Is Plaid Safe?

If you use or plan to use Plaid, you need to know: Is Plaid safe? 

Below, we explain whether Plaid is: 

• Safe to use. 
• Good for privacy. 

We also look at some steps you can take to improve both your safety and privacy when using this online service. 

What Is Plaid?

Plaid is a financial technology company that connects consumers’ financial accounts with various apps and services, including peer-to-peer payment apps like Venmo and automated investment apps like Betterment. 

Through Plaid integrations, consumers can connect their bank accounts, credit cards, and other financial accounts to applications without sharing sensitive login information directly with the apps. 

Plaid encrypts the provided account logins, retrieves requested financial data (like account balances), and securely transmits it to the app, safeguarding consumer login information while sharing only the data they authorize.

Is Plaid Safe?

Yes, Plaid is generally considered safe to use. 

According to Plaid’s site, it uses encryption protocols like Advanced Encryption Standard (AES 256) and Transport Layer Security (TLS) to keep consumers’ data safe when they use Plaid to connect their financial accounts to apps. 

Plaid adheres to strict regulatory standards and guidelines, including ISO 27001 and ISO 27701. It is also SSAE18 SOC 2 compliant. 

Plaid’s API and security controls are regularly audited by security researchers, app developers, and financial institutions, and they have a bug bounty program.

They also provide multi-factor authentication (MFA) to consumers whose banks might not have this safety feature, and they have 24/7 monitoring to protect consumers’ data. 

The security company UpGuard gives Plaid a security rating of 856/950 based on the company’s external attack surface. 

More than 12,000 US financial institutions and 8,000 apps and services use Plaid, and about 1 in 3 Americans use Plaid to connect their financial account to an app they use. You can see the list of institutions Plaid partners with on Plaid’s site. 

Is Plaid Private?

Everybody has a different definition of privacy when it comes to companies like Plaid. 

According to Plaid themselves, the company is committed to consumer privacy. 

But, according to a class action lawsuit against Plaid, that is not the case. The lawsuit claims that Plaid collected more data than it needed about users and used login pages that looked like they belonged to users’ bank accounts, meaning users had no idea they were giving login details to Plaid. 

Plaid settled for $58 million but denied ever selling user data. You can read Plaid’s response to the lawsuit on their blog.

Over the years, Plaid has introduced several privacy features, including a privacy portal where users can:

• See which apps they’re connected to through Plaid.
• View types of data shared with these apps. 
• Disconnect apps from financial accounts.
• Delete financial data from Plaid. 

What about Plaid’s privacy policy? It’s pretty comprehensive. 

Plaid collects a lot of information about its users. 

This can include your name and address, current balance, account transaction information, and data about credit and loan accounts (including due dates, balances, payment amounts and dates, and more). 

According to the policy, they also derive additional data about you from the information they collect. 

However, Plaid insists it doesn’t sell users’ financial data to third parties for marketing or advertising purposes. 

In its privacy policy, Plaid is clear about whom it shares your data with and for what purposes. 

It also explains its data retention and deletion practices, including that it periodically reviews user data to ensure it’s still needed. 

When a developer removes a user’s connection from their app to your information, this information is automatically deleted from Plaid’s systems (with certain exceptions outlined in the policy). 

Plaid says that “regardless of where you live,” it will honor users’ personal data rights, such as accessing personal information collected about them and, under certain circumstances, requesting to rectify inaccurate or incomplete information or delete it. You can request to delete your data from Plaid through its Privacy Request Form.  

How to Improve Your Safety and Privacy When Using Plaid 

Take the below steps to improve your safety and privacy when using Plaid to connect your financial account to other apps: 

• Use strong, unique passwords. Use strong and unique passwords for your bank accounts and other financial accounts linked to Plaid. Avoid using easily guessable passwords or reusing passwords across multiple accounts.
• Enable multi-factor authentication (MFA). If your financial institution doesn’t offer MFA, consider using Plaid’s MFA.
• Regularly review connected apps. Periodically review the list of applications connected to your bank accounts through Plaid’s privacy portal. Remove any apps you no longer use or trust to minimize the exposure of your financial data.
• Monitor account activity. Regularly monitor your bank and credit card statements for unauthorized transactions. If you notice any discrepancies, let your financial institution know immediately.
• Keep software up to date. Ensure the apps and devices you use to access Plaid-integrated services run the latest software versions. This helps to patch any security vulnerabilities and reduce the risk of exploitation by attackers.
• Be cautious with permissions. When linking your bank accounts to third-party apps via Plaid, carefully review the permissions requested by the app. Only grant access to the specific data and features necessary for the app to function effectively.