Privacy Policy
Last updated: 2026-05-18
This Privacy Policy describes how Hindsight ("we", "us", "our") collects, uses, and shares information when you use the Hindsight mobile application (the "App") and related services at gethindsightapp.com.
Hindsight is operated by Ryan Walker as a sole proprietorship in California, USA. Contact: hello@gethindsightapp.com.
Information We Collect
Information You Provide
- Account details. When you create an account, we collect your email address and a hashed password (managed by Supabase Auth, our authentication provider).
- Trade data. Every trade you log in the App (symbol, asset type, direction, prices, quantity, dates, P&L, strategy and mental-state tags, and any notes you write) is stored on our servers. This is the core data the App is built to manage.
- Broker connection metadata (only if you connect a broker via the optional Pro feature). We store an opaque identifier and secret returned by SnapTrade, our brokerage data provider. We do not store your broker login credentials. SnapTrade handles the broker authentication directly.
- Support correspondence. If you email us, we keep a record of your message and our reply.
Information Collected Automatically
- Crash and performance data. We use Sentry to capture errors and performance traces so we can fix bugs. Sentry events are scrubbed of trade content (symbols, P&L, notes) before being sent. Sentry receives a device identifier and OS version so we can correlate reports.
- Authentication metadata. Supabase Auth records sign-in timestamps, IP addresses, and refresh-token rotation events as part of standard session management.
- Marketing-website analytics and advertising pixels (gethindsightapp.com only). When you visit our marketing website we use Google Analytics, Google Ads, the Meta Pixel, and the Meta Conversions API to measure campaign performance, build advertising audiences, and retarget visitors who have engaged with our site. These services receive page views, device type, browser type, approximate location derived from IP address (city / region), referral source, and engagement events such as starting signup. The Hindsight mobile app itself does not contain these pixels.
Information We Do Not Collect
- We do not collect your real name unless you choose to provide it in support correspondence.
- We do not collect your precise geolocation.
- We do not collect your contacts, photo library, microphone audio, or browsing history outside our marketing website.
- The Hindsight mobile app does not contain advertising identifiers or third-party advertising SDKs.
How We Use Your Information
- To run the App and the features you use (logging trades, calculating P&L, generating insights, exporting your data).
- To send transactional email (account confirmation, password resets, the optional Weekly Deep Analysis Recap for Pro users).
- To respond to support requests.
- To diagnose and fix bugs (via Sentry crash reports).
- To prevent abuse (rate limiting, fraud detection on subscription purchases).
We do not use your trade data to train any AI model. The Weekly Deep Analysis Recap (Pro feature) sends a summary of your trades to Anthropic to generate the review text; that data is processed under Anthropic's no-training-on-API-content policy. See the AI section below.
Who We Share Information With
We share information only with the service providers that make Hindsight work, and only the data each one needs:
- Supabase. Receives account data and trade data, encrypted at rest. Used for database and authentication.
- Resend. Receives your email address and email content. Used for transactional email delivery.
- Sentry. Receives scrubbed crash and performance events. Used for bug tracking.
- Apple. Receives subscription state via the App Store. Used for in-app purchases.
- RevenueCat. Receives subscription state and an anonymous user identifier. Used for subscription management.
- SnapTrade (Pro only). Receives a pseudonymous user ID and no personal information. Used for broker connection and trade sync.
- Anthropic (Pro only). Receives a summary of your trades for the Weekly Deep Analysis Recap. Used to generate the review.
- Google (marketing website only). Google Analytics and Google Ads receive interactions with our marketing website (page views, referral source, engagement events, approximate location from IP, device and browser type) to measure campaign performance, build advertising audiences, and retarget visitors. Google may combine this with data it holds from other sites and services it operates. This activity qualifies as "sharing" for cross-context behavioral advertising under the CCPA.
- Meta (marketing website only). The Meta Pixel and Meta Conversions API send the same categories of marketing-website interaction data to Meta Platforms, Inc., to measure ad campaign performance on Facebook and Instagram, build audiences, and retarget visitors. Meta may combine this with data from other Meta-owned services. This activity qualifies as "sharing" for cross-context behavioral advertising under the CCPA.
The Hindsight mobile app does not include Google Analytics, Google Ads, the Meta Pixel, the Meta Conversions API, or any other third-party advertising or cross-app tracking SDK. Only the marketing website at gethindsightapp.com loads those tags.
- Anthropic (Pro only). Receives a summary of your trades for the Weekly Deep Analysis Recap. Used to generate the review.
We do not sell your information to anyone.
We may disclose information if required by law (subpoena, court order, etc.) or to protect Hindsight against fraud or security threats.
How Long We Keep Your Information
- While your account is active: indefinitely, so the App works.
- After you delete your account: all your trade data, notes, tags, and broker connections are immediately and permanently deleted. We retain a minimal record of the deletion (timestamp, anonymous account ID) for 30 days for fraud prevention, then it is purged.
- Crash data in Sentry: automatically deleted after 90 days.
- Email correspondence: retained for up to 2 years, then deleted.
Your Rights
You can:
- Access your data. Your trade ledger PDF export in the App returns everything we have on the trade side. Email us if you want a fuller export.
- Correct your data. Every field in the App is editable.
- Delete your account in Settings. This is permanent and cascades to every other system.
- Object or restrict processing. Email us. We will stop processing and delete the relevant data on request.
If you are in the European Economic Area, the United Kingdom, or California, you also have specific rights under GDPR, CCPA, or CPRA, including the right to lodge a complaint with your local data protection authority. To exercise any rights, email hello@gethindsightapp.com. See the California Privacy Notice below for the rights and disclosures specific to California residents.
California Privacy Notice (CCPA / CPRA)
This section applies if you are a California resident. It supplements the rest of this Policy and follows the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA").
Categories of Personal Information We Collect
In the past 12 months we have collected the following categories from California residents:
- Identifiers. Email address, account UUID, IP address (via authentication logs), device identifiers (via crash reporting).
- Customer records. Email address, hashed password (managed by Supabase Auth).
- Commercial information. Subscription tier and billing status (received from Apple via RevenueCat). We never see your payment card.
- Internet or other network activity. Session metadata, crash and performance traces (scrubbed of trade content).
- Inferences. Aggregated patterns about your own trading you log (visible only to you in the App; not used to build a profile of you for any third party).
- Sensitive personal information. Account credentials. Used only to authenticate you. Not used to infer characteristics about you. Not sold or shared. You can limit our use of sensitive personal information to what is strictly necessary by emailing hello@gethindsightapp.com, although our use is already limited to what is strictly necessary.
We do not collect government IDs, biometric data, precise geolocation, racial or ethnic origin, religious beliefs, union membership, contents of your private communications, genetic data, or health data.
Sources of Personal Information
- Directly from you (when you sign up, log trades, or contact us).
- Automatically from your device (crash reports, session metadata).
- From third-party service providers acting on our behalf (Apple for subscription state, RevenueCat for entitlement state, SnapTrade for broker data when you connect a broker).
Purposes for Which We Collect Personal Information
We use each category for the same purposes described in the "How we use your information" section above: operating the Service, providing the features you use, sending transactional email, responding to support requests, diagnosing bugs, and preventing abuse.
Disclosure to Service Providers
In the past 12 months we have disclosed the categories listed above to the service providers named in the "Who we share information with" section. Each provider is bound by contract to use the data only to provide services to us and not for their own purposes.
Sale or Sharing of Personal Information
We do not "sell" your personal information for money or other valuable consideration.
We do "share" your personal information for cross-context behavioral advertising as that term is defined under the CCPA, but only on our marketing website at gethindsightapp.com, and only with Google (Google Analytics and Google Ads) and Meta (the Meta Pixel and the Meta Conversions API) as described in the "Who we share information with" section above. The Hindsight mobile app does not contain advertising pixels and does not share personal information for cross-context behavioral advertising.
The categories shared on our marketing website are: Identifiers (IP address, online cookies and similar identifiers), Internet or other network activity (page views, referral source, engagement events), and Inferences derived from this activity for advertising-audience targeting.
You have the right to opt out of this sharing. You can opt out by any of the following:
- Global Privacy Control (GPC). We automatically honor the GPC browser signal as an opt-out request. Many modern browsers and extensions let you turn this on with one click.
- Email request. Email hello@gethindsightapp.com from the email on your Hindsight account with subject line "Do Not Sell or Share." We confirm within 15 business days.
- Avoid the marketing site. The Hindsight mobile app itself never shares your information for advertising. If you only use the app, no sharing occurs.
In the past 12 months we have shared categories of personal information of California residents for cross-context behavioral advertising as described above. We have not sold personal information for money. We do not knowingly sell or share personal information of California residents under 16.
Retention
We retain each category of personal information for the periods described in the "How long we keep your information" section above. The criteria we use to set retention are (a) the period needed to provide the Service, (b) legal or accounting obligations, and (c) fraud-prevention or security needs.
Your California Rights
If you are a California resident you have the right to:
- Know what personal information we have collected, used, disclosed, and the sources, purposes, and recipients.
- Access a copy of the specific pieces of personal information we have collected.
- Delete personal information we have collected, subject to limited exceptions (legal compliance, fraud prevention, completing a transaction you requested).
- Correct inaccurate personal information.
- Limit the use of sensitive personal information to what is strictly necessary to provide the Service. We already limit it to that standard.
- Opt out of sharing. We share marketing-website interaction data with Google and Meta for cross-context behavioral advertising. You can opt out via Global Privacy Control or by emailing hello@gethindsightapp.com. We do not sell personal information.
- Non-discrimination. We will not deny you the Service, charge you a different price, or provide a different level of quality because you exercised these rights.
How to Submit a Request
Submit any of the above requests by emailing hello@gethindsightapp.com from the email address on your Hindsight account. We will verify the request by replying from that address and confirming your account email. We respond within 45 days; we may extend by another 45 days if needed and will notify you. There is no fee for the first two requests in a 12-month period.
Authorized Agents
You may designate an authorized agent to submit requests on your behalf. The agent must provide written permission signed by you, and we may also ask you to verify your identity directly.
Shine the Light
California Civil Code §1798.83 ("Shine the Light") allows California residents to request a list of personal information disclosed to third parties for those parties' direct marketing purposes during the prior calendar year. We do not disclose personal information to third parties for their direct marketing purposes, so we have nothing to report under this law. To confirm in writing, email hello@gethindsightapp.com.
Notice at Collection
We collect the categories listed above at the moment you sign up or use the App, or when you interact with our marketing website. We use them for the purposes listed above. We retain them for the periods listed above. We do not sell them. We share Identifiers, Internet or other network activity, and Inferences derived from your marketing-website visits with Google and Meta for cross-context behavioral advertising; the Hindsight mobile app itself does not share information with any advertising provider.
Contact for California Privacy Questions
hello@gethindsightapp.com
Children
Hindsight is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has signed up, email us and we will delete the account.
Security
- All data is transmitted over TLS.
- Database access is gated by Supabase Row Level Security policies that prevent any user from reading another user's data.
- Passwords are hashed by Supabase Auth using industry-standard algorithms.
- Sentry events are scrubbed of trade content client-side before transmission.
- We do not store broker passwords. Broker authentication happens on the broker's own site; we receive only an opaque token from SnapTrade.
No system is perfectly secure. If you discover a vulnerability, please email security@gethindsightapp.com.
AI Features
The optional Weekly Deep Analysis Recap (Pro tier) summarizes your trades by sending a JSON payload of your trade data to Anthropic's API. We use Anthropic's commercial API, which under their current Data Processing Addendum does not retain your data after the request completes and does not use it to train Anthropic's models. We are not responsible for changes to Anthropic's policy; the most current version applies.
Not Investment Advice
Hindsight is a journal and reflection tool. Nothing in the App, including AI-generated text, is investment advice or a recommendation to buy or sell any security. Trades you make are your own decision.
Changes to This Policy
If we update this policy, we will post the new version with a new "Last updated" date and, for material changes, send a notice to your account email at least 14 days before the change takes effect.
Contact
Email: hello@gethindsightapp.com
Mailing address: available on request