Privacy.

Last updated: June 9, 2026

Strategy of Finance ("SoF", "we", "us") is a publication, podcast, and tools site operated by Rohit Agarwal. We are the controller of the personal information described here. This policy explains what we collect, why, who processes it on our behalf, how long we keep it, and the rights you have over it. It applies to strategyoffinance.com and the newsletter, forms, and tools offered through it.

We've kept this in plain language. If anything here is unclear, or you want to exercise a right, email hello@strategyoffinance.com.

What we collect, and why

Newsletter. When you subscribe to How to Win, we collect your email address (that is the only field on the form). We use it to send you the newsletter and occasional related updates. Delivery is handled by Beehiiv, which — like most email platforms — records whether emails are delivered, opened, and which links are clicked, so we can understand what's useful and keep the list healthy. You can unsubscribe at any time using the link in any issue, which stops all of this.

Forms. When you submit a form, we collect what you enter, plus your IP address (to prevent spam and abuse):

  • Contact form — your name, email, the type of enquiry, and your message.
  • Refer-a-guest form — your name and email, and the guest's name, a link to them, why you're suggesting them, and how you know them.
  • Work with Me enquiry — your name, email, the service you're enquiring about, a description of your situation, and optionally a link to materials you choose to share and a note on timing.

Form submissions are stored in our database (Supabase) and emailed to us (Resend) so we can respond. We use them only to reply to you and to do the thing you asked for (answer the question, consider the referral, scope the enquiry). Our forms are protected by Cloudflare Turnstile, a privacy-preserving spam check that does not use cross-site tracking cookies or profile you.

Analytics. We use Vercel Analytics to count visits and see which content is read. It is cookieless, does not identify individual visitors, and does not build a profile of you.

Server logs. Like any website, our host (Vercel) processes basic technical data — IP address, browser type, the page requested, timestamps — as part of serving the site securely. These logs are used for security and reliability, not marketing.

Embedded media. Episode pages embed a Spotify player. If you press play, Spotify may set cookies and collect data under its own policy. Nothing is sent to Spotify until you interact with the player.

Legal bases (for visitors in the EU/UK)

Where the GDPR applies, we rely on: your consent for the newsletter (withdrawable at any time by unsubscribing); our legitimate interests in responding to your messages, keeping the site secure, preventing spam, and understanding aggregate usage; and, where you're enquiring about a paid service, steps taken at your request before any engagement. We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

Cookies and similar technologies

We deliberately run a low-cookie site, which is why you don't see a cookie banner. We do not use advertising, analytics, or cross-site tracking cookies. The only cookies or similar storage that may be set are: a transactional one tied to submitting a form, the privacy-preserving Cloudflare Turnstile check, and — only if you press play — Spotify's player cookies. If we ever add tracking technology that requires consent, we'll add the appropriate controls and update this page first.

What we don't do

We don't sell or rent your data. We don't run advertising. We don't use tracking pixels on the website or behavioural profiling. We don't share your information with anyone except the service providers below, who process it only to do their job for us.

Who processes your data (third parties)

  • Beehiiv — newsletter delivery and email analytics (beehiiv.com)
  • Vercel — site hosting, server logs, and cookieless analytics (vercel.com)
  • Supabase — stores form submissions in a private database only we can access (supabase.com)
  • Resend — delivers form submissions to us by email (resend.com)
  • Cloudflare Turnstile — privacy-preserving spam protection on our forms (cloudflare.com)
  • Spotify — the embedded episode player; collects data per its own policy when you play (spotify.com/privacy)

International transfers

These providers operate global infrastructure, and your information may be processed in countries other than your own — including the United States. Where required, we rely on the providers' own safeguards for such transfers (such as standard contractual clauses). If you'd like detail on a specific provider, contact us.

How long we keep it

We keep information only as long as we need it for the purpose it was collected. Newsletter data is kept for as long as you stay subscribed; unsubscribing removes you from the active list. Form submissions are kept for as long as needed to handle your request and for a reasonable period afterwards, then deleted. You can ask us to delete your information sooner (see your rights).

Security

The site is served over HTTPS. Form submissions are stored in a database with row-level security so that only our server-side functions can read them — the public site cannot. No method of storage or transmission is perfectly secure, but we take reasonable measures to protect your information.

Your rights

You can ask us to access the information we hold about you, correct it, or delete it, and you can withdraw consent to the newsletter at any time. Email hello@strategyoffinance.com and we'll respond within 30 days.

Depending on where you live, you may have additional rights:

  • EU/UK (GDPR): access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right to lodge a complaint with your local data-protection authority.
  • India (DPDP Act, 2023): access, correction, completion, updating, and erasure of your personal data, and grievance redressal — contact us as above.
  • California (CCPA/CPRA): we do not sell or "share" your personal information as those terms are defined, and we don't process it for cross-context behavioural advertising. You may still request access or deletion as above.

Children

The site is intended for finance professionals and is not directed at children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, contact us and we'll delete it.

Links to other sites

Our content links to and embeds third-party sites and platforms (for example Spotify, LinkedIn, and the podcast platforms). Their privacy practices are their own; this policy covers only Strategy of Finance.

Changes

We may update this policy as the site evolves or the law changes. The date at the top reflects the latest version; material changes will be noted there.

Contact

For any privacy question or to exercise a right: hello@strategyoffinance.com.