Plaid shares your financial account data with the app you used to initiate the connection, and that app's own privacy policy then governs what happens to your data on the app's side.
This analysis describes what Plaid's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Once your financial data is shared with a developer application, Plaid's privacy policy no longer governs it, meaning the protections you receive depend on the privacy practices of each individual app you connect to.
Interpretive note: The verbatim policy text was not available due to document truncation; this provision reflects Plaid's publicly documented third-party sharing framework.
End consumers may see their financial data accessed by a broader range of people under developer accounts, but Plaid now requires developers to formally designate and manage these 'Authorized Users' …
Plaid's updated terms establish a new direct relationship with you through the Plaid Account and introduce a monitoring service that operates through a web app. The terms now authorize Plaid to share…
Your bank transaction data and account information is passed to each third-party app you connect through Plaid, and Plaid's privacy protections do not follow your data into those apps, each of which has its own data practices.
How other platforms handle this
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
We process personal data you provide to Oura to enable third party integrations, services, features, and offerings. For example, with your permission, our Services may integrate with third-party services like Google Health Connect and Apple HealthKit, or those of our partners. Oura takes measures to...
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
Monitoring
Plaid has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We share your information with the developer applications and services that you connect to through Plaid. When you use a developer application that uses Plaid, that application receives the financial data you authorize Plaid to share, subject to the developer's own privacy policy and terms of service.— Excerpt from Plaid's Plaid End User Privacy Policy
REGULATORY LANDSCAPE: Data sharing with third-party developers implicates GLBA's affiliate and non-affiliate sharing provisions, CCPA/CPRA's disclosure requirements for sharing personal information, and GDPR Article 28 requirements for data processing agreements where the developer may act as a separate controller. The FTC Act's standards for adequate disclosure apply to the chain of data sharing that users may not be aware of at the point of consent. GOVERNANCE EXPOSURE: Medium. The downstream privacy risk from developer data sharing is structurally significant but is partially mitigated by the consent architecture in Plaid Link, where users explicitly select which accounts to connect and authorize the transfer. However, the adequacy of that consent for each downstream developer's data practices is not guaranteed, and regulators have examined whether bundled consent flows satisfy granularity requirements. JURISDICTION FLAGS: GDPR requires that users be informed of each data controller's identity and purposes at the point of consent. Where Plaid Link consent flows do not name each developer's data practices, this may create GDPR compliance gaps in EU and UK deployments. California users have a right to know the categories of third parties with whom their personal information is shared under CPRA. CONTRACT AND VENDOR IMPLICATIONS: Developer partners receive personal financial data as data controllers in their own right and should maintain their own privacy programs adequate to the sensitivity of the data received. B2B contracts between Plaid and developers should address data use limitations, deletion obligations, and breach notification requirements. Procurement teams at enterprises using Plaid-enabled apps should conduct due diligence on both Plaid's and the developer's privacy programs. COMPLIANCE CONSIDERATIONS: Legal teams should map the full data sharing chain for any application using Plaid, identify each downstream recipient's privacy policy and data retention practices, and ensure end-user disclosures accurately describe the multi-party data sharing structure. For GDPR-covered deployments, a Data Protection Impact Assessment may be warranted given the sensitivity of financial data being shared with multiple controllers.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Once your financial data is shared with a developer application, Plaid's privacy policy no longer governs it, meaning the protections you receive depend on the privacy practices of each individual app you connect to.
Your bank transaction data and account information is passed to each third-party app you connect through Plaid, and Plaid's privacy protections do not follow your data into those apps, each of which has its own data practices.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Plaid.