Is Plaid safe to use? Data collection, security measures, and more

Is Plaid safe to use? Mostly, yes. Plaid uses end-to-end encryption, tokenization, and regularly passes audits to keep your information protected. Still, its data practices and past lawsuits have made some users uneasy, especially those who didn’t realize how much info they were sharing.

Below, we cover what Plaid is, how it works, and how safe it really is in practice. We also review the type of data it collects and shares, address some user concerns gathered from TrustPilot, and explore whether there are more privacy-focused alternatives you can try.

What is Plaid and how does it work?

Plaid is a service that acts as a middleman between you and third-party apps that need your payment details, such as Venmo, Wise, and more. This allows you to make online payments and transfer money securely while minimizing the number of companies that have access to your banking information.

Not only does this protect your sensitive info in case any of these apps experience a data breach, but it also hides your spending habits from your bank. Essentially, the bank receives a request from Plaid, not the full details of how that information is used later.

Here’s how it works, step-by-step:

1. Open an app that supports Plaid, like MoneyLion or Venmo. The app will inform you that it uses Plaid to connect to your bank securely. You don’t need to download anything.
2. Select your bank and log in with your credentials.
3. In most cases, Plaid does not store your login data. Instead, it uses OAuth, which redirects you to your bank’s site to log in. The bank then sends Plaid a secure access token, so it can fetch updated data without needing your credentials again.
4. Some financial institutions don’t yet support OAuth. In such cases, Plaid may store your credentials in an encrypted form and utilize multi-factor authentication (MFA) to secure access.
5. Either way, Plaid never shares your login info with the apps you connect to your bank or other financial services.

Is there a list of banks supported by Plaid?

There is no publicly available list of banks supported by Plaid. Since Plaid works with over 12,000 financial institutions worldwide, including major banks, credit unions, and others, maintaining an up-to-date list would be nearly impossible.

Instead, the easiest way to check if your bank is supported is to start linking an account through an app that uses Plaid. During the process, you’ll see a searchable list of available banks. If your institution appears, it’s supported. If not, it may still be added later.

Is Plaid safe to use?

Yes, Plaid is considered safe to use, with internationally recognized ISO 27001 and ISO 27701 certifications, as well as annual SOC 2 Type II audits, to ensure that they handle sensitive information responsibly.

It also uses a multi-layered security system to ensure that neither hackers nor connected apps gain unauthorized access to your info.

Here’s how Plaid keeps your data safe:

• End-to-end encryption (E2EE): Plaid uses a combination of AES-256 and TLS E2EE to securely share strictly necessary data with financial apps.
• Token-based authentication: Plaid uses OAuth for authentication, keeping your credentials a secret from everyone (including Plaid). Some legacy systems still only use MFA, but Plaid requires OAuth for new integrations.
• Limited access to data: Third-party apps that use Plaid can only read the required data for the transaction (e.g., account balance, routing numbers). They cannot modify it or use it to transfer money without your consent.
• MFA: Plaid has its own MFA system if your financial account doesn’t have one. This prevents unauthorized access even if a hacker somehow steals your credentials.
• Round-the-clock security: The company watches for threats 24/7, includes automated alerts, and has an on-call team of experts ready to act if something goes wrong.
• Annual audits: As mentioned, Plaid maintains yearly SOC 2 Type II reports to confirm that its data handling and security practices meet industry standards.

How Plaid collects and shares your data

We’ve reviewed the Plaid privacy policy to determine what financial data the platform can access and share with its connected apps.

Like most services, Plaid also collects IP addresses, device identifiers, and other technical data for troubleshooting, fraud prevention, and other purposes. It also uses cookies or tracking pixels to save your settings, for analytics, and other purposes.

To keep things brief, we’ll focus on the financial aspects, although we recommend reviewing the full policy. Here’s what you need to know.

What financial data does Plaid collect?

Here’s a look at what financial data Plaid collects:

• Identifiers: Plaid may collect your name, email address, date of birth, phone number, and Social Security number if required by the connected app or financial institution.
• Login credentials: For non-OAuth connections, Plaid can collect usernames, passwords, routing/account numbers, and security tokens to help connect your accounts.
• Security verification info: You might also provide answers to security questions or one-time passwords (OTP) to verify access when linking your account.
• Bank documents: If you upload documents like pay stubs or bank statements, Plaid may collect and process data directly from those files.
• Account details: This includes your account name, type, financial institution, ownership info, routing/account numbers, IBANs, or sort codes.
• Balances and transactions: Plaid collects current and available balances, plus detailed transaction data like amounts, dates, descriptions, and payees.
• Credit and loan data: For connected credit or loan accounts, Plaid may collect repayment terms, payment history, balances, interest rates, and due dates.
• Investment information: If you link investment accounts, Plaid can access asset types, share quantities, prices, fees, cost basis, and recent trades.
• Payroll and tax info: When you connect a payroll provider or upload tax forms, Plaid may collect income details, employer data, and related identifiers.
• Third-party data: Plaid may receive extra data from wireless carriers or identity/fraud detection services to confirm who you are and reduce risk.
• Inferred data: Based on what you connect, Plaid may infer things like your income range, account types, or loan categories (e.g., student loan vs. credit card).

How does Plaid use your financial data?

Here’s how Plaid uses your financial data:

• Powering services: Plaid uses your data to connect your bank accounts, verify your identity, and keep the app you’re using running smoothly. This is the core reason it collects your info.
• Improving features: Your data helps Plaid fix bugs, enhance performance, and make its existing services more reliable over time.
• Preventing fraud: Plaid uses your information to spot suspicious activity, confirm your identity, and protect you from unauthorized access or fraud attempts.
• Building insights: Plaid looks at financial patterns, usage habits, and linked account types to streamline your experience and help connected apps deliver faster onboarding or more relevant features.
• Providing support: If you reach out for help, Plaid may look at your account data, linked apps, and recent activity to respond to your issue or troubleshoot problems.
• Sending alerts: Plaid uses your contact info to send technical notices, security updates, or other messages tied to your account and activity.
• Fulfilling legal obligations: Your data might be used or shared if required by law, like in response to court orders or to meet regulatory standards.

Does Plaid still screen scrape?

Plaid has mostly moved away from screen scraping (where it logs into your account to copy, or “scrape” transaction data) and now uses APIs for about 80% of its integrations. APIs are safer and provide banks with more control over the data they share.

The company has been working with big names like Citi, JPMorgan Chase, and Wells Fargo to support this change. While some screen scraping might still happen during the transition, Plaid aims to fully replace it soon to keep your financial data safer and under your control.

Has there ever been a Plaid security breach?

To our knowledge, there have been no direct Plaid security breaches. The company settled a class-action lawsuit over misleading login screens and its data collection practices—but that wasn’t related to any actual data leaks.

However, some users remain uneasy about the amount of data that Plaid-enabled apps can access. Even without a breach, the fact that Plaid can pull detailed financial info (and in some cases store login credentials) doesn’t sit well with everyone.

What are Plaid reviews saying about the service?

So, is Plaid safe to use? Well, the service is technically sound, using industry-standard encryption, MFA, and tokenization to secure your data. Additionally, it complies with international security standards and undergoes regular audits, in addition to having 24/7 security monitoring.

However, its Trustpilot reviews tell a different story, with a low score of 1.3 stars based on 131 reviews. Complaints about Plaid focus on its slow or failing connections, unhelpful AI support, and even poor design choices that can cause overdrafts.

Meanwhile, some reviewers claim that Plaid is a scam that sells your information, typically after experiencing unexpected app behavior, connection issues, or allegedly losing money. Of course, we’ve already seen that claim doesn’t hold up. Plaid doesn’t sell personal data, and only shares strictly needed info with apps you’ve chosen to connect.

Are there safer options than Plaid?

Plaid isn’t the only service apps use to connect to banks, but in most cases, you won’t get to choose which one they use. If you’re uncomfortable with Plaid, your only real option is to find an app that uses a different platform or allows you to skip these tools entirely.

Alternatively, some apps may allow you to enter your bank information manually or complete a micro-deposit process instead of using a third-party service. Just be aware that this can expose more of your data if the app stores it directly.

In any case, here are a few Plaid alternatives you can check out:

• TrueLayer: One of the more common options if you’re in the UK or EU. It was built with local banking laws in mind and is mostly found in Europe-based apps.
• Flinks: Focuses on Canadian banks, though it supports US ones too. It shows up in apps that need to handle both Canadian and American users.
• Finicity: Backed by Mastercard, and often used in loan-related apps, especially for mortgages or car financing.
• Teller: Used by developers who want more control over how bank data is pulled into their app. Offers a similar level of security to Plaid, but is less common in the US.
• GoCardless: Built with businesses in mind, and focuses on recurring payments pulled straight from customer bank accounts. It’s used for things like subscriptions and invoices, not everyday personal finance or budgeting.

Other examples include MX and Yodlee. However, the former faced a class-action in 2023 over accusations of screen scraping and selling user financial data. As for Yodlee, multiple US Senators have urged the FTC to investigate its parent company for selling Americans’ transaction data without proper consent.

Is Plaid safe to use? FAQs