This analysis describes what Plaid's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision defines the scope of Plaid's security responsibilities and establishes baseline protections for financial data processed through the platform. This framing clarifies what security practices users can expect and sets operational expectations for how Plaid handles sensitive information during data aggregation and transmission.
End consumers may see their financial data accessed by a broader range of people under developer accounts, but Plaid now requires developers to formally designate and manage these 'Authorized Users' and take responsibility for their conduct. The introduction of session replay and activity monitoring means developer interactions with your financial data may be recorded for audit or security purposes. The policy does not specify what data is covered by monitoring or how long recordings are retained, which creates operational uncertainty for developers handling sensitive consumer financial information.
View change record →Plaid's updated terms establish a new direct relationship with you through the Plaid Account and introduce a monitoring service that operates through a web app. The terms now authorize Plaid to share financial information needed for third-party apps to initiate payments to or from you, which is a broader statement of data-sharing scope than the previous language. This means Plaid's role shifts from primarily facilitating connections to third-party apps toward directly providing account services, including monitoring. The effective date is April 14, 2026, though the change was detected on April 19, 2026. Review your Plaid Account settings to understand what data Plaid holds and how the monitoring service works.
View change record →The updated terms clarify that Plaid may request and collect phone numbers, email addresses, and other contact information when you connect financial accounts or verify your identity through a Plaid-connected application. The terms no longer describe a separate Plaid Monitoring Service or Plaid Web-App. The Plaid Account is now framed primarily as a tool to accelerate onboarding and use of third-party applications rather than as a standalone service for monitoring and alerts. The updated language authorizes Plaid to store identity verification data within your Plaid Account if you choose to do so.
View change record →This provision authorizes Plaid to implement specified security measures and establishes the technical safeguards applicable to user financial data. Users operate under terms that incorporate Plaid's defined security protocols, which govern how the company collects, stores, and protects account information.
How other platforms handle this
We implement appropriate technical and organisational measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information transmitted, stored or otherwise processed. These measures take into account the ...
We use reasonable physical, technical, and administrative measures to protect information about you from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. While we take steps to protect your information, no system is completely secure. We cannot guarantee the securit...
We implement technical, administrative, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. However, no security measures are perfect or impenetrable, and we cannot guarantee that personal information will not be accesse...
Monitoring
Plaid has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision defines the scope of Plaid's security responsibilities and establishes baseline protections for financial data processed through the platform. This framing clarifies what security practices users can expect and sets operational expectations for how Plaid handles sensitive information during data aggregation and transmission.
This provision authorizes Plaid to implement specified security measures and establishes the technical safeguards applicable to user financial data. Users operate under terms that incorporate Plaid's defined security protocols, which govern how the company collects, stores, and protects account information.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Plaid.