ProjectHindsight is designed to handle project management knowledge. We collect minimal personal data — primarily your name, work email address, and activity logs. We do not collect health data, financial account data, or any special category personal data.
Data Processor: ProjectHindsight, operated by Chijioke Onwuka (Founder). Contact: privacy@projecthindsight.co.uk
Data Controller: Your organisation (e.g. Portsmouth Water) is the Data Controller for the project and lessons data entered into this platform. ProjectHindsight processes that data on your organisation's behalf under a Data Processing Agreement.
This platform is hosted on servers located in the United Kingdom (London region) in compliance with UK GDPR data residency requirements.
| Data Category | Specific Data | Why We Collect It |
|---|---|---|
| Account data | Name, work email address, department, job role | To create and manage your account |
| Authentication data | Hashed password (we never store your actual password), login timestamps | To verify your identity securely |
| Activity logs | Record of actions you take in the system (e.g. created lesson, searched projects) with timestamp | Security auditing and accountability |
| Usage data | IP address at login, browser type via standard web server logs | Security monitoring and fraud prevention |
| Content data | Lessons learned, project descriptions you create or contribute to | Core platform functionality — the organisational knowledge base |
We do not collect: health or medical data, financial account details, biometric data, racial or ethnic origin, political opinions, religious beliefs, or any other special category data under UK GDPR Article 9.
| Purpose | Legal Basis (UK GDPR Art. 6) |
|---|---|
| Providing you access to the platform | Contract performance (Art. 6(1)(b)) |
| Maintaining your account and preferences | Contract performance (Art. 6(1)(b)) |
| Security monitoring and audit logging | Legitimate interests (Art. 6(1)(f)) — protecting the platform and your organisation's data |
| Complying with legal obligations (e.g. ICO requests) | Legal obligation (Art. 6(1)(c)) |
We do not use your data for marketing, advertising, or profiling. We do not sell or share your data with third parties for commercial purposes.
| Data Type | Retention Period |
|---|---|
| Active user accounts | Duration of your organisation's contract with ProjectHindsight |
| Deactivated user accounts | 12 months after deactivation, then permanently deleted |
| Activity (audit) logs | 2 years, then deleted |
| Database backups | 30 days rolling — older backups are automatically deleted |
| Project and lessons data | Duration of contract + 1 year, unless your organisation requests earlier deletion |
| Server access logs (nginx) | 90 days |
All data is stored in the UK. We do not transfer personal data outside the UK or EEA.
We implement the following technical and organisational measures to protect your data:
You have the following rights regarding your personal data. To exercise any of these rights, email privacy@projecthindsight.co.uk. We will respond within 30 days.
Request a copy of all personal data we hold about you (Subject Access Request).
Ask us to correct inaccurate data. You can also update your own profile directly in the app.
Request permanent deletion of your account and personal data (the "right to be forgotten").
Request a machine-readable export of all data we hold about you.
Object to processing based on legitimate interests. We will assess and respond within 30 days.
Ask us to pause processing your data while a dispute or complaint is resolved.
If you are unsatisfied with how we handle your request or your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by calling 0303 123 1113.
ProjectHindsight uses no third-party cookies and no advertising or analytics cookies. The only data stored in your browser is your authentication token (localStorage), which is necessary for you to remain logged in. This token expires after 8 hours and is deleted when you log out.
We will notify all users via the platform if we make material changes to this Privacy Notice. The "Last updated" date at the top of this page will always reflect when it was last revised. Continued use of the platform after notification constitutes acceptance of the updated notice.
Data Protection enquiries:
Email: privacy@projecthindsight.co.uk
Subject line: "Privacy / Data Protection Request"
We aim to respond to all data subject requests within 30 calendar days as required by UK GDPR Article 12. For complex requests we may extend this by a further 2 months, in which case we will notify you within the initial 30-day period.