HunchHunch
Login
LEGAL

Privacy Policy

Hunch is a secure cloud web app. This policy explains what we collect, how it’s protected, who we share it with, and the choices you control.

Last updated: June 26, 2026

Draft for review. This is a plain-language draft that reflects how Hunch works today. It should be reviewed by counsel before you rely on it, and is not legal advice.

This Privacy Policy applies to hunch.money, the Hunch web app at app.hunch.money, bank connections made through Plaid, support, optional AI features, paid services, and related services. It should be read together with our Terms of Use.

1. Privacy at a glance

  • We never see your banking password: You connect your bank through Plaid and sign in directly with your bank. Plaid grants Hunch read-only access to your transactions and balances. Your banking password and any MFA codes go to your bank, never to Hunch.
  • Stored securely and isolated to you: Your financial data is stored encrypted in our cloud and isolated to your account, so only your account can access it. The token that links your bank is sealed with strong encryption.
  • Read-only access: Hunch can read your transactions and balances. It can never move money or make changes at your bank.
  • Optional AI: AI features are off until you turn them on. AI categorization sends only merchant names; the Ask Hunch assistant queries your spending data for the scopes you enable.
  • No sale of financial data: We do not sell your personal financial data or use it for third-party behavioural advertising, and you can export or delete your data anytime.

2. Accountability and contact

Hunch is responsible for personal information under our control. Questions, privacy requests, and complaints can be sent to privacy@hunch.money.

3. Financial information we store

To provide the service, Hunch stores your financial data in our cloud database. This may include transaction records, account names, account identifiers assigned by an institution, account balances, holdings, categories, budgets, goals, recurring-transaction rules, net worth history, transfer metadata shown by an institution, app settings, and sync state.

This information is encrypted and isolated to your account so that only your account can access it. You can export all of it or delete your account — which removes your data and disconnects your banks — at any time. If you import CSV or PDF statements instead of connecting a bank, that data is stored the same way.

4. Bank connections through Plaid

When you connect a bank, Hunch uses Plaid to establish the connection. You sign in directly with your bank inside Plaid’s secure flow — Hunch never asks for, sees, or stores your banking password or MFA codes.

Your bank grants read-only access to your transactions and balances, and Plaid returns an access token that Hunch stores encrypted on your behalf. That token can only read data — it cannot move money or change anything at your bank. You can disconnect a bank at any time, which revokes Hunch’s access. Plaid processes information under its own privacy policy.

5. Information we may collect or process

Depending on the features you use, Hunch or our service providers may process:

  • Account information: email address, account identifiers, authentication metadata, preferences, entitlements, subscription status, and support history.
  • Billing information: payment status, plan, invoices, tax information, transaction identifiers, and billing contact details handled through our payment provider. We do not store full card numbers.
  • AI request information: merchant descriptions, category prompts, model responses, usage counts, entitlement checks, and technical metadata needed to provide optional AI features.
  • Support communications: messages you send us, attachments you provide, and information needed to investigate or respond.
  • Website and security logs: IP address, user agent, timestamps, requested URLs, device/browser information, error logs, abuse-prevention data, and diagnostics.
  • Product diagnostics: crash reports, sync status, app version, and feature events when needed to secure, troubleshoot, or improve Hunch.
  • Marketing preferences: email subscription status, consent records, unsubscribe records, and communication history.

6. How we use information

We use information for these purposes:

  • to provide, operate, maintain, secure, and troubleshoot Hunch;
  • to sync and display your financial information when you choose to use Hunch features;
  • to categorize transactions, detect recurring transactions, calculate balances, and generate charts;
  • to provide optional AI categorization and enforce related usage limits;
  • to authenticate accounts, manage subscriptions, process payments, and prevent abuse;
  • to respond to support, security, privacy, and legal requests;
  • to send service messages, security notices, policy updates, and requested product communications;
  • to improve reliability, performance, accessibility, and user experience; and
  • to comply with law and enforce our Terms.

7. Consent and choices

We seek meaningful consent for the collection, use, and disclosure of personal information. Some processing is necessary to provide Hunch when you choose to use a feature. Other processing, such as optional AI categorization, marketing emails, saved session material, and paid account features, can be turned on or off as described in the product or by contacting us.

You may withdraw consent where legally permitted, but doing so may limit or prevent use of features that require the information.

8. Disclosure and service providers

We do not sell your personal financial data. We may disclose information to service providers only as needed to operate Hunch, including providers for hosting, security, authentication, payment processing, AI services, email, diagnostics, analytics, and customer support.

Current categories of service providers include:

  • Plaid: secure bank connectivity. You authenticate with your bank through Plaid, which provides Hunch read-only access to your transactions and balances.
  • Cloud hosting and database providers: hosting, CDN, DNS, security, DDoS protection, and the encrypted database where your data is stored.
  • Authentication and entitlement providers: account sign-in, paid-plan status, and entitlement checks.
  • Stripe or payment providers: checkout, subscription billing, invoices, tax handling, fraud checks, and payment records.
  • AI infrastructure and model providers: optional categorization requests when you choose AI features.
  • Support and communication tools: responding to requests and sending service or product communications.

We may also disclose information if required by law, to protect rights and safety, to investigate abuse or security incidents, in connection with a business transaction such as a merger or acquisition, or with your direction or consent.

9. Optional AI categorization

AI categorization is off by default. When you use it, Hunch sends only the information needed for the request. The intended payload is merchant or transaction description text and category context, not bank credentials, full account numbers, card numbers, MFA codes, or full bank statements.

We do not use your personal financial data to train our own AI models. Where available, we configure third-party AI services to avoid training on your prompts and responses. Third-party AI handling is also governed by the provider’s terms and privacy commitments.

10. Cookies and browser storage

Hunch uses cookies and browser storage to keep you signed in and to save settings, session state, security tokens, and preferences needed for the app to function. The marketing site and service providers may use cookies or similar technologies for security, site operation, analytics, fraud prevention, payments, and remembering preferences.

You can control cookies and browser storage through your browser settings, but disabling or clearing storage may break functionality or sign you out.

11. Retention and deletion

Your financial data is kept while your account is active so the service can work. You can delete your account at any time, which removes your financial data and revokes Hunch’s access to your connected banks. Some records may persist briefly in encrypted backups before they age out.

Account, billing, support, security, and diagnostic records are retained only as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law, dispute resolution, fraud prevention, tax, accounting, backup, or security needs.

12. Security safeguards

We use administrative, technical, and organizational safeguards appropriate to the sensitivity of the information. These may include encryption in transit, encryption at rest for cloud-stored data where applicable, access controls, least-privilege practices, origin checks, nonce-bound browser messaging, Content Security Policy, provider review, and security monitoring.

No system is perfectly secure. You are responsible for securing your device, browser profile, operating system, email account, passwords, recovery methods, and any local saved session material.

13. Breach notification

If we determine that a breach of security safeguards involving personal information under our control creates a real risk of significant harm, we will notify affected individuals and applicable privacy regulators as required by law, and we will keep required records.

14. International processing

Hunch and our service providers may process or store information in Canada, the United States, and other countries. Information processed outside your state, province, territory, or country may be subject to foreign laws and lawful access requests.

15. Your privacy rights

Subject to legal limits, you may request access to personal information we hold about you, ask for it to be corrected, request deletion, withdraw consent, object to certain processing, or ask questions about our practices. To make a request, contact privacy@hunch.money.

You can also export a full copy of your data or delete your account directly from the app’s built-in controls at any time.

If you are not satisfied with our response, you may contact the applicable privacy regulator in your jurisdiction.

16. Commercial electronic messages

We send marketing emails only where we have consent or another lawful basis. Commercial electronic messages include identification information and an unsubscribe mechanism. You can unsubscribe from marketing emails at any time. We may still send transactional or service messages, such as security, billing, account, and policy notices.

17. Children

Hunch is not intended for children or for people who cannot legally manage the financial accounts they connect. Do not use Hunch if you are not legally permitted to agree to the Terms or access the financial accounts you connect.

18. Changes to this policy

We may update this Privacy Policy as Hunch changes or as legal, operational, or security requirements evolve. Material changes will be posted on this page and, if you have an account, may be communicated by email or in-product notice. The updated policy applies when posted unless a later effective date is stated.

19. Contact

Privacy questions, requests, or complaints: privacy@hunch.money.