Track 3 platforms and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
Plaid's legal page governs how Plaid collects and uses financial account data, including transaction history, account balances, and identity information, when consumers connect their bank accounts to third-party apps using Plaid's technology. The terms authorize Plaid to retain financial data for its own purposes, including product improvement and fraud prevention, even after a consumer disconnects an app, subject to described retention limits accessible through the Plaid consumer portal. Consumers can visit the Plaid consumer portal at my.plaid.com to view connected applications, revoke access to their financial data, and request deletion of their stored information.
This document is Plaid's legal and privacy policy hub, governing consumer and developer use of Plaid's financial data connectivity infrastructure, with stated legal basis rooted in user consent obtained through the Plaid Link interface and contractual agreements with app developers (referred to as 'partners'). The terms authorize Plaid to collect financial account credentials, transaction history, account balances, identity information, and device data from end users on behalf of partner applications, and establish that Plaid acts as a data processor/service provider on behalf of partners as well as independently in certain contexts. Notable provisions include Plaid's dual-role data handling structure, where the company asserts rights to retain and use financial data both as a service provider to developers and for its own product improvement and fraud prevention purposes, which may create compliance complexity under financial privacy frameworks; the document also references a consumer portal allowing users to manage or revoke data connections. The document engages CCPA/CPRA for California residents, GLBA for financial data handling, GDPR and UK GDPR for EU and UK users respectively, and relevant FTC Act consumer protection standards; applicability of specific provisions to individual users depends substantially on jurisdiction and the specific partner application through which Plaid is accessed. Material compliance considerations include the adequacy of consent mechanisms under GLBA's privacy notice requirements, the scope of data retention following revocation of access, and the sufficiency of the Plaid portal as a consumer rights mechanism under applicable state privacy laws.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Get Compliance5 important changes detected
5 versions captured · Last updated: May 2026
Plaid updated its terms on April 19, 2026 to clarify that it now offers a direct consumer account and monitoring service, not just connection services for third-party apps. The updated …
View change record →Plaid restructured how it describes its core service and introduced a new direct-to-consumer monitoring feature. The updated terms now emphasize that Plaid connects your financial accounts to Plaid itself (rather …
View change record →Plaid's terms were substantially reorganized on March 19, 2026. The updated language reframes the Plaid Account as enabling faster onboarding and use of third-party apps, rather than as a standalone …
View change record →Every distinct legal provision identified in this document. Featured provisions appear above with analysis.
Monitoring
Plaid has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Get ComplianceCross-platform context
See how other platforms handle All Audience Privacy Statement: biometric data stored maximum three years for Illinois and Texas and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.