HunchWhat happens when you sync.
A plain-language account of how Hunch connects to your bank, what it reads, and why nothing sensitive ever leaves your device.
You sign in directly to your bank
When you connect an account, Hunch opens your bank's own website in an isolated session inside the app — the same site you'd visit in a browser. You log in yourself. MFA codes go to your bank and are never stored by Hunch.
If you enable Keep signed in, your credentials are saved so you don't have to log in on every sync. They're stored in your operating system's secure credential store — macOS Keychain, Windows Credential Manager, or Linux Secret Service — encrypted by the OS, protected by your login password, and never uploaded to Hunch or any third party.
Syncs go straight to your bank
When you sync, Hunch connects directly to your bank. There is no Hunch server in that path — no relay, no aggregator, nothing that stores a copy of the exchange. The data comes back to the app and is written to your device only.
This also means there is no Hunch-side database that could be breached. A compromise of our infrastructure would expose nothing about your finances.
What Hunch reads
Each sync reads only what the app needs to show you your accounts. Nothing else is requested or stored.
- Transactions — date, merchant, amount
- Account balances
- Interac e-transfer records
- Investment holdings (Wealthsimple)
- Passwords or MFA codes
- Full account numbers
- SIN or government identifiers
- Phone numbers or email addresses
Questions
Security questions or responsible disclosure: security@hunch.app.
Anything else: hello@hunch.money.
Related: how your data stays private · security · privacy policy.
No security measure eliminates all risk. For the full warranty disclaimer, see our Terms of Use.