Privacy Policy

Effective date: April 17, 2026

Hindsight ("we", "our", or "the app") is a personal decision journal. This policy explains what data we collect, how we use it, who we share it with, and your rights. By using the app you agree to this policy.

1. Data We Collect

• Account information: Email address and display name you provide at sign-up. Authentication credentials are handled by Firebase Authentication and, if you choose, Google Sign-In or Apple Sign-In.
• Decision content: The decisions, reasoning, expected outcomes, mood, confidence ratings, categories, stakes, and outcome reflections you enter.
• Voice transcriptions (optional): If you use the microphone button to dictate a decision, your speech is transcribed to text on-device (or via your device's built-in speech recognition service, typically Google or Apple). The app stores only the resulting text — not the audio. You can decline the microphone permission and the rest of the app will work normally.
• Push notification tokens: A Firebase Cloud Messaging device token so we can send follow-up reminders for decisions you've logged. You can disable notifications at any time in your device settings or under Settings → Follow-up Reminders.
• Subscription status: If you purchase Hindsight Pro, your subscription state (active / cancelled / expired) is managed by RevenueCat and relayed to our servers.
• Advertising identifiers: If you use the free tier, Google AdMob may collect your device's advertising ID and limited technical data (device type, country, language) to serve ads. See §4 for details and how to opt out.
• Crash diagnostics: Firebase Crashlytics collects anonymized crash stack traces, device model, OS version, and the state of the app at the time of a crash. We use this only to diagnose and fix bugs.
• Technical logs: Server-side logs of Cloud Function invocations (timestamps, user ID, event type) for debugging and abuse prevention. Logs are kept for up to 30 days.

2. How We Use Your Data

• To provide the core app functionality: storing, displaying, and analyzing your decisions.
• To send follow-up reminders at the intervals you have configured.
• To calculate your calibration score and dashboard insights.
• To manage your subscription status and gate paid features.
• To serve ads in the free tier (via Google AdMob).
• To diagnose crashes and app errors (via Firebase Crashlytics).

We do not use your decision content for advertising, model training, or any purpose beyond delivering the app's features to you.

3. Data Storage and Security

Your data is stored in Google Cloud Firestore with security rules that restrict access to your own account. All data is encrypted in transit via HTTPS/TLS and at rest by Google Cloud. Authentication is handled by Firebase Authentication.

4. Third-Party Services and Sharing

We share limited data with the following processors, each governed by their own privacy policy:

• Google Firebase (Authentication, Firestore, Cloud Messaging, Cloud Functions, Crashlytics) — receives account data, decision content, FCM tokens, and crash reports. Firebase Privacy Policy
• Google Sign-In (optional) — receives a basic profile (email, display name, profile picture URL) if you sign in with Google. Google Privacy Policy
• Apple Sign-In (optional, iOS) — receives the email and name you authorize. Apple Privacy Policy
• Google AdMob — serves banner ads in the free tier. AdMob may collect your advertising ID and coarse technical data. AdMob & Privacy. EEA/UK users are shown a consent form on first launch and can change their choice later in device settings.
• RevenueCat — manages subscription entitlements. Receives your app-assigned user ID and purchase history. RevenueCat Privacy Policy
• Apple App Store / Google Play — processes payments and handles refunds.

We do not sell your personal data. We do not share decision content with advertisers.

5. Your Choices and Controls

• Access: All your decisions are visible in the app. Use Settings → Export Data to download them as CSV or PDF.
• Correction: You can edit or delete any individual decision at any time.
• Deletion: Use Settings → Delete Account to permanently erase your account and all associated data. See §6 below for how to request deletion without installing the app.
• Notifications: Disable in Settings → Follow-up Reminders, or in your device's system notification settings.
• Microphone: Deny or revoke the microphone permission in your device settings to disable voice input.
• Ads / advertising ID: EEA/UK users can change consent via the in-app "Privacy options" link (if displayed for your region). All users can reset or disable their advertising ID in iOS Settings → Privacy → Tracking or Android Settings → Privacy → Ads.

6. Account & Data Deletion

You can permanently delete your account and all associated data directly in the app: Settings → Delete Account. Deletion is immediate and irreversible — your user record, all decisions, all outcomes, follow-ups, and your Firebase Authentication account are removed. Crash diagnostics and server logs older than 30 days are retained in aggregated form that cannot be linked back to you.

If you no longer have the app installed, email hindsight@ribby.dev from the address associated with your account and we will delete your data within 30 days.

7. Data Retention

Account and decision data are retained as long as your account is active. When you delete your account, all your data is removed from our primary database immediately. Backups are rotated within 30 days. Crash and server logs are kept for up to 30 days.

8. International Transfers

Our servers are hosted in Google Cloud regions. If you access the app from outside those regions, your data will be transferred to and processed there.

9. Children's Privacy

Hindsight is not directed at children under 13. We do not knowingly collect data from children under 13. If we become aware that we have, we will delete it promptly.

10. Your Rights (GDPR / UK GDPR / CCPA)

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict or object to processing, and port your data. Most of these are self-serve in the app (see §5–6). For anything else, email us at hindsight@ribby.dev. We do not sell personal information.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date. Material changes will be surfaced in-app.

12. Contact

If you have questions about this policy, contact us at hindsight@ribby.dev.