Your consent to Plaid's data collection is obtained through the Plaid Link screen that appears inside third-party apps, even though you may not have been specifically looking for Plaid's privacy policy when you agreed.
This analysis describes what Plaid's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Because consent to Plaid's data collection is embedded in a third-party app experience, many users may not realize they are entering into a direct data relationship with Plaid as well as with the app they intentionally signed up for.
Interpretive note: Verbatim consent provision language was not available in the truncated document; this characterization reflects Plaid's publicly documented Link consent architecture and associated regulatory history.
End consumers may see their financial data accessed by a broader range of people under developer accounts, but Plaid now requires developers to formally designate and manage these 'Authorized Users' …
Plaid's updated terms establish a new direct relationship with you through the Plaid Account and introduce a monitoring service that operates through a web app. The terms now authorize Plaid to share…
When you click through Plaid Link inside a fintech app, you are consenting to Plaid's own data collection and use practices, not just authorizing data access for the app you are using. This creates a direct and independent data relationship with Plaid that persists after you stop using the originating app.
How other platforms handle this
We rely upon you to obtain any consents from your friends and contacts that may be required by law to allow us to access, upload, and use their personal information for this purpose. You or your friends or contacts may reach us at privacy@draftkings.com to request the removal of this information fro...
YOU MUST BE AND HEREBY AFFIRM THAT YOU ARE AN ADULT OF THE LEGAL AGE OF MAJORITY IN YOUR COUNTRY OR STATE OF RESIDENCE. If you are under the legal age of majority, your parent or legal guardian must consent to this agreement.
The Service is not directed to children under the age of 16. If you are under the age of 16, you may only use the Service with the involvement and consent of a parent or guardian. If you are a parent or guardian and you are aware that your child has provided us with personal information without your...
Monitoring
Plaid has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"When you use a third-party application that has integrated Plaid's services, you will be presented with Plaid's Link interface, which will describe the data that will be collected and shared. By continuing through that interface, you consent to Plaid's collection and use of your information as described in this Privacy Policy.— Excerpt from Plaid's Plaid End User Privacy Policy
REGULATORY LANDSCAPE: The layered consent model implicates GDPR Article 7's requirement that consent be freely given, specific, informed, and unambiguous. Where consent is embedded in a third-party app flow and covers both the developer's and Plaid's independent data processing purposes, regulators may scrutinize whether the consent is sufficiently specific to each purpose and controller. The FTC Act's prohibition on deceptive practices applies to consent flows that may obscure the identity of the data collector or the scope of collection. The 2022 FTC consent order addressed Plaid's practices in this area. GOVERNANCE EXPOSURE: High. The structural separation between the application the user intends to engage with and Plaid as an independent data controller creates a consent adequacy risk that is specific to embedded infrastructure companies. The adequacy of consent captured in this model for secondary use purposes (analytics, model training) beyond the immediate transaction is a recurring regulatory concern in the embedded finance space. JURISDICTION FLAGS: EU and UK GDPR create the highest consent specificity requirements, including the requirement that consent for each purpose be separately obtained and that bundled consent not be the only basis for processing sensitive data. California CPRA requires that consent to collection and use of sensitive personal information be presented prominently. In both contexts, the Link consent screen design is directly material to compliance. CONTRACT AND VENDOR IMPLICATIONS: Developer partners are co-responsible for the adequacy of the consent experience presented to users through Plaid Link. Developers should review their user agreements and privacy policies to ensure they accurately describe Plaid's role and the scope of Plaid's independent data collection. Failure to do so may expose the developer to regulatory action as the entity with the direct user relationship. COMPLIANCE CONSIDERATIONS: Legal teams should conduct periodic reviews of the Plaid Link consent interface to verify that disclosures are consistent with current policy language and applicable legal requirements. Any changes to Plaid's data use practices should be reflected promptly in Link disclosures. For GDPR-covered deployments, a review of whether the consent mechanism satisfies the requirements for specific and informed consent to each of Plaid's processing purposes is recommended.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Because consent to Plaid's data collection is embedded in a third-party app experience, many users may not realize they are entering into a direct data relationship with Plaid as well as with the app they intentionally signed up for.
When you click through Plaid Link inside a fintech app, you are consenting to Plaid's own data collection and use practices, not just authorizing data access for the app you are using. This creates a direct and independent data relationship with Plaid that persists after you stop using the originating app.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Plaid.