Open appGet Hunch
LEGAL

Privacy Policy

Hunch is local-first by default. This policy explains what we process, what stays on your device, and what choices you control.

Last updated: June 22, 2026

This Privacy Policy applies to hunch.money, app.hunch.money, the Hunch browser extension, downloads, support, optional AI features, paid services, and related services. It should be read together with our Terms of Use.

1. Privacy at a glance

  • No bank passwords: Hunch does not ask for, collect, store, transmit, or process your bank username, bank password, or MFA code.
  • Local-first by default: Your transaction data, balances, budgets, categories, and settings are stored in your browser or extension storage unless you choose a feature that sends or syncs data.
  • No aggregator middleman: Hunch does not use a third-party financial data aggregator to handle your bank login.
  • Optional AI: AI categorization is optional and runs only when you choose to use it.
  • No sale of financial data: We do not sell your personal financial data or use it for third-party behavioural advertising.

2. Accountability and contact

Hunch is responsible for personal information under our control. Questions, privacy requests, and complaints can be sent to privacy@hunch.app.

3. Information stored locally on your device

The default Hunch experience stores financial data locally in your browser or extension storage. This may include transaction records, account names, account identifiers assigned by an institution, account balances, categories, budgets, recurring-transaction rules, net worth history, transfer metadata shown by an institution, app settings, and sync state.

In local mode, this information stays on your device. Hunch cannot see it from our servers. If you clear browser data, uninstall the extension, reset a browser profile, or lose the device, this local data may be deleted and may not be recoverable.

4. Bank credentials and session material

Hunch reads from bank pages or sessions you authenticate yourself. Hunch does not ask you to type bank credentials into Hunch and does not send bank credentials to Hunch servers.

Session-only mode does not intentionally persist bank session material. If you enable an optional Keep signed in feature for a supported institution, Hunch may store supported cookies or tokens locally in extension storage so the extension can validate or refresh that session. This session material is stored on your device and is not sent to Hunch servers. You can disable or clear it.

5. Information we may collect or process

Depending on the features you use, Hunch or our service providers may process:

  • Account information: email address, account identifiers, authentication metadata, preferences, entitlements, subscription status, and support history.
  • Billing information: payment status, plan, invoices, tax information, transaction identifiers, and billing contact details handled through our payment provider. We do not store full card numbers.
  • AI request information: merchant descriptions, category prompts, model responses, usage counts, entitlement checks, and technical metadata needed to provide optional AI features.
  • Support communications: messages you send us, attachments you provide, and information needed to investigate or respond.
  • Website and security logs: IP address, user agent, timestamps, requested URLs, device/browser information, error logs, abuse-prevention data, and diagnostics.
  • Product diagnostics: crash reports, sync status, extension version, app version, and feature events when needed to secure, troubleshoot, or improve Hunch.
  • Marketing preferences: email subscription status, consent records, unsubscribe records, and communication history.

6. How we use information

We use information for these purposes:

  • to provide, operate, maintain, secure, and troubleshoot Hunch;
  • to sync and display your financial information when you choose to use Hunch features;
  • to categorize transactions, detect recurring transactions, calculate balances, and generate charts;
  • to provide optional AI categorization and enforce related usage limits;
  • to authenticate accounts, manage subscriptions, process payments, and prevent abuse;
  • to respond to support, security, privacy, and legal requests;
  • to send service messages, security notices, policy updates, and requested product communications;
  • to improve reliability, performance, accessibility, and user experience; and
  • to comply with law and enforce our Terms.

7. Consent and choices

We seek meaningful consent for the collection, use, and disclosure of personal information. Some processing is necessary to provide Hunch when you choose to use a feature. Other processing, such as optional AI categorization, marketing emails, saved session material, and paid account features, can be turned on or off as described in the product or by contacting us.

You may withdraw consent where legally permitted, but doing so may limit or prevent use of features that require the information.

8. Disclosure and service providers

We do not sell your personal financial data. We may disclose information to service providers only as needed to operate Hunch, including providers for hosting, security, authentication, payment processing, AI services, browser extension distribution, email, diagnostics, analytics, and customer support.

Current categories of service providers include:

  • Cloudflare: hosting, CDN, DNS, security, and DDoS protection.
  • Authentication and entitlement providers: account sign-in, paid-plan status, and entitlement checks.
  • Stripe or payment providers: checkout, subscription billing, invoices, tax handling, fraud checks, and payment records.
  • AI infrastructure and model providers: optional categorization requests when you choose AI features.
  • Browser vendors and extension stores: distribution, review, updates, and store-level diagnostics for the extension.
  • Support and communication tools: responding to requests and sending service or product communications.

We may also disclose information if required by law, to protect rights and safety, to investigate abuse or security incidents, in connection with a business transaction such as a merger or acquisition, or with your direction or consent.

9. Optional AI categorization

AI categorization is off by default. When you use it, Hunch sends only the information needed for the request. The intended payload is merchant or transaction description text and category context, not bank credentials, full account numbers, card numbers, MFA codes, or full bank statements.

We do not use your personal financial data to train our own AI models. Where available, we configure third-party AI services to avoid training on your prompts and responses. Third-party AI handling is also governed by the provider's terms and privacy commitments.

10. Cookies, browser storage, and local storage

Hunch uses browser storage, extension storage, and similar technologies to save local financial data, settings, session state, security tokens, preferences, and app functionality. The marketing site and service providers may use cookies or similar technologies for security, site operation, analytics, fraud prevention, payments, and remembering preferences.

You can control cookies and local storage through your browser settings, but disabling or clearing storage may break functionality or delete local-only data.

11. Retention and deletion

Local data stays on your device until you delete it, clear browser or extension storage, uninstall the extension, reset the browser profile, or use deletion controls we provide.

Account, billing, support, security, and diagnostic records are retained only as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law, dispute resolution, fraud prevention, tax, accounting, backup, or security needs.

12. Security safeguards

We use administrative, technical, and organizational safeguards appropriate to the sensitivity of the information. These may include encryption in transit, encryption at rest for cloud-stored data where applicable, access controls, least-privilege practices, origin checks, nonce-bound browser messaging, Content Security Policy, provider review, and security monitoring.

No system is perfectly secure. You are responsible for securing your device, browser profile, operating system, email account, passwords, recovery methods, and any local saved session material.

13. Breach notification

If we determine that a breach of security safeguards involving personal information under our control creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada where required by PIPEDA, and we will keep required records.

14. International processing

Hunch and our service providers may process or store information in Canada, the United States, and other countries. Information processed outside your province, territory, or country may be subject to foreign laws and lawful access requests.

15. Your privacy rights

Subject to legal limits, you may request access to personal information we hold about you, ask for it to be corrected, request deletion, withdraw consent, object to certain processing, or ask questions about our practices. To make a request, contact privacy@hunch.app.

If your data is local-only, we may not have a server copy to access, correct, export, or delete. You can manage local-only data through the app, extension, and browser storage controls.

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or the privacy regulator that applies in your province or territory.

16. Commercial electronic messages

We send marketing emails only where we have consent or another lawful basis. Commercial electronic messages include identification information and an unsubscribe mechanism. You can unsubscribe from marketing emails at any time. We may still send transactional or service messages, such as security, billing, account, and policy notices.

17. Children

Hunch is not intended for children or for people who cannot legally manage the financial accounts they connect. Do not use Hunch if you are not legally permitted to agree to the Terms or access the financial accounts you connect.

18. Changes to this policy

We may update this Privacy Policy as Hunch changes or as legal, operational, or security requirements evolve. Material changes will be posted on this page and, if you have an account, may be communicated by email or in-product notice. The updated policy applies when posted unless a later effective date is stated.

19. Contact

Privacy questions, requests, or complaints: privacy@hunch.app.