Privacy notice.

1. Who we are

Hindsight is operated by Hindsight Intelligence Pvt. Ltd. (a company being incorporated in India), with registered office in Mumbai. For any data question, write to [email protected].

2. What data we collect

• Account data: name, email, MFA secret (encrypted)
• Connected accounts: OAuth tokens (encrypted), email address(es), provider scopes granted
• Email body and metadata: limited to messages your connected accounts contain, parsed and stored in our database
• Derived financial data: transactions, vendors, recurring patterns, insights, tax classifications, forecasts
• Usage telemetry: pages visited, actions taken, in aggregate via Plausible (no IP, no fingerprinting, no third-party cookies)

3. Lawful basis and purpose

We process your data on the basis of your consent, granted at sign-up and renewed at each privileged scope grant. The purpose is strictly to deliver the Hindsight product to you: parse your email, build your ledger, detect patterns, generate insights, send reminders.

We do not process for advertising, profiling, scoring, or any secondary purpose.

4. Your rights under DPDP

• Right to access your data: in-product export from /app/settings/export anytime
• Right to correct or update: edit any transaction, vendor, classification from the app
• Right to erasure: full deletion from /app/settings/delete-account, completed within 30 days from primary storage and 90 days from backups
• Right to grievance redressal: write to [email protected]. Initial response within 24 hours, resolution within 30 days.

5. Subprocessors

Complete list at /security.

6. Children

Hindsight is not designed for or marketed to anyone under 18 and we do not knowingly collect data from children.

7. Changes

Material changes to this notice are sent by email to your registered address at least 30 days before they take effect.