Skip To Content

AI Connector Beta Program Agreement

By participating in the AI Agent Data Access Beta Program (“Beta Program”), you (“Client”) acknowledge that you have read, understand, and agree to the terms and conditions. This Beta Program is offered by Grasshopper Bank (“Bank”) via infrastructure licensed by Grasshopper Bank from Narmi Inc., its technology provider.

1. Nature of the Beta Program

This Beta Program enables you to grant your chosen Artificial Intelligence (AI) agent or Large Language Model (LLM) (“Your AI Agent”) read-only access to certain financial data from your Grasshopper Bank business account(s) via our Model Context Protocol (MCP) Server (“AI Connector”). Access is authenticated via single-sign-on with your digital banking username and password (the “Authentication Credentials”).

This is an experimental, beta feature. It is provided “AS IS” and “AS AVAILABLE” for testing and evaluation purposes only. It is not a fully tested or commercial product and may contain errors, bugs, or other deficiencies.

This Beta Program is currently limited to read-only access to specified financial data including your accounts, balances, and transactions. Your AI Agent will not be able to initiate transactions, move funds, or make any changes to your account(s) through this Beta Program. Any future “write” capabilities would require a separate, explicit agreement with additional security controls.

2. Your Assumption of Risk (Use At Your Own Risk)

2.1 AI Hallucinations and Incorrect Information

You understand and acknowledge that AI technologies, including LLMs, are prone to “hallucinations” or generating incorrect, misleading, or nonsensical information. Your AI Agent may misinterpret your financial data, provide inaccurate summaries, or offer flawed financial advice based on the data accessed. Grasshopper Bank is NOT responsible for any inaccuracies, errors, or omissions generated by Your AI Agent or any LLM, nor for any decisions you make based on such information.

2.2 Bad Financial Advice

You understand that Your AI Agent is an automated tool and not a financial advisor. Any “advice,” analysis, or recommendations generated by Your AI Agent should NOT be construed as financial, legal, tax, or investment advice from Grasshopper Bank. You are solely responsible for verifying the accuracy of any information and for all financial decisions made. Grasshopper Bank expressly disclaims any liability for financial loss or other damages resulting from reliance on information or advice provided by Your AI Agent.

2.3 Security Beyond Bank’s Control

While Grasshopper Bank implements security measures to protect your data within its systems and during transmission to the AI Connector, the security of Your AI Agent, the LLM platform it uses, and your devices are solely your responsibility.

Bank’s Security Responsibility Ends: Once data is securely transmitted from the MCP Server to Your AI Agent, Grasshopper Bank’s control over that data ceases.

You acknowledge that vulnerabilities or breaches in Your AI Agent’s platform, the LLM provider’s systems, or your own devices could expose your data. Grasshopper Bank is not responsible for security failures or data breaches that occur outside of its direct control (i.e., within the AI platform, LLM provider’s infrastructure, or your devices).

2.4 Prompt Injection and Adversarial Attacks

You acknowledge that AI systems, including Your AI Agent, may be vulnerable to “prompt injection” attacks. These attacks occur when malicious instructions are embedded in data (such as in an email, a calendar invite, or a transaction description Your AI Agent reads) that manipulate or trick the AI into performing unintended actions, including potentially exposing your personal or financial information in unintended ways.

Examples of prompt injection risks that could instruct Your AI Agent to reveal sensitive information:

  • Hidden instructions in an email Your AI Agent reads
  • An unsolicited event description with a nefarious prompt in a calendar invite reviewed by Your AI Agent
  • Transaction descriptions containing hidden commands
  • Merchant names with embedded instructions
  • Sophisticated social engineering attacks that exploit how AI systems process instructions
  • Data being exposed in formats or ways you did not intend due to manipulated AI responses

You are responsible for:

  • Understanding the risk of prompt injection attacks
  • Reviewing AI-generated outputs for accuracy and unexpected information disclosure
  • Not blindly trusting AI responses about your financial data
  • Being cautious about sharing AI conversation outputs with untrusted parties
  • Using privacy features when available (see Section 3.3)
  • Assuming that any data accessible to Your AI Agent could potentially be exposed through conversation manipulation

2.5 Data Usage by Third-Party LLMs

You acknowledge that you are connecting Your AI Agent, which may utilize third-party LLMs (e.g., Anthropic’s Claude, Google Gemini, OpenAI, etc.). You understand and accept that the terms of service and privacy policies of these third-party LLM providers govern their use of your data.

Training Data Disclaimer: While Anthropic’s Claude does not train on user data by default, and we aim to ensure data passed to LLMs is not used for model training, Grasshopper Bank cannot guarantee the practices of external LLM providers. You are solely responsible for understanding and agreeing to the data handling practices of Your AI Agent’s underlying LLM.

2.6 Unforeseen Risks

The technology underlying AI agents and MCP is rapidly evolving and largely untested in widespread commercial banking contexts. You understand that there may be risks not yet identified or contemplated by Grasshopper Bank. Your participation in this Beta Program is an acceptance of these inherent uncertainties and risks.

3. Your Responsibilities

3.1 Authentication Security

  • You are solely responsible for the selection, configuration, and use of Your AI Agent.
  • You must keep your Authentication Credentials confidential and secure. Do not share them with unauthorized parties.
  • You must immediately revoke AI Connector access if your Authentication Credentials are compromised or if you suspect unauthorized access to Your AI Agent.
  • Do not share your AI conversation transcripts containing financial data in public forums, social media, or with untrusted parties.

3.2 Monitoring and Verification

  • You must monitor your account activity regularly through standard Grasshopper Bank digital banking channels, independent of Your AI Agent, to detect any discrepancies or unauthorized access.
  • You should periodically verify that AI-generated financial summaries or analyses match your actual account data by cross-referencing with Grasshopper Bank’s official digital banking platform.
  • You agree to immediately notify Grasshopper Bank if you suspect any unauthorized access to your account via Your AI Agent or compromise of your Authentication Credentials or bank data.
  • You agree to immediately notify Grasshopper Bank if Your AI Agent produces unexpected outputs that appear to expose more information than intended or bypass security measures.

Given the experimental nature of this Beta Program and the limitations of AI instruction-following for security controls, we strongly recommend:

  • Using “Incognito Mode” or equivalent privacy features in Your AI Agent when available to prevent retention of financial data across sessions
  • Limiting sharing of AI conversation transcripts containing your financial data
  • Being skeptical of unusual or unexpected AI responses about your financial data, especially those that reveal information in unexpected formats or detail levels
  • Treating AI conversations as potentially less secure than direct access to your Grasshopper Bank online banking portal

3.4 Compliance

You are responsible for ensuring your use of Your AI Agent complies with all applicable laws and regulations, including but not limited to data privacy laws, financial regulations, and export control laws.

4. Data Access and Scope

4.1 Full Data Exposure – Authorization and Data Types

You explicitly authorize Grasshopper Bank to provide your specified read-only business account data to the AI Connector for access by Your AI Agent.

The following types of data are available to Your AI Agent via the AI Connector:

Account Information:

  • Account identifiers (UUIDs) – permanent unique identifiers for your accounts
  • Account balances – exact dollar amounts
  • Account types (checking, savings, loan) and purpose (personal/business)
  • Account status (active, inactive, pending, verified, removed)
  • Loan details (when applicable):
    • Interest rates
    • Minimum payment amounts
    • Next payment due dates
  • Account creation and update timestamps

Transaction Information:

  • Full transaction amounts – exact dollar amounts for all transactions
  • Complete transaction descriptions – including full merchant names, memo fields, and any text entered
  • Transaction dates and times (creation timestamps and settlement timestamps)
  • Transaction types (credit/debit)
  • Transaction states (pending, settled, hidden)
  • Transaction-level geographic location data where available
  • Check numbers for check-based transactions
  • Transaction categories and internal identifiers
  • Scheduled transfers (state, schedule, frequency, amount, description, next transfer date & time, etc)

Data Not Accessible to the AI Connector:

  • Account Holder Personal Information – first name, last name, date of birth, address, and social security numbers are NOT available, unless you or a counterparty include personally identifiable information in another available field, such as a transaction description or memo.
  • Other Grasshopper client account data (the AI Connector can only access accounts associated with your Account Credentials)
  • Your Authentication Credentials (username/password)
  • Cardholder security data (CVV codes, PINs)
  • Internal bank system data

4.2 Data Transmission and Control Boundaries

You understand that data is transmitted from the MCP Server to Your AI Agent via secure encrypted connection (TLS 1.2 or higher). Grasshopper Bank’s direct control over your data ceases once it is securely transmitted from the MCP Server to Your AI Agent’s platform.

4.3 Data Retention by AI Providers

Your AI Agent’s platform may retain conversation history containing your financial data according to its own retention policies. This data persists even after you disconnect the MCP Server. You are responsible for:

  • Understanding your AI provider’s data retention and deletion policies
  • Using available privacy controls (such as conversation deletion or incognito modes)
  • Manually deleting conversations containing sensitive financial data if desired
  • Recognizing that deleted conversations may still exist in the AI provider’s backups for some period

5. Program Termination and Changes

Grasshopper Bank reserves the right to modify, suspend, or terminate this Beta Program, or your access to it, at any time, with or without notice, and for any reason, including but not limited to security concerns, regulatory changes, or technical issues. Grasshopper Bank may update these terms and conditions at any time.

6. Limitation of Liability

To the fullest extent permitted by law, Grasshopper Bank and its affiliates, directors, officers, employees, and agents shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, use, goodwill, or other intangible losses, resulting from:

  • (i) your access to or use of, or inability to access or use, the Beta Program;
  • (ii) any conduct or content of any third party, including LLM providers;
  • (iii) any content, analysis, or advice obtained from the Beta Program or Your AI Agent;
  • (iv) unauthorized access, use, or alteration of your transmissions or content;
  • (v) prompt injection attacks or adversarial manipulation of Your AI Agent that results in unintended disclosure of your financial data;
  • (vi) AI hallucinations, errors, or inaccuracies in financial analysis or advice;
  • (vii) failure of AI security instructions or behavioral controls to prevent data exposure;
  • (viii) exposure of your financial data due to limitations in the LLM to detect a prompt injection attack or other AI security vulnerability;

whether based on warranty, contract, tort (including negligence), or any other legal theory, whether or not we have been informed of the possibility of such damage.

7. Indemnification

You agree to defend, indemnify, and hold harmless Grasshopper Bank and its affiliates, directors, officers, employees, and agents from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney’s fees) arising from or in connection with:

  • (i) your use of and access to the Beta Program, including any data accessed or decisions made based on information from Your AI Agent;
  • (ii) your breach of these Terms;
  • (iii) your violation of any third-party right, including without limitation any intellectual property, property, or privacy right;
  • (iv) any claim that Your AI Agent caused damage to a third party;
  • (v) your failure to maintain the security of your Authentication Credentials or Your AI Agent platform;
  • (vi) your sharing of financial data or AI conversation transcripts obtained through the Beta Program with unauthorized third parties or in public forums;
  • (vii) any exposure of your financial data resulting from prompt injection attacks or AI security instruction failures that occur due to your usage patterns or queries.

8. Incident Reporting

If you become aware of any of the following, you must immediately notify Grasshopper Bank:

  • Suspected unauthorized access to your account via the AI Connector
  • Evidence of prompt injection or adversarial attacks
  • AI-generated outputs that expose more financial information than expected or bypass apparent security measures
  • AI behavior that appears to contradict its stated security instructions (e.g., displaying full account numbers when instructed not to)
  • AI responses that include your financial data in unexpected formats (CSV, JSON, structured tables) without your explicit request
  • Compromise of your Authentication Credentials
  • Security vulnerabilities in the Beta Program
  • Unexpected behavior by Your AI Agent regarding your financial data

Contact for security incidents: [email protected] or 888.895.9685.

9. Your Right to Revoke Access

You may revoke Your AI Agent’s access to your financial data at any time by:

  1. Disconnect the AI Connector in the Your AI Agent’s connector settings
  2. Toggling the Grasshopper AI Connector tool off

Access tokens only last for 7 days.

IMPORTANT: Revoking access prevents future data transmission but does not:

  • Delete data already obtained by Your AI Agent
  • Remove conversation history from your AI provider’s systems
  • Delete any copies of your financial data that may have been made

You must separately manage data deletion according to your AI provider’s policies, which may include:

  • Manually deleting individual conversations
  • Using bulk conversation deletion features
  • Contacting the AI provider to request data deletion
  • Understanding that backups may persist beyond your deletion requests

Client Acknowledgment and Agreement

I have read and understand the Grasshopper Bank AI Connector Beta Program Agreement, including the critical data exposure information in Section 4.1.

I understand the experimental nature of this Beta Program and the risks involved, including those related to:

  • AI hallucinations and incorrect information
  • Inappropriate or flawed financial advice
  • Data security vulnerabilities outside the Bank’s control
  • Prompt injection and adversarial attacks on AI systems that could expose my complete financial data
  • Access by the AI to all my account balances, transaction details, and financial information
  • Limitations of AI instruction-following as a security mechanism
  • Data retention by third-party AI providers
  • Unforeseen risks in emerging technology

I agree to:

  • Use this feature at my own risk
  • Accept all responsibilities outlined above, including monitoring my accounts and protecting my conversation data
  • Monitor my accounts independently through official Grasshopper Bank channels
  • Immediately report security concerns, unexpected AI behavior, or apparent security instruction failures
  • Exercise caution in how I leverage other third-party connectors that could expose me to prompt injection attacks

Change Log

February 13, 2026

The updated agreement formalizes the transition from API token-based authentication to a Single Sign-On (SSO) framework, while introducing a comprehensive section on adversarial AI risks such as prompt injection and social engineering. It further replaces general data descriptions with a granular, exhaustive list of accessible financial data fields, including account UUIDs, transaction metadata, and geographic identifiers, to ensure full transparency regarding the scope of information shared with third-party LLMs. Additionally, the revised terms establish stringent incident reporting protocols and explicit user responsibilities regarding the management of AI-generated conversation transcripts and data retention.

© 2026 Grasshopper Bank, N.A. | Member FDIC. Equal Housing Lender | All rights reserved

We don't support Internet Explorer

Please use Chrome, Safari, Firefox, or Edge to view this site.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.