142 Total
48 High severity
84 Medium severity
10 Low severity
Summary

Plaid's legal page governs how Plaid collects and uses financial account data, including transaction history, account balances, and identity information, when consumers connect their bank accounts to third-party apps using Plaid's technology. The terms authorize Plaid to retain financial data for its own purposes, including product improvement and fraud prevention, even after a consumer disconnects an app, subject to described retention limits accessible through the Plaid consumer portal. Consumers can visit the Plaid consumer portal at my.plaid.com to view connected applications, revoke access to their financial data, and request deletion of their stored information.

Technical / Legal Breakdown

This document is Plaid's legal and privacy policy hub, governing consumer and developer use of Plaid's financial data connectivity infrastructure, with stated legal basis rooted in user consent obtained through the Plaid Link interface and contractual agreements with app developers (referred to as 'partners'). The terms authorize Plaid to collect financial account credentials, transaction history, account balances, identity information, and device data from end users on behalf of partner applications, and establish that Plaid acts as a data processor/service provider on behalf of partners as well as independently in certain contexts. Notable provisions include Plaid's dual-role data handling structure, where the company asserts rights to retain and use financial data both as a service provider to developers and for its own product improvement and fraud prevention purposes, which may create compliance complexity under financial privacy frameworks; the document also references a consumer portal allowing users to manage or revoke data connections. The document engages CCPA/CPRA for California residents, GLBA for financial data handling, GDPR and UK GDPR for EU and UK users respectively, and relevant FTC Act consumer protection standards; applicability of specific provisions to individual users depends substantially on jurisdiction and the specific partner application through which Plaid is accessed. Material compliance considerations include the adequacy of consent mechanisms under GLBA's privacy notice requirements, the scope of data retention following revocation of access, and the sufficiency of the Plaid portal as a consumer rights mechanism under applicable state privacy laws.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Get Compliance

5 important changes detected

5 versions captured · Last updated: May 2026

What changed Plaid added a language selector to the beginning of their Terms of Use on May 5, 2026. The document now displays a notice that users are viewing English-European Union content, with an option to switch to English-US content. This is a navigational and regional localization update with no changes to the actual terms or user obligations.
Why this matters This change is a technical and navigational update with no material impact on consumer rights, data handling, or obligations. Plaid has added a language selector allowing users to view either the EU or US version of its Terms of Use. The underlying terms themselves remain unchanged.
View full change record →
What changed Plaid updated its Developer Policy on April 21, 2026, making substantial changes to how developers must manage accounts and user data access. The policy now explicitly requires developers to be responsible for all activities on their accounts, and if they allow employees or contractors to access accounts, they must ensure those users only access data for approved purposes. The policy also added a new section on session replay and activity monitoring, and clarified that violations can result in suspension of access to both the platform and end-user financial data.
Why this matters Developers who use Plaid's services now face expanded accountability for all activities on their accounts and stricter rules around who can access end-user financial data. If developers allow employees, contractors, or other agents to access their accounts, they must ensure those users only access data for approved business purposes and in compliance with Plaid's terms; Plaid reserves the right to monitor this activity through session replay and activity monitoring. Developers should audit which team members have account access, document the business need and approved use case for each, and ensure all authorized users understand their obligations under Plaid's terms.
View full change record →

April 19, 2026 medium

Plaid updated its terms on April 19, 2026 to clarify that it now offers a direct consumer account and monitoring service, not just connection services for third-party apps. The updated …

View change record →
April 16, 2026 medium

Plaid restructured how it describes its core service and introduced a new direct-to-consumer monitoring feature. The updated terms now emphasize that Plaid connects your financial accounts to Plaid itself (rather …

View change record →
March 19, 2026 low

Plaid's terms were substantially reorganized on March 19, 2026. The updated language reframes the Plaid Account as enabling faster onboarding and use of third-party apps, rather than as a standalone …

View change record →
Featured — High severity

Complete Provision Index

Every distinct legal provision identified in this document. Featured provisions appear above with analysis.

142 provisions
12 featured
24 clause types
48 high severity
liability_limitation 19
data_sharing 16
privacy_rights 15
acceptable_use 12
contract_terms 9
data_collection 8
data_retention 6
legal_jurisdiction 6
policy_changes 6
account_control 5
data_usage 5
enforcement_actions 5
payment_fees 5
other 4
indemnification 3
intellectual_property 3
platform_discretion 3
refunds 3
ai_automated 2
export_sanctions 2
restricted_content 2
arbitration 1
developer_api 1
disclosure_requirements 1

Monitoring

Plaid has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Get Compliance

Cross-platform context

See how other platforms handle All Audience Privacy Statement: biometric data stored maximum three years for Illinois and Texas and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CFAA
United States Federal
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured May 5, 2026 08:20 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000170
Version ID CA-V-002163
SHA-256 80aca1f109f1d1080f2ccc878a968987c248e11f14b345297cdc77b24b841e49
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans