HunchDesigned to protect your data.
Every decision in Hunch’s architecture starts with one question: what’s the minimum we need to see?
Read-only bank access
You connect through Plaid — the same secure link trusted by thousands of finance apps. You sign in at your bank, and Hunch receives read-only access to your transactions and balances. We never see or store your banking password.
Strong encryption
Your data is encrypted in our cloud, and the token that links your bank is sealed with strong, industry-standard encryption. Connections are protected in transit and at rest.
Isolated to your account
Your financial data is walled off to your account at the database level — every record carries a rule that only lets your own account read it. One person’s data can never leak into another’s.
Never sold
We make money from subscriptions, not from your data. Hunch never sells or rents your financial information, and never shares it with advertisers.
Optional AI, explicit consent
AI categorization sends only merchant names (never account numbers or personal details) and only when you explicitly run it. The Ask Hunch assistant queries aggregated spending data through tool calls for the scopes you enable — your banking password and account numbers are never shared. Both are off by default.
Export or delete anytime
Your data is yours. Export everything whenever you like, or delete your account in one step — which also disconnects your bank and revokes Hunch’s access.
How connecting your bank works
When you connect a bank, Hunch hands you off to Plaid’s secure flow. You log in directly with your bank — Hunch never sees those credentials. Your bank then grants read-only access to your transactions and balances, and Plaid returns a token that Hunch stores encrypted on your behalf.
From there, your transactions and balances refresh automatically — no manual exports, no passwords to re-enter. Everything is stored encrypted and isolated to your account, and you can disconnect a bank or delete all of your data at any time.
Responsible disclosure
If you discover a security vulnerability in Hunch, please report it to security@hunch.money before disclosing it publicly. We will acknowledge your report within 48 hours and aim to resolve critical issues within 7 days.
We do not have a formal bug bounty program yet, but we will recognize and thank researchers who report valid security issues responsibly.
Questions
Security questions, concerns, or reports: security@hunch.money.
These measures significantly reduce risk, but no security system provides absolute protection against all threats. For the full warranty disclaimer and limitation of liability, see our Terms of Use.