← Back to FarmFin

Privacy Policy

Last updated: May 9, 2026

1. Information We Collect

Account information: When you sign in with Google, we receive your name and email address from Google. Each Google account becomes a single user. Users belong to a household; one user can be the owner of a household and invite others to join it.

Household and invite metadata: Household name, ownership and membership records, and the short-lived invite codes used to add new members.

Connected institution data via Plaid: When you link a bank, brokerage, mortgage, or credit card through Plaid, we store the encrypted Plaid access token for each item plus institution metadata (institution name, item ID, supported products). Tokens are encrypted at rest using AES-256-GCM with a server-managed key.

Account, transaction, and balance data: The bank accounts, credit accounts, brokerage holdings, investment transactions, transactions, and balance snapshots that Plaid returns for the institutions you connect. This data is stored in our database so it can be queried by you, your AI assistant, or your Google Sheet without re-fetching from Plaid every time.

Manual entries: Anything you add by hand — manual assets and liabilities (a house, a car, a private loan), tags, categories, notes, and the asset-to-liability links you create to compute equity.

Google Sheets & Drive state: Encrypted OAuth tokens for Google, the spreadsheet ID we created for your household, and the active Drive watch-channel state we use to receive a push notification when you edit your Sheet.

Operational logs: An audit log of meaningful actions (link, sync, categorize, tag, asset-add, etc.) and a run log of background sync jobs. Server request logs (IP address, timestamps, error metadata) are retained for a short period to diagnose issues and are then automatically purged.

2. Information We Do NOT Collect or Share

• We do not sell your data. Ever.
• We do not run advertising and have no ad-tracking pixels.
• We do not use your financial data to train AI models.
• We do not share your data with third parties beyond the service providers strictly required to make FarmFin work (see Section 6).
• We do not store your bank login credentials. Plaid handles the bank login flow; we only ever see the access token Plaid issues us.

3. How We Use Your Information

• To authenticate you and maintain your session.
• To pull account, transaction, balance, and holding data from Plaid on your behalf.
• To create and update your Google Sheet, and to subscribe to push notifications when you edit it.
• To answer questions, run categorizations, and compute reports when you (or your AI assistant) request them through the MCP interface.
• To send the small number of operational emails the product requires (e.g., re-authorization links when a token expires).
• To diagnose and fix technical issues.

4. Data Security

Plaid access tokens and Google OAuth tokens are encrypted at rest. All connections to FarmFin and to its upstream APIs (Plaid, Google) use HTTPS. Each household's data is structurally isolated by household ID at the database layer; there are no cross-household queries.

5. Data Retention & Deletion

Data is retained for as long as your household has an active linked institution or manual entry. You may at any time:

• Disconnect a Plaid item — its access token is deleted immediately.
• Leave a household — your membership record is removed.
• Delete a household you own — all of its accounts, transactions, holdings, manual entries, audit log entries, and the household record itself are permanently removed.
• Request a copy of your data, or a full deletion of all data associated with your account, by emailing support@brunchlabs.com.

6. Third Parties

FarmFin is built on top of a small, deliberately minimal set of vendors:

• Plaid — read-only access to your connected banks, brokerages, mortgages, and liabilities. Subject to Plaid's end-user privacy policy.
• Google — sign-in, Google Sheets read/write, and Drive watch on the Sheet we created for your household.
• Cloudflare — application hosting, edge networking, and database (D1) and key-value storage where your data resides.

7. Your Rights

You can at any time view, edit, disconnect, or delete the data FarmFin holds about you. You may also export it as a copy of your Google Sheet at any time. If you'd like FarmFin to remove all data associated with your account, email support@brunchlabs.com and we will do so within 30 days.

8. Children

FarmFin is not directed at children under 13 and does not knowingly collect data from them.

9. Changes to This Policy

We may update this policy as the product evolves. Material changes will be communicated to active users by email.

10. Contact

Privacy questions can be sent to support@brunchlabs.com. FarmFin is a product of BrunchLabs, LLC.