and view it at any time in your account settings.

• Export — download everything as ZIP, anytime
• Delete — delete account and all data, 7-day recovery window
• Audit — see every admin action on your account
• Privacy — choose what to share with other pilgrims
• Review the code — open source at github.com/ragerbanjoo/ascend

• Use your 12-word recovery phrase
• If you lose both password and phrase, encrypted content is gone forever
• Plaintext content can be recovered by Alex if needed
• Write down your recovery phrase. Screenshot it. Email it to yourself. Don't lose it.

alex@sjdyoungadults.com