What are the institutional and regulatory implications of this document?

REGULATORY EXPOSURE: Plaid's data practices engage GLBA (15 U.S.C. §6801 et seq.) governing nonpublic personal financial information; CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.) for California residents' rights to know, delete, and opt out of sale/sharing; FCRA (15 U.S.C. §1681 et seq.) to the extent financial data is used for credit, employment, or eligibility determinations; FTC Act Section 5 (15 U.S.C. §45) prohibiting unfair or deceptive practices; and GDPR (Regulation 2016/679) for EU-res…

How does Plaid's Plaid Terms of Use affect users?

Plaid's policies govern the collection and transmission of highly sensitive financial data — including bank account credentials, transaction history, balances, and identity information — to third-party developers whenever consumers use Plaid-powered apps. Consumers may not realize that the data they share through a single app authorization can be accessed, stored, and used by Plaid and multiple downstream developer partners. You can visit my.plaid.com to review which applications have access to…

How often is Plaid's Plaid Terms of Use updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Plaid updates this document?

Yes. Watcher subscribers ($9.99/month) can add Plaid to their watchlist and receive same-day email alerts whenever this document or any other Plaid document changes.

Plaid Terms of Use — Plaid

8 Total

5 High severity

3 Medium severity

0 Low severity

Summary

Plaid is the behind-the-scenes technology that connects your bank account to apps like Venmo, Robinhood, and Coinbase — this legal page governs how Plaid collects and uses your banking credentials, transaction history, and account data. The most important thing to know is that Plaid shares your financial data with third-party app developers, and that data may be retained and used beyond the specific purpose you originally consented to. You can visit Plaid's data portal at my.plaid.com to see which apps have access to your financial data and revoke permissions.

Technical Summary

This document is Plaid's legal and privacy policy hub, governing the collection, use, and sharing of consumer financial data through Plaid's API infrastructure, which connects user bank accounts to third-party fintech applications. The most significant obligations include Plaid's right to collect financial account credentials, transaction history, account balances, and identity data on behalf of developer clients, with consumers consenting through Plaid Link. Notable provisions include Plaid's role as a data intermediary that transmits sensitive financial data to third-party developers, creating downstream data exposure risks that consumers may not fully anticipate when granting access. The document engages frameworks including the CCPA/CPRA (California Consumer Privacy Act), GLBA (Gramm-Leach-Bliley Act), and FCRA (Fair Credit Reporting Act), as Plaid handles nonpublic personal financial information at scale. Material compliance considerations include Plaid's 2022 $58 million FTC settlement over unauthorized data collection practices, its status as a data broker under certain state laws, and the layered consent architecture that may not meet heightened GDPR or state privacy law standards for granular, purpose-specific consent.

Evidence Provenance

Captured April 21, 2026 06:13 UTC

Document ID CA-D-000170

Version ID CA-V-000865

Source URL https://plaid.com/legal/

Wayback Machine View archived versions →

SHA-256 0a8d827572962cc5012319c796e08d8fb49190be40484061ff10c08cf6718f4b

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 21, 2026 — Document updated medium

Plaid updated its Developer Policy on April 21, 2026, adding clearer rules about who is responsible for account access, including employees and contractors using a developer's account. The policy now specifies that developers must manage their authorized users' access and are solely responsible for everything done through their account. These changes clarify accountability for how Plaid's services and consumer financial data are accessed and used.

69 added · 46 removed · 130 modified
View diff → View full record →
0a8d8275…
April 16, 2026 — Document updated medium

Plaid updated its Terms of Use on April 16, 2026, changing how it describes the role of your Plaid Account and how it connects to third-party apps. Previously, Plaid described itself as a service that helps you connect accounts and share data with apps; now it emphasizes that you connect your accounts directly to Plaid, which then provides services to you or to third-party apps. Plaid also introduced a new account monitoring and alerts service via a Plaid Web-App, expanding what the Plaid Account does beyond simply accelerating onboarding.

7 added · 20 modified
View diff → View full record →
e57c198b…
March 19, 2026 — Initial capture

Initial snapshot — monitoring begins

9e11a2ac…

View full version history (0 captures) →

Analyzed Changes

2 changes analyzed since monitoring began.

Updated April 21, 2026

medium

What changed Plaid updated their Plaid Terms of Use on April 21, 2026. Change detected: 69 sentence(s) added, 46 sentence(s) removed, 130 sentence(s) modified. Document contained 4221 sentences after update.

Consumer impact Plaid has tightened accountability rules for the developers who build apps that connect to your bank account, requiring them to ensure all their employees and contractors handle your financial data responsibly. This means the companies building apps with Plaid's technology are now explicitly on the hook for how their entire team accesses and uses your personal and financial information. These changes do not require any action from end consumers directly, but reflect stronger developer oversight of the financial data consumers share through Plaid-powered apps.

Why it matters Developers building apps with Plaid are now explicitly and solely responsible for managing every employee and contractor who touches their Plaid account and the consumer financial data it contains. Failure to implement proper internal access controls could expose developers to suspension, termination, and regulatory liability.

Updated April 16, 2026

medium

What changed Plaid updated their Plaid Terms of Use on April 16, 2026. Change detected: 7 sentence(s) added, 20 sentence(s) modified. Document contained 4198 sentences after update.

Consumer impact Plaid has shifted its role from a connector between you and third-party apps to a direct holder of your financial account connections and personal information, giving Plaid broader first-party access to your data. The updated terms also introduce a new Plaid Web-App monitoring and alerts service, expanding what Plaid can do with your account data on its own platform. You can review your saved connections and personal information stored in your Plaid Account at any time to assess what data Plaid holds directly.

Why it matters Plaid has repositioned itself from a pass-through connector to a direct holder of your financial account connections and personal information, meaning your data now lives with Plaid itself — not just the apps you sign up for. This expansion of Plaid's first-party data role, combined with a new monitoring service, means more of your financial information is being collected and used by Plaid directly.

Recent Clause-Level Changes Apr 21, 2026

10 provisions unchanged.

View full change record →

High Severity — 5 provisions

Financial Data Collection via Plaid Link

When you connect your bank account to an app using Plaid, Plaid collects your account numbers, balances, and full transaction history, as well as personal identity information.

Added April 27, 2026
Third-Party Developer Data Sharing

Plaid sends your financial data — including your bank transactions and account details — to the app developer and to Plaid's own service providers whenever you authorize a connection.

Added April 27, 2026
Limitation of Liability

If Plaid causes you harm — including through a data breach or unauthorized sharing of your financial data — the most you can typically recover from Plaid is $100 or what you paid them in the past year, whichever is more.

Added April 27, 2026
Mandatory Arbitration and Class Action Waiver

If you have a dispute with Plaid — including over how it handled your financial data — you cannot sue them in court or join a class action lawsuit; you must resolve it individually through private arbitration.

Added April 27, 2026
Data Retention Policy

Plaid keeps your financial data — including transaction history and account information — for as long as it judges necessary, including after you stop using connected apps or request disconnection.

Added April 27, 2026

Medium Severity — 3 provisions

Consumer Data Access and Deletion Rights

You can go to my.plaid.com to see which apps are connected to your bank through Plaid, disconnect them, and request that Plaid delete your personal information.

Added April 27, 2026
Use of Aggregated and De-identified Data

Plaid can take your financial transaction data, remove obvious identifying information, and use it or sell it to third parties for product development, research, or other commercial purposes without additional consent.

Added April 27, 2026
Governing Law and Jurisdiction

All legal disputes with Plaid that aren't sent to arbitration must be resolved in California courts, regardless of where you live — which can be a significant practical barrier to legal action for most consumers.

Added April 27, 2026