This analysis describes what Plaid's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision clarifies the operational structure of data handling within Plaid's platform, establishing that Plaid processes data pursuant to instructions from client institutions rather than as an independent data controller. The designation affects the scope of Plaid's liability, data retention obligations, and the legal bases under which data processing occurs.
End consumers may see their financial data accessed by a broader range of people under developer accounts, but Plaid now requires developers to formally designate and manage these 'Authorized Users' and take responsibility for their conduct. The introduction of session replay and activity monitoring means developer interactions with your financial data may be recorded for audit or security purposes. The policy does not specify what data is covered by monitoring or how long recordings are retained, which creates operational uncertainty for developers handling sensitive consumer financial information.
View change record →Plaid's updated terms establish a new direct relationship with you through the Plaid Account and introduce a monitoring service that operates through a web app. The terms now authorize Plaid to share financial information needed for third-party apps to initiate payments to or from you, which is a broader statement of data-sharing scope than the previous language. This means Plaid's role shifts from primarily facilitating connections to third-party apps toward directly providing account services, including monitoring. The effective date is April 14, 2026, though the change was detected on April 19, 2026. Review your Plaid Account settings to understand what data Plaid holds and how the monitoring service works.
View change record →The updated terms clarify that Plaid may request and collect phone numbers, email addresses, and other contact information when you connect financial accounts or verify your identity through a Plaid-connected application. The terms no longer describe a separate Plaid Monitoring Service or Plaid Web-App. The Plaid Account is now framed primarily as a tool to accelerate onboarding and use of third-party applications rather than as a standalone service for monitoring and alerts. The updated language authorizes Plaid to store identity verification data within your Plaid Account if you choose to do so.
View change record →Under this provision, users' financial data flows through Plaid as a processor following the requirements and instructions of the financial institutions the user has authorized. This structure means data handling practices are governed both by Plaid's obligations as a processor and by the client institution's instructions, with potential implications for data retention periods and deletion procedures.
How other platforms handle this
When we provide the Service to our customers, we act as a data processor on behalf of those customers. Our customers are the data controllers, meaning that they determine the purposes and means of the processing of personal data that is submitted into the Service. If you are an end user of a custome...
When our business customers use certain Services, we generally process and store limited personal information on their behalf as a data processor. For certain products such as Docusign's Contract Lifecycle Management (CLM) and Identity products, we may act as a processor and as a controller in certa...
If you are in the 'Designated Countries', LinkedIn Ireland Unlimited Company ('LinkedIn Ireland') will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services. If you are outside of the Designated Countries, LinkedIn Corporation will ...
Monitoring
Plaid has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision clarifies the operational structure of data handling within Plaid's platform, establishing that Plaid processes data pursuant to instructions from client institutions rather than as an independent data controller. The designation affects the scope of Plaid's liability, data retention obligations, and the legal bases under which data processing occurs.
Under this provision, users' financial data flows through Plaid as a processor following the requirements and instructions of the financial institutions the user has authorized. This structure means data handling practices are governed both by Plaid's obligations as a processor and by the client institution's instructions, with potential implications for data retention periods and deletion procedures.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Plaid.