Overview
Overview
Overview for Consumers
Welcome! Familiarize yourself with our privacy practices by clicking on the following links.
Our End User Privacy Policy (also available in français and español ) explains how we collect, use, and share consumer information to operate, improve, develop, and protect our services.
Our Cookie Policy explains how we use cookies, which are small data files stored on your browser or device, as well as your choices related to those cookies.
Our Privacy Statement explains how we collect, use, and share information relating to the access to or use of Plaid’s websites, products, and services.
Please don’t hesitate to contact us if you have questions.
Overview for Developers
For Developers: the following links will take you directly to the policies and statement most relevant to you:
Our Developer Policy provides rules and guidelines that govern access to or use by developers of the Plaid API, websites, dashboards, related tools, products, and services provided by Plaid.
Our Cookie Policy explains how Plaid uses cookies and your choices related to those cookies.
Our Privacy Statement explains how we collect, use, and share information relating to the access to or use of Plaid’s websites, products, and services.
Please don’t hesitate to contact us if you have questions.
End User Privacy Policy
Effective Date: December 30, 2019
Privacy and security are very important to us at Plaid. This End User Privacy Policy (“Policy”) is meant to help you (the “end user”) understand how we at Plaid collect, use, and share end user information in our possession to operate, improve, develop, and protect our services, and as otherwise outlined in this Policy. Please take some time to read this Policy carefully.
Please note: this Policy applies to Plaid Inc. and its subsidiaries, including Plaid Financial Ltd. and Plaid, B.V. (collectively, “Plaid”, “we”, “our”, and “us”). To determine the relevant Plaid entity that is responsible for processing your information, please see the “Contacting Plaid” section below.
Jump to section:
First, Some Background
A quick note about Plaid
Our mission at Plaid is to empower innovators by delivering access to the financial system. Our technology provides an easy way for you to connect your bank account and other financial accounts to software applications that can help you do things like save for retirement, manage your spending, streamline credit applications, or transfer money. These software applications are built and provided by our business customers (we’ll call them “developers” here), and powered by Plaid. By delivering access to high-quality, usable financial account data that we’ve translated and standardized, we enable developers to focus on building experiences that benefit you.
About this Policy
Our goal with this Policy is to provide a simple and straightforward explanation of what information Plaid collects from and about end users (“End User Information”), and how we use and share that information. We value transparency and want to provide you with a clear and concise description of how we treat your End User Information.
Please note that this Policy only covers the information that Plaid collects, uses, and shares. It does not explain what developers do with any End User Information we provide to them (or any other information they may collect about you separately from Plaid). This Policy also does not cover any websites, products, or services provided by others. We encourage you to review the privacy policies or notices of developers or those third parties for information about their practices.
Our Data Practices
Information We Collect and Categories of Sources
As explained in greater detail below, Plaid has collected identifiers, commercial information, electronic network activity information, professional information, inferences, and other types of End User Information.
Information you provide. When you connect your financial accounts with a developer application or otherwise connect your financial accounts through Plaid, where applicable, we collect identifiers and login information required by the provider of your account, such as your username and password, or a security token. In some cases, we also collect your phone number, email address, security questions and answers, and one-time password (OTP) to help verify your identity before connecting your financial accounts. When providing this information, you give the developer and Plaid the authority to act on your behalf to access and transmit your End User Information from the relevant bank or other entity that provides your financial accounts (we’ll call them “financial product and service providers” in this Policy). You may also provide us with identifiers and other information, including your name, email address, and phone number, when you contact us or enter any such information on our websites.
Information we collect from your financial accounts. The information we receive from the financial product and service providers that maintain your financial accounts varies depending on the specific Plaid services developers use to power their applications, as well as the information made available by those providers. But, in general, we collect the following types of identifiers, commercial information, and other personal information from your financial product and service providers:
Account information, including financial institution name, account name, account type, account ownership, branch number, IBAN, BIC, and account and routing number;
Information about an account balance, including current and available balance;
Information about credit accounts, including due dates, balances owed, payment amounts and dates, transaction history, credit limit, repayment status, and interest rate;
Information about loan accounts, including due dates, repayment status, balances, payment amounts and dates, interest rate, guarantor, loan type, payment plan, and terms;
Information about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis;
Identifiers and information about the account owner(s), including name, email address, phone number, date of birth, and address information;
Information about account transactions, including amount, date, payee, type, quantity, price, location, involved securities, and a description of the transaction; and
Professional information, including information about your employer, in limited cases where you’ve connected your payroll accounts.
The data collected from your financial accounts includes information from all your accounts (e.g., checking, savings, and credit card) accessible through a single set of account credentials.
Information we receive from your devices. When you use your device to connect to our services through a developer’s application, we receive identifiers and electronic network activity information about that device, including IP address, hardware model, operating system, which features within our services you access, and other technical information about the device. We also use cookies or similar tracking technologies to collect usage statistics and to help us provide and improve our services. You can find more information about how we use cookies and your related choices in our Cookie Policy.
Information we receive about you from other sources. We also receive identifiers and commercial information about you directly from the relevant developer or other third parties, including our service providers, bank partners, and identity verification services. For example, developers may provide information such as your full name, email address, phone number, or information about your financial accounts and account transactions.
Inferences we derive from the data we collect. We may use the information we collect about you to derive inferences. For example, we may infer your location or your projected income based on the information we have collected about you from other sources.
How We Use Your Information
We use your End User Information for a number of business and commercial purposes, including to operate, improve, and protect the services we provide, and to develop new services. More specifically, we use your End User Information:
To operate, provide, and maintain our services;
To improve, enhance, modify, add to, and further develop our services;
To protect you, developers, our partners, Plaid, and others from fraud, malicious activity, and other privacy and security-related concerns;
To develop new services;
To provide customer support to you or to developers, including to help respond to your inquiries related to our service or developers’ applications;
To investigate any misuse of our service or developers’ applications, including violations of our Developer Policy, criminal activity, or other unauthorized access to our services; and
For other notified purposes with your consent.
Our Lawful Bases for Processing (EEA and UK End Users Only)
For individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”), our legal basis for processing your End User Information will depend on the information concerned and the context in which we collected or processed it. Generally, however, we will normally only collect and process End User Information where:
we need to fulfill our responsibilities and obligations in any contract or agreement with you (for example, to comply with our end user services agreements);
to comply with our legal obligations under applicable law;
the processing is necessary for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, to safeguard our services; to communicate with you; or to provide or update our services); and
you have given your consent to do so.
To the extent we rely on consent to collect and process End User Information, you have the right to withdraw your consent at any time per the instructions provided in this Policy.
How We Share Your Information
We share your End User Information for a number of business purposes:
With the developer of the application you are using and as directed by that developer (such as with another third party if directed by you);
To enforce any contract with you;
With our data processors and other service providers, partners, or contractors in connection with the services they perform for us or developers;
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, developers, our partners, Plaid, and others; or
For any other notified purpose with your consent.
We may collect, use, and share End User Information in an aggregated, de-identified, or anonymized manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated, de-identified, or anonymized data based on the collected information to develop new services and to facilitate research.
We do not sell or rent personal information that we collect.
Our Retention Practices
We retain End User Information for no longer than necessary to fulfill the purposes for which it was collected and used, as described in this Policy, unless a longer retention period is required or permitted under applicable law. As permitted under applicable law, even after you stop using an application or terminate your account with one or more developer, we may still retain your information (for example, if you still have an account with another developer). However, your information will only be processed as required by law or in accordance with this Policy.
Please refer to the “Your Data Protection Rights” section for options that may be available to you, including the right to request deletion of End User Information. You can also contact us about our data retention practices using the contact information below.
Some Final Details…
International Data Transfers
We operate internationally, and as a result, will transfer the information we collect about you across international borders, including from the EEA or UK to the United States, for processing and storage. To the extent that the information we collect about you is transferred from the EEA to territories/countries for which the EU Commission has not made a finding that the legal framework in that territory/country provides adequate protection for individuals' rights and freedoms for their personal data, we will transfer such data consistent with applicable data protection laws, including through the use of the EU Commission-approved standard contractual clauses. You can ask for a copy of these standard contractual clauses by contacting as as set out below.
Your Data Protection Rights
Under applicable law, and subject to limitations and exceptions provided by law, if you are located in the EEA or UK, and in certain other jurisdictions, you may have certain rights in relation to the End User Information collected about you and how it is used, including the right to:
Access End User Information collected about you;
Request that we rectify or update your End User Information that is inaccurate or incomplete;
Request, under certain circumstances, that we restrict the processing of or erase your End User Information;
Object to our processing of your End User Information under certain conditions provided by law;
Where processing of your End User Information is based on consent, withdraw that consent;
Request that we provide End User Information collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible; and
File a complaint regarding our data protection practices with a supervisory authority (if you are in the EEA or UK, please refer to the following link for contact details: https://edpb.europa.eu/about-edpb/board/members_en).
Under the California Consumer Privacy Act (“CCPA”), and subject to certain limitations and exceptions, if you are a California resident, you may have the following rights with respect to End User Information we have collected about you that constitutes personal information under the CCPA:
To request access to more details about the categories and specific pieces of personal information we may have collected about you in the last 12 months (including personal information disclosed for business purposes);
To request deletion of your personal information;
To opt-out of any “sales” of your personal information, if a business is selling your information; and
To not be discriminated against for exercising these rights.
To exercise your data protection rights, where applicable, you can submit a request using our online form (available here), or contact us as described in the “Contacting Plaid” section below. You may be required to provide additional information necessary to confirm your identity before we can respond to your request.
We will consider all such requests and provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims.
Changes To This Policy
We may update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on Plaid’s website at https://plaid.com/legal and update the effective date at the top of this Policy. We will also notify developers of any material changes in accordance with our developer agreements, as they are generally best positioned to notify their end users about such changes to this Policy, as appropriate.
Contacting Plaid
If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at privacy@plaid.com or by mail at:
If you reside outside the EEA or UK:
Attn: Legal
PO Box 7775 #35278
San Francisco, California 94120-7775
U.S.A.
If you reside in the EEA or UK:
Attn: Legal
New Penderel House, 4th Floor
283-288 High Holborn
London, United Kingdom, WC1V 7HP
Politique de confidentialité pour utilisateur final
Date d’entrée en vigueur : 30 décembre 2019
La confidentialité et la sécurité sont très importants pour nous au sein de Plaid. Cette Politique de confidentialité pour utilisateur final (« Politique ») est destinée à vous faire comprendre la façon dont nous, au sein de Plaid, collectons, utilisons et partageons les informations sur l’utilisateur final en notre possession, afin de faire fonctionner, améliorer, développer et protéger nos services comme décrit par ailleurs au sein de la présente Politique. Nous vous prions de prendre le temps de lire attentivement cette Politique.
Veuillez noter : cette Politique s'applique à Plaid Inc., et à ses filiales, y compris Plaid Financial Ltd., et Plaid B.V. (collectivement, « Plaid », « nous », « nos », « notre »). Pour obtenir des informations sur l’entité Plaid responsable du traitement de vos informations, veuillez-vous référer à la section « Contacter Plaid » ci-dessous.
Aller à la section :
Nos pratiques relatives aux données
Informations que nous collectons et catégories de sources d'informations
Nos bases juridiques pour le traitement (Utilisateurs au sein de l’EEE et du Royaume Uni uniquement)
Tout d'abord, le contexte
Un mot sur Plaid
Notre mission est de dynamiser les innovateurs en leur donnant accès au système financier. Notre technologie fournit un moyen facile pour que vous (« l’utilisateur final ») puissiez connecter votre compte bancaire et d'autres comptes financiers aux applications logicielles qui peuvent aider à réaliser des opérations telles que les retraits, la gestion des dépenses, optimisation des demandes de crédit, ou transferts d’argent. Ces applications logicielles sont développées et fournies par nos clients commerciaux (appelés « développeurs »), alimentées et rendues plus performantes par Plaid. En fournissant un accès à des données financières de haute qualité et utilisables, des données que nous avons traduites et normalisées, nous permettons à nos développeurs de se concentrer sur la création d’expériences pour votre bénéfice.
Au sujet de cette politique
L’objectif de cette politique est de fournir une explication simple et directe sur les informations collectées par Plaid auprès de et au sujet des utilisateurs finaux, et de la façon dont nous utilisons et partageons ces informations. Bien que nous fassions généralement confiance à nos développeurs pour vous informer au sujet des services que nous leur fournissons, et pour vous fournir une notification et obtenir tous les consentements nécessaires afin que nous puissions traiter vos informations, nous prisons la transparence et souhaitons vous donner une description claire et concise de la façon dont nous traitons vos informations.
Veuillez noter que cette politique couvre uniquement les informations que Plaid collecte, utilise et partage. Elle n’explique pas ce que nos développeurs font des informations d’un utilisateur final que nous leur fournissons (ou de toute autre information qu’ils peuvent collecter sur vous, leur utilisateur final). Cette politique ne couvre pas non plus les sites web, produits, ou services fournis par d'autres parties. Nous vous encourageons à examiner les politiques ou déclarations relatives à la vie privée de nos développeurs ou des tiers pour vous informer en ce qui concerne leurs pratiques.
Nos pratiques relatives aux données
Informations que nous collectons et catégories de sources d'informations
Comme expliqué plus en détail ci-dessous, Plaid a collecté des identifiants, des informations commerciales, des informations sur l'activité du réseau électronique, des informations professionnelles, inférences et d'autres types d’Informations relatives à l’utilisateur final.
Informations que vous fournissez. Lorsque vous connectez vos comptes financiers avec l’application d’un développeur ou, le cas échéant, que vous connectez vos comptes financiers au moyen de Plaid, nous collectons les identifiants et informations de connexion requises par votre prestataire de compte, tel que votre nom d’utilisateur et mot de passe ou jeton de sécurité. Dans certains cas, nous collectons également votre numéro de téléphone, adresse email, questions et réponses de sécurité ou mot de passe à usage unique pour aider à vérifier votre identité avant de vous connecter à vos comptes financiers. En fournissant ces informations, vous donnez au développeur et à Plaid l'autorité d'agir en votre nom pour accéder et transmettre vos Informations provenant de la banque concernée ou d'une autre entité qui fournit vos comptes financiers (nous les appellerons « fournisseurs de produits et services financiers » dans cette Politique). Vous pouvez également nous communiquer des identifiants et d'autres informations, y compris votre nom, adresse email, et numéro de téléphone, lorsque vous nous contactez ou saisissez une telle information sur nos sites web.
Informations collectées depuis vos comptes financiers. Les informations que nous recevons des fournisseurs de produits et services financiers qui gèrent vos comptes financiers peuvent varier en fonction des services spécifiques de Plaid que nos développeurs utilisent pour alimenter leurs applications, ainsi que les informations qui sont partagées par ces fournisseurs. Mais en général, nous collectons les types d’identifiants, informations commerciales et autres informations personnelles reçues de vos fournisseurs de produits et services financiers ci-après :
les informations de comptes, y compris le nom de l’institution financière, le nom du compte, le type de compte, le titulaire du compte, le numéro de succursale, l'IBAN, le BIC et les numéros de compte et d’acheminement ;
les informations relatives au solde du compte, y compris le solde courant et disponible ;
les informations relatives aux comptes de crédit, y compris les dates d’échéance, soldes dus, montants et dates des paiements, historique des transactions, plafond de crédit, statut des remboursements et taux d’intérêts ;
les informations sur les comptes de prêt, y compris les dates d’échéance, statut des remboursements, soldes, montants et dates de paiement, taux d’intérêts, garants, type de prêt, échéanciers et durée ;
les informations relatives aux comptes d’investissement, y compris les informations sur les transactions, type d'actifs, détails d’identification sur l’actif, quantité, prix, frais et base des coûts ;
les informations d’identification et sur le(s) titulaire(s) du compte, y compris nom, adresse mail, numéro de téléphone, date de naissance et adresse ;
les informations concernant les transactions du compte, y compris le montant, la date, le bénéficiaire, type, quantité, prix, lieu, titres concernés et une description de la transaction ; et
les informations professionnelles, y compris les informations concernant votre employeur, uniquement dans les cas où vous avez connectés vos comptes de paie.
Les données collectées depuis vos comptes financiers comprennent des informations provenant de tous vos comptes (p.ex. compte chèques, épargne et carte de crédit) accessibles au moyen d’un ensemble unique d’identifiants.
Informations reçues de vos appareils. Lorsque vous utilisez votre appareil pour vous connecter à nos services au moyen d’une application de développeur, nous recevons des informations sur les identifiants, l'activité du réseau électronique de cet appareil, y compris l’adresse IP, le modèle de l'appareil, le système d'exploitation, les fonctionnalités que vous utilisées au sein de nos services et autres informations techniques sur l’appareil. Nous pouvons également utiliser des cookies ou des technologies de traceurs similaires afin de collecter les statistiques d’utilisation et nous aider à améliorer nos services. Vous pouvez trouver davantage d’informations sur la manière dont nous utilisons les cookies et des choix que vous pouvez faire dans notre Politique Cookies.
Informations que nous recevons sur vous provenant d'autres sources. Nous recevons également des identifiants et informations commerciales sur vous directement du développeur concerné ou de tiers, y compris vos fournisseurs de services, banques partenaires et des services d'authentification des identités. Par exemple, nos développeurs peuvent nous fournir des informations sur vous telles que votre nom complet, adresse email, numéro de téléphone ou des informations sur vos comptes financiers et les transactions de votre compte.
Inférences déduites des données que nous collectons. Nous pouvons utiliser les informations que nous collectons à votre sujet pour en déduire des inférences. Par exemple, nous pouvons déduire votre localisation ou votre revenu projeté sur la base des informations que nous avons collectées sur vous auprès d'autres sources.
Comment nous utilisons vos Informations
Nous utilisons vos Informations r pour plusieurs finalités professionnelles et commerciales, y compris pour faire fonctionner, améliorer et protéger les services que nous fournissons, et pour développer de nouveaux services. Plus spécifiquement, nous utilisons vos Informations :
pour faire fonctionner, fournir et maintenir nos services ;
pour améliorer, perfectionner, modifier, ajouter et développer continuellement nos services ;
pour vous protéger, protéger nos développeurs, nos partenaires ou Plaid contre la fraude, les activités malveillantes ;
pour développer de nouveaux services ;
pour vous fournir un support client ou à nos développeurs, y compris en vue de répondre à vos demandes relatives à nos services ou aux applications de nos développeurs ;
pour enquêter sur les utilisations incorrectes de nos services ou des applications de nos développeurs, y compris les violations de la Politique concernant les développeurs, activité criminelle ou autre accès non autorisé à nos services ; et
pour tout autre finalités ayant obtenu votre consentement.
Nos bases juridiques pour le traitement (Utilisateurs au sein de l’EEE et du Royaume Uni uniquement)
Pour les ressortissants de l’espace économique européen (EEE) ou du Royaume Uni, la base juridique pour traiter vos Informations dépendra des informations concernées et du contexte dans lequel nous les collectons ou les traitons. Cependant, en général, nous ne collectons et traitons les Informations uniquement lorsque :
(a) nous devons remplir nos engagements et obligations dans le cadre de tout contrat ou accord conclu avec vous (par exemple, pour nous conformer à nos engagements de services vis-à-vis de l'utilisateur final) ;
(b) pour nous conformer à nos obligations légales en vertu des lois applicables ;
(c) le traitement est nécessaire à nos intérêts légitimes et ne supplante pas vos intérêts de protection des données ou vos droits et libertés fondamentaux (par exemple, pour sauvegarder nos services ; pour communiquer avec vous ; ou pour fournir nos services ou les mettre à jour) ; et
(d) vous nous avez donné votre consentement pour ce faire.
Dans la mesure où nous nous reposons sur ce consentement pour collecter et traiter les Informations, vous avez le droit de retirer votre consentement à tout moment selon les instructions prévues dans la présente Politique.
Comment nous partageons vos Informations
Nous partageons vos Informations pour un certain nombre de finalités professionnelles :
avec le développeur de l’application que vous utilisez et selon ses instructions (ainsi qu'avec un autre tiers si vous nous le demandez) ;
pour faire exécuter un contrat avec vous ;
avec nos sous-traitants intervenant dans le traitement de vos données et autres prestataires de services, partenaires ou sous-traitants concernant les services qu’ils réalisent pour nous ou pour nos développeurs ;
si nous estimons de bonne foi que la divulgation de vos Informations est appropriée pour se conformer à la loi, la réglementation ou les processus légaux applicables (tels qu’une ordonnance du tribunal ou une assignation) ;
dans le cas d'une modification de propriété ou de contrôle de tout ou partie de notre activité (telle qu’une fusion, acquisition, réorganisation ou faillite) ;
au sein de Plaid et entre Plaid et nos sociétés mères actuelles et futures, nos affiliés, filiales et autres sociétés sous contrôle et propriété commune ;
parce que nous estimons raisonnablement approprié de protéger les droits, la vie privée, la sécurité ou la propriété de vos Informations, de nos développeurs, nos partenaires, Plaid, et autres ; ou
pour tout autre objectif ayant obtenu votre consentement.
Nous pouvons collecter, utiliser et partager les Informations de manière agrégée, pseudonymisée, ou anonymisée (qui ne vous identifie pas personnellement) pour toute fin autorisée par la loi applicable. Ceci comprend le fait de créer ou d’utiliser des données agrégées, pseudonymisée, ou anonymisées sur la base des informations collectées afin de développer de nouveaux services et pour faciliter la recherche.
Nous ne vendons pas et ne louons pas les informations personnelles que nous collectons.
Nos Pratiques de rétention
Nous conservons les Informations relatives à l’utilisateur final uniquement pendant la durée nécessaire pour remplir les finalités pour lesquelles elles ont été collectées et utilisées, comme décrit dans cette Politique, à moins qu’une période plus longue de conservation soit requise ou permise en vertu de la loi applicable. Conformément à ce qui est permis par la loi applicable, même après que vous ayez arrêté d’utiliser une application ou résilié votre compte avec l’un de nos développeurs, nous pouvons conserver vos informations (par exemple, si vous possédez un compte auprès d’un autre développeur). Cependant, vos informations ne seront traitées que selon les exigences de la loi ou conformément à la présente Politique.
Veuillez-vous référer à la section relative à « Vos droits à la protection de vos données » pour les options qui sont mises à votre disposition, y compris le droit de demander la suppression de vos Informations. Vous pouvez également nous contacter au sujet de nos pratiques de conservation des données en utilisant les informations de contact ci-dessous.
Quelques derniers détails
Transferts internationaux de données
Nous opérons de manière internationale, et de ce fait, nous transférons les informations que nous collectons sur vous au-delà des frontières, y compris celles de l’EEE ou du Royaume Uni vers les États Unis, aux fins de traitement et stockage. Dans la mesure où les informations que nous collectons sur vous sont transférées de l’EEE vers des territoires ou des pays pour lesquels la Commission de l’UE n'a pas conclu que le cadre juridique des dits territoires ou pays fournissait un niveau de protection adéquate pour la sauvegarde des droits et libertés des personnes quant à leurs données personnelles, nous transférerons ces données conformément aux lois applicables en matière de protection des données, y compris en utilisant les clauses contractuelles types approuvées par la Commission de l’UE. Vous pouvez demander un exemplaire de ces clauses contractuelles types en nous contactant comme indiqué ci-dessous.
Vos droits relatifs à la protection de vos données
En vertu de la loi applicable et, sous réserve des limitations et des exceptions prévues par la loi, si vous êtes situé dans l’EEE ou le Royaume Uni, et dans certaines juridictions, vous pouvez disposer de certains droits quant aux Informations que nous collectons sur vous et sur la façon de les utiliser, y compris le droit :
d'accéder aux Informations que nous avons collectées sur vous ;
de demander que nous rectifions ou mettions à jour les Informations collectées sur vous, qui sont inexactes ou incomplètes ;
de demander, dans certaines circonstances, que nous restreignons le traitement de vos Informations ou que nous le supprimions ;
de vous opposer au traitement de vos Informations et ce, sous certaines conditions prévues par la loi ;
lorsque le traitement de vos Informations est basé sur votre consentement, retirer ce consentement ;
de demander que nous vous communiquions vos Informations dans un format structuré, couramment utilisé et lisible par machine, afin que vous puissiez les transmettre à une autre société, lorsque cela est techniquement possible ; et
de déposer une plainte concernant nos pratiques relatives à la protection des données auprès d’une autorité de surveillance (si vous vous trouvez dans l’EEE ou le Royaume Uni, veuillez-vous référer au lien suivant pour le détail des coordonnées : https://edpb.europa.eu/about-edpb/board/members_fr ).
En vertu de la loi sur la protection de la vie privée des consommateurs de Californie (le « CCPA ») et sous réserve de certaines limitations et exceptions, si vous êtes résident(e) de Californie, vous pouvez disposer des droits suivants quant aux Informations que nous avons collectées sur vous qui constituent des informations à caractère personnels selon le CCPA ;
de demander à accéder à davantage de détails sur les catégories et certains éléments spécifiques relatifs aux informations personnelles que nous pouvons avoir collecté sur vous dans les 12 derniers mois (y compris les informations personnelles divulguées à des fins commerciales) ;
de demander la suppression de vos informations personnelles ;
de vous opposer à toute « vente » de vos informations personnelles si une entreprise vend vos informations ; et
de ne ne pas subir de discrimination suite à l’exercice de vos droits.
Pour exercer vos droits en matière de protection de vos données, le cas échéant, vous pouvez soumettre une demande à l'aide de notre formulaire en ligne (disponible ici), ou nous contacter comme précisé dans la section « Contacter Plaid » ci-dessous. Il peut vous être demandé de fournir des informations supplémentaires pour confirmer votre identité avant que nous répondions à votre demande.
Nous prendrons en compte toutes ces demandes et fournirons notre réponse dans une période de temps raisonnable (et dans la période requise par la loi applicable). Veuillez noter, cependant, que certaines informations peuvent être exclues de ces demandes, par exemple si nous conservons les informations pour nous conformer à nos obligations légales ou pour initier, exercer ou défendre une action légale.
Modifications apportées à cette Politique
Nous sommes susceptibles de modifier la présente Politique de temps en temps. Si nous réalisons des changements, nous mettrons en ligne la nouvelle politique sur le site web de Plaid à https://plaid.com/legal et indiquerons la date d’entrée en vigueur de cette Politique. Nous informerons également nos développeurs de toute modification importante en lien avec nos accords avec les développeurs, car ces derniers sont généralement mieux positionnés pour informer leurs utilisateurs des changements à la présente Politique, le cas échéant.
Contacter Plaid
Si vous avez des questions ou des réclamations concernant la présente Politique, ou à propos de nos pratiques relatives à la protection de la vie privée de manière générale, vous pouvez nous contacter à privacy@plaid.com ou par courrier à :
Si vous résidez en dehors de l’EEE ou du Royaume Uni :
Attn: Legal
PO Box 7775 #35278
San Francisco, Californie 94120-7775`
U.S.A.
Si vous résidez au sein de l’EEE ou au Royaume Uni :
Attn: Legal
New Penderel House, 4th Floor
283-288 High Holborn
Londres, Royaume Uni, WC1V 7HP
Política de privacidad aplicable al usuario final
Fecha de entrada en vigor: 30 de diciembre de 2019
La privacidad y la seguridad son muy importantes para nosotros en Plaid. La finalidad de esta Política de privacidad aplicable al usuario final (la "Política") es ayudarle a usted (el "usuario final") a entender cómo recabamos, usamos y compartimos nosotros en Plaid la información sobre el usuario final que obra en nuestro poder para hacer funcionar, mejorar, desarrollar y proteger nuestros servicios, y para cualesquiera otras finalidades que se estipulen en esta Política. Rogamos dedique unos instantes a leer esta Política con atención.
Por favor, tenga en cuenta que: esta Política se aplica a Plaid Inc. y sus filiales, incluidas Plaid Financial Ltd. y Plaid, B.V. (conjuntamente, "Plaid", "nosotros", "nuestro" y "nos"). Para determinar la entidad pertinente de Plaid que es responsable del tratamiento de su información, por favor consulte la sección "Cómo ponerse en contacto con Plaid" abajo.
Ir a la sección:
Nuestras prácticas relativas a datos
Primero, un poco de contexto
Breve comentario sobre Plaid
Nuestra misión en Plaid es fortalecer a los innovadores proporcionando acceso al sistema financiero. Nuestra tecnología facilita una forma sencilla para que usted conecte su cuenta bancaria y otras cuentas financieras a aplicaciones de software que pueden ayudarle a hacer cosas como ahorrar para la jubilación, administrar sus gastos, optimizar solicitudes de crédito o transferir dinero. Dichas aplicaciones de software son desarrolladas y proporcionadas por nuestros clientes comerciales (en lo sucesivo, "desarrolladores"), y Plaid se encarga de alimentarlas. Al proporcionar acceso a datos de cuentas financieras útiles y de gran calidad que hemos traducido y estandarizado, permitimos a los desarrolladores centrarse en crear experiencias que le beneficien a usted.
Sobre esta Política
Nuestro objetivo con esta Política es ofrecer una explicación sencilla y directa sobre qué información recaba Plaid de los usuarios finales y sobre dichos usuarios finales ("Información de Usuario Final"), y acerca de cómo usamos y compartimos dicha información. Valoramos la transparencia y queremos ofrecerle una descripción clara y concisa de cómo tratamos su Información de Usuario Final.
Por favor, tenga en cuenta que esta Política solo es aplicable a la información que Plaid recaba, usa y comparte. No explica lo que los desarrolladores hacen con cualquier Información de Usuario Final que nosotros les suministremos (o cualquier otra información que ellos puedan recabar sobre usted separadamente de Plaid). Esta Política tampoco es aplicable a ningún sitio web, producto o servicio proporcionado por terceros. Le recomendamos que consulte las políticas o avisos de privacidad de los desarrolladores o dichos terceros para informarse de sus prácticas.
Nuestras prácticas relativas a datos
Información que recabamos y categorías de fuentes
Según se explica con mayor detalle debajo, Plaid ha recabado identificadores, información comercial, información de actividad de red electrónica, información profesional, inferencias y otros tipos de Información de Usuario Final.
Información que usted suministra. Cuando usted conecta sus cuentas financieras con una aplicación de un desarrollador, o conecta de forma distinta sus cuentas financieras a través de Plaid, en su caso, recabamos identificadores e información de inicio de sesión requerida por el proveedor de su cuenta, como su nombre de usuario y contraseña, o un token de seguridad. En algunos casos, también recabamos su número de teléfono, dirección de correo electrónico, preguntas y respuestas de seguridad, y contraseña de un único uso ("OTP", por sus siglas en inglés) para ayudar a verificar su identidad antes de conectar sus cuentas financieras. Al facilitar esta información, usted autoriza al desarrollador y a Plaid a actuar por cuenta de usted para acceder a su Información de Usuario Final y transmitirla del banco correspondiente u otra entidad que provea sus cuentas financieras (en esta Política los denominaremos "proveedores de productos y servicios financieros"). También puede proporcionarnos identificadores y otra información, incluyendo su nombre, dirección de correo electrónico y número de teléfono, cuando se ponga en contacto con nosotros o introduzca cualquier información de este tipo en nuestros sitios web.
Información que recabamos de sus cuentas financieras. La información que recibimos de los proveedores de productos y servicios financieros que mantienen sus cuentas financieras varía en función de los servicios concretos de Plaid que los desarrolladores utilicen para alimentar sus aplicaciones, así como de la información facilitada por esos proveedores. Sin embargo, en general, recabamos los siguientes tipos de identificadores, información comercial y otra información personal de sus proveedores de productos y servicios financieros:
Información sobre la cuenta, incluyendo nombre de la institución financiera, nombre de la cuenta, tipo de cuenta, titularidad de la cuenta, número de sucursal, IBAN, BIC y número de cuenta y de routing (número de ruta);
Información sobre el saldo de la cuenta, incluyendo saldo actual y disponible;
Información sobre cuentas de crédito, incluidas fechas de vencimiento, saldos adeudados, cantidades de pago y fechas, historial de operaciones, límite de crédito, estado de reembolso y tipo de interés;
Información sobre cuentas de préstamo, incluidas fechas de vencimiento, estado de reembolso, saldos, cantidades de pago y fechas, tipo de interés, garante, tipo de préstamo, plan de pagos y plazos;
Información sobre cuentas de inversión, incluida información de transacciones, tipo de activo, detalles identificativos acerca del activo, cantidad, precio, comisiones y base de coste;
Identificadores e información sobre el titular o titulares de la cuenta, incluyendo nombre, dirección de correo electrónico, número de teléfono, fecha de nacimiento e información de la dirección;
Información sobre movimientos de cuentas, incluyendo importe, fecha, beneficiario, tipo, cantidad, precio, ubicación, valores comprendidos y una descripción de la transacción; e
Información profesional, incluida información acerca de su empleador, en casos limitados en los que usted haya conectado sus cuentas de nómina.
Los datos recabados de sus cuentas financieras incluyen información de todas sus cuentas (por ejemplo, cuenta corriente, ahorro y tarjeta de crédito) accesible a través de un único conjunto de credenciales de cuenta.
Información que recibimos de sus dispositivos. Cuando usted usa su dispositivo para conectarse a nuestros servicios a través de la aplicación de un desarrollador, recibimos identificadores e información de actividad de red electrónica sobre ese dispositivo, incluyendo dirección IP, modelo de hardware, sistema operativo, a qué funciones dentro de nuestros servicios accede usted y otra información técnica sobre el dispositivo. Además, usamos cookies o tecnologías de seguimiento similares para recabar estadísticas de uso y para ayudarnos a proporcionar y mejorar nuestros servicios. Puede obtener más información sobre cómo usamos las cookies y sus opciones al respecto en nuestra Política de cookies.
Información que recibimos sobre usted de otras fuentes. También recibimos identificadores e información comercial sobre usted directamente del desarrollador correspondiente o de otros terceros, incluyendo nuestros proveedores de servicios, socios bancarios y servicios de verificación de identidad. Por ejemplo, los desarrolladores pueden proporcionar información como su nombre completo, dirección de correo electrónico, número de teléfono o información sobre sus cuentas financieras y movimientos de cuentas.
Inferencias que derivamos de los datos que recabamos. Es posible que usemos la información que recabamos sobre usted para derivar inferencias. Por ejemplo, podemos inferir su ubicación o la previsión de sus ingresos sobre la base de la información que hemos recabado sobre usted de otras fuentes.
Cómo utilizamos su información
Utilizamos su Información de Usuario Final para una serie de fines comerciales y empresariales, incluyendo para hacer funcionar, mejorar y proteger los servicios que prestamos y para desarrollar nuevos servicios. De manera más específica, utilizamos su Información de Usuario Final:
para hacer funcionar, prestar y mantener nuestros servicios;
para mejorar, perfeccionar, modificar, ampliar y desarrollar en mayor profundidad nuestros servicios;
para protegerle a usted, a los desarrolladores, a nuestros socios, a Plaid y a otros frente al fraude, actividades maliciosas y otros riesgos relacionados con la privacidad y la seguridad;
para desarrollar nuevos servicios;
para prestarle servicios de atención al cliente a usted o a los desarrolladores, incluyendo para ayudar a responder a las consultas que usted tenga relacionadas con nuestro servicio o las aplicaciones de los desarrolladores;
para investigar cualquier uso inadecuado de nuestro servicio o de las aplicaciones de los desarrolladores, incluyendo violaciones de nuestra Política de desarrolladores, actividades delictivas u otro acceso no autorizado a nuestros servicios; y
Para otros fines notificados con su consentimiento.
Nuestras bases legitimadoras para el tratamiento (aplicables exclusivamente a usuarios finales del EEE y del Reino Unido)
En el caso de las personas que se encuentren en el Espacio Económico Europeo ("EEE") o el Reino Unido, nuestra base legitimadora para el tratamiento de su Información de Usuario Final dependerá de la información en cuestión y del contexto en el que la recabamos o la tratamos. Por lo general, sin embargo, normalmente solo recabaremos y trataremos Información de Usuario Final cuando:
(a) necesitemos cumplir con nuestras responsabilidades y obligaciones en cualquier contrato o acuerdo con usted (por ejemplo, para cumplir con nuestros acuerdos de servicios de usuario final);
(b) para cumplir con nuestras obligaciones legales de conformidad con la normativa aplicable;
(c) el tratamiento sea necesario para nuestros intereses legítimos y no prevalezcan sus intereses de protección de datos o derechos y libertades fundamentales (por ejemplo, para salvaguardar nuestros servicios, para comunicarnos con usted o para prestar o actualizar nuestros servicios); y
(d) usted haya dado su consentimiento para hacerlo.
En la medida en que nos basemos en el consentimiento para recabar y tratar Información de Usuario Final, usted tiene el derecho a retirar su consentimiento en cualquier momento conforme a las instrucciones proporcionadas en esta Política.
Cómo compartimos su información
Compartimos su Información de Usuario Final para una serie de fines comerciales:
con el desarrollador de la aplicación que esté utilizando y según las instrucciones de dicho desarrollador (como con otro tercero si usted lo indica);
para el cumplimiento de cualquier contrato con usted;
con nuestros encargados del tratamiento de datos y otros proveedores de servicios, socios o contratistas en relación con los servicios que nos prestan a nosotros o a los desarrolladores;
cuando creamos de buena fe que la comunicación es apropiada para cumplir con la normativa y legislación aplicables o procedimientos legales (por ejemplo, una orden o citación judicial);
en relación con un cambio de titularidad o control de la totalidad o parte de nuestra empresa (por ejemplo, una fusión, adquisición, reestructuración o quiebra);
entre Plaid y nuestras matrices, filiales y otras empresas bajo control o titularidad común presentes y futuras;
en la medida en que consideremos razonablemente apropiado para proteger los derechos, la privacidad, la seguridad o la propiedad de usted, de los desarrolladores, de nuestros socios, de Plaid y de otros; o
para cualquier otra finalidad notificada con su consentimiento.
Podemos recabar, usar y compartir Información de Usuario Final de forma agregada, "desidentificada" (de-identified) o anonimizada (que no le identifica personalmente) para cualquier finalidad permitida bajo la normativa aplicable. Esto incluye la creación o el uso de datos agregados, "desidentificados" (de-identified) o anonimizados a partir de la información recabada para desarrollar nuevos servicios y para facilitar la investigación.
No vendemos ni alquilamos la información personal que recabamos.
Nuestras prácticas de conservación
Conservamos la Información de Usuario Final únicamente durante el periodo de tiempo necesario para cumplir con los fines para los cuales fue recabada y utilizada, según se describe en esta Política, salvo que se requiera o permita un periodo de conservación más amplio en virtud de la normativa aplicable. Según lo permita la normativa aplicable, incluso después de que usted deje de usar una aplicación o cierre su cuenta con uno o más desarrolladores, es posible que aún conservemos su información (por ejemplo, en caso de que usted aún tenga una cuenta con otro desarrollador). Sin embargo, su información solo será tratada según lo requerido legalmente o de acuerdo con esta Política.
Por favor, remítase a la sección "Sus derechos en materia de protección de datos" para opciones que puedan estar disponibles para usted, incluido el derecho a solicitar la supresión de Información de Usuario Final. También puede contactarnos en relación con nuestras prácticas de conservación de datos usando la información de contacto, más abajo.
Algunos detalles finales
Transferencias internacionales de datos
Operamos internacionalmente, y por consiguiente, transferiremos la información que recabamos acerca de usted a través de fronteras internacionales, incluyendo del EEE o del Reino Unido a los Estados Unidos, para el tratamiento y el almacenamiento. En la medida en que la información que recabemos acerca de usted se transfiera desde el EEE a territorios/países respecto de los cuales la Comisión de la UE no haya adoptado una decisión en el sentido de que el marco legal en ese territorio/país proporciona protección adecuada para los derechos y libertades de las personas físicas en cuanto a sus datos personales, transferiremos esos datos de conformidad con la normativa aplicable de protección de datos, incluyendo mediante el uso de las cláusulas contractuales tipo aprobadas por la Comisión de la UE. Puede solicitar una copia de esas cláusulas contractuales tipo contactándonos según se indica debajo.
Sus derechos en materia de protección de datos
De conformidad con la normativa aplicable, y con sujeción a las limitaciones y excepciones legalmente establecidas, si usted se encuentra en el EEE o el Reino Unido, y en algunas otras jurisdicciones, es posible que tenga ciertos derechos en relación con la Información de Usuario Final recabada sobre usted y cómo se utiliza, incluyendo el derecho a:
acceder a la Información de Usuario Final recabada sobre usted;
solicitar que rectifiquemos o actualicemos su Información de Usuario Final que sea inexacta o incompleta;
solicitar, en determinadas circunstancias, que limitemos el tratamiento de su Información de Usuario Final, o que suprimamos su Información de Usuario Final;
oponerse a nuestro tratamiento de su Información de Usuario Final cuando concurran determinadas condiciones legalmente previstas;
cuando el tratamiento de su Información de Usuario Final se fundamente en el consentimiento, a retirar dicho consentimiento;
solicitar que suministremos la Información de Usuario Final recabada sobre usted en un formato estructurado, de uso común y de lectura mecánica, de forma tal que usted pueda transferirla a otra empresa, cuando sea técnicamente posible; y
presentar una reclamación relativa a nuestras prácticas en materia de protección de datos ante una autoridad de control (si usted se encuentra en el EEE o el Reino Unido, por favor, consulte el siguiente enlace para obtener la información de contacto: https://edpb.europa.eu/about-edpb/board/members_es ).
De conformidad con la Ley de Privacidad del Consumidor de California ("CCPA", por sus siglas en inglés), y con sujeción a determinadas limitaciones y excepciones, si usted es un residente de California, es posible que tenga los siguientes derechos con respecto a la Información de Usuario Final que hemos recabado sobre usted que constituye información personal de conformidad con la CCPA:
a solicitar el acceso a más detalles acerca de las categorías e información personal específica que podamos haber recabado acerca de usted en los últimos 12 meses (incluida información personal comunicada para fines comerciales);
a solicitar la supresión de su información personal;
a oponerse a cualquier "venta" de su información personal, en caso de que una empresa esté vendiendo su información; y
a no ser discriminado por ejercer estos derechos.
Para ejercer sus derechos de protección de datos, en su caso, puede presentar una solicitud usando nuestro formulario online ( disponible aquí ), o ponerse en contacto con nosotros como se describe abajo en la sección "Cómo ponerse en contacto con Plaid". Es posible que se le pida que proporcione información adicional necesaria para confirmar su identidad antes de que podamos responder a su solicitud.
Examinaremos todas estas solicitudes y proporcionaremos nuestra respuesta dentro de un periodo de tiempo razonable (y dentro de cualquier plazo requerido por la normativa aplicable). No obstante, por favor tenga en cuenta que determinada información puede estar exenta de dichas solicitudes, por ejemplo, en caso de que necesitemos conservar la información para cumplir con nuestras propias obligaciones legales o para establecer, ejercer o defender reclamaciones legales.
Cambios en esta Política
Podemos actualizar o cambiar esta Política cada cierto tiempo. Si efectuamos cualquier actualización o cambio, publicaremos la nueva política en el sitio web de Plaid, en https://plaid.com/legal, y actualizaremos la fecha efectiva de aplicación en el encabezamiento de esta Política. Además, notificaremos a los desarrolladores cualquier cambio sustancial de conformidad con nuestros acuerdos de desarrolladores, dado que estos suelen estar en mejor posición para informar a sus usuarios finales de tales cambios en esta Política, en su caso.
Cómo ponerse en contacto con Plaid
Si usted tiene cualquier pregunta o reclamación sobre esta Política o sobre nuestras prácticas en materia de privacidad en general, puede ponerse en contacto con nosotros escribiéndonos a privacy@plaid.com, o si prefiere utilizar el correo tradicional, a:
Si usted reside fuera del EEE o del Reino Unido:
A/A: Legal
PO Box 7775 #35278
San Francisco, California 94120-7775,
EE. UU
Si usted reside en el EEE o el Reino Unido:
A/A: Legal
New Penderel House, 4th Floor
283-288 High Holborn
Londres, Reino Unido, WC1V 7HP
Privacy Statement
Effective Date: December 30, 2019
Thank you for using Plaid!
This Privacy Statement explains the ways Plaid Inc. and its subsidiaries, including Plaid Financial Ltd. and Plaid, B.V., (collectively, “Plaid”, “we”, “our”, and “us”) collect, use, and share information about you in connection with your access to or use of Plaid’s websites and our products and services (collectively, “Services”), and in connection with any other information we collect when you interact with us, except as outlined in the paragraph below. We hope you will take some time to read this Privacy Statement carefully.
Please note that this Privacy Statement does not apply to the information we collect about the end users of our developers’ software applications or when you otherwise connect your financial accounts through Plaid, except as otherwise provided herein. If you are an end user of one of our developers’ applications or have connected your financial account through Plaid, please refer to our End User Privacy Policy.
Jump to section:
Our Data Practices
Information We Collect and Categories of Sources
As explained in greater detail below, Plaid has collected identifiers, electronic network activity information, professional information, location information, and other types of information.
Information you provide to Plaid directly. We collect the information you provide directly to us, such as the information you provide when you create a developer account, update your profile, fill out our “contact us” form, sign up for our emails, request customer support, enroll in billing, execute a services agreement, complete a compliance questionnaire, or otherwise communicate with us. The types of information we collect include identifiers (such as full name, email address, postal address, phone number, driver’s license, and taxpayer identification number), professional information (such as company name and title), and any other information you choose to provide (such as date of birth or personal information you may disclose to us in support messages).
Information we receive when you test our technology. You may provide us with login information for your bank account or other financial account to test and evaluate how our technology will appear and operate in your application. If you test our technology in this way, we collect information as described in our End User Privacy Policy.
Information we collect when you use our Services. When you use our Services, we automatically collect information about you as follows:
Log Information: We collect log files when you use our Services, which includes identifiers and electronic network activity information, such as the type of browser you use, access times, pages viewed, and your IP address.
Approximate Location: We derive the approximate location of the device you use to access our Services from your IP address.
Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect identifiers and electronic network activity information when you use our Services, including cookies and web beacons. Cookies are small data files stored by your web browser, on your hard drive, or in device memory that help us improve our Services and your experience, determine usage of parts and features of our Services, and monitor for and detect potential harmful conduct. Web beacons are electronic images that are used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness. You can find more information about how we use cookies and your related choices in our Cookie Policy.
Information we collect from other sources. We also collect information about you from other sources. For example, we may collect information from other members of your company and from vendors that help us identify new customers, including identifiers, such as your name, email address, and social media profile URL.
How We Use Your Information
We use the information we collect for the following business and commercial purposes:
To operate, improve, and develop our Services;
To verify your identity and the identities of other members of your company;
To bill developers for our Services and to transmit payment;
To comply with law, such as for tax reporting purposes;
To send you technical notices, updates, security alerts, and administrative messages;
To respond to your comments, questions, inquiries, and customer service requests;
To help personalize the Services experience for you;
To communicate with you about products, services, offers, and events offered or sponsored by Plaid, and to provide news and other information we think may be of interest to you;
To monitor and analyze trends, usage, and activities in connection with our Services;
To detect and prevent fraud, malicious activity, and other illegal activities;
To protect the rights, privacy, safety, or property of Plaid and others; and
For any other purpose described to you when the information was collected.
Our Lawful Bases for Processing (EEA and UK Only)
Our legal basis for processing the information we collect related to individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”) will depend on the information concerned and the context in which we collected or processed it. Generally, however, we will normally only collect and process information where:
we need to fulfill our responsibilities and obligations in any contract or agreement with you;
to comply with our legal obligations under applicable law;
the processing is necessary for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, to provide or update our services); and
you have given your consent to do so.
How We Share Your Information
We share information about you as follows, or as otherwise described in this Privacy Statement:
With our data processors and other service providers, partners, contractors, or vendors in connection with the services they perform for us, including collection agencies in the event of delinquent payments from our developers;
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena), including in connection with requests from law enforcement or other governmental authorities;
If we believe your actions are inconsistent with our agreements or policies, or to protect the rights, privacy, safety, or property of Plaid or others;
In connection with a change in ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership; and
With your consent or at your direction.
We also collect, use, and share aggregated, de-identified, or anonymized information for any purpose permitted under applicable law.
We do not sell or rent personal information that we collect.
Other Details
Advertising and Analytics Services Provided by Others
We allow third parties to provide analytics services and serve advertisements on our behalf across the internet, including Google Analytics. These entities use cookies, web beacons, and other technologies to collect information about your use of the Services and other websites and online services, including your IP address, web browser, pages viewed, time spent on pages, links clicked, and conversion information. This information is used by Plaid and these third parties to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites and online services, and to better understand your online activity.
For more information about interest-based ads, including to learn how you may be able to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices; the European Interactive Digital Advertising Alliance (for European users); or the Digital Advertising Alliance of Canada (for Canadian users). And for more information about how Google uses your data, please visit www.google.com/policies/privacy/partners/.
International Data Transfers and Data Retention
We transfer the information we collect about you across international borders, including from the EEA or UK to the United States, for processing and storage. To the extent that the information we collect about you is transferred from the EEA to territories/countries for which the EU Commission has not made a finding that the legal framework in that territory/country provides adequate protection for individuals' rights and freedoms for their personal data, we will transfer such data consistent with applicable data protection laws, including through the use of the EU Commission-approved standard contractual clauses. You can ask for a copy of these standard contractual clauses by contacting us as set out below.
If you are in the EEA or UK, we retain your personal data for no longer than necessary to achieve the purposes for which it was collected, unless a longer retention period is required under applicable law.
Your Choices
Developer Account Information. You may update information you provide to us as part of your online developer account by logging into your account or by contacting us.
Cookies. You can find more information about how we use cookies and your related choices in our Cookie Policy.
Marketing Communications. You may opt out of receiving marketing emails from Plaid by following the instructions in those emails. If you opt out and are one of our developers, subject to limitations and exceptions provided by law, we may still send you other types of emails, such as those about your account or our ongoing business relations.
Your Data Protection Rights
Depending on your jurisdiction, you have certain rights under applicable law regarding the personal data we process, which may include the right to request access or deletion.
In certain jurisdictions, including the EEA and UK, and subject to certain limitations and exceptions, you may have the right to: (i) know how we process your personal data; (ii) request access to or rectification of your personal data; (iii) object to, or request that we restrict, the processing of your personal data; (iv) request that we delete your personal data; (v) request that we provide the personal data you provided to us in a structured, commonly used and machine-readable format, for transmission to another controller; (vi) revoke consent at any time where our processing is based on your consent; and (vii) lodge a complaint with your local supervisory authority (if you’re in the EEA or UK, please see this page for contact details).
If you are a resident of California, subject to limitations and exceptions provided by law, you have the right to: (i) request access to the categories and specific pieces of personal information collected about you in the last twelve months (including personal information disclosed for business purposes); (ii) request deletion of your personal information; (iii) opt-out of any sales of your personal information if a business is engaged in selling your information; and (iv) not be discriminated against for exercising these rights.
As described above in “Your Choices,” if you are one of our developers, you can conveniently access your online account information by logging into your account or by contacting us. To otherwise exercise your data protection rights, where applicable, please submit a request using our online form (available here), or contact us at the contact information provided below. You may be required to provide additional information necessary to confirm your identity before we can respond to your request.
Changes to this Statement
We may update or change this Privacy Statement periodically. If we make any updates or changes, we will notify you by updating the effective date at the top of this Statement. We may also provide notice of any changes through other means, such as placing a notice on our homepage at https://plaid.com or sending you an email. We encourage you to review the Privacy Statement whenever you access the Services or otherwise interact with us to stay informed about our data practices and the choices available to you.
Contacting Plaid
If you have any questions about this Privacy Statement, or our privacy practices generally, please contact us at privacy@plaid.com or by mail at:
If you reside outside the EEA or UK:
Plaid Inc.
Attn: Legal
PO Box 7775 #35278
San Francisco, California 94120-7775, U.S.A.
If you reside in the EEA or UK:
Plaid Financial Ltd.
Attn: Legal
New Penderel House, 4th Floor
283-288 High Holborn
London, United Kingdom, WC1V 7HP
Candidate Privacy Notice
Effective Date: December 11, 2019
At Plaid, we understand the importance of privacy and transparency. The purpose of this Candidate Privacy Notice (“Notice”) is to explain how Plaid Inc. and its subsidiaries, Plaid Financial Ltd. and Plaid, B.V. (collectively, “Plaid”, “we”, “our”, or “us”), collect, use, and share personal data and information from and about candidates (“you” or “your”) when you, or third-parties acting on your behalf, apply for a position with, or otherwise seek employment with, Plaid (“Candidate Information”).
This Notice applies to anyone who submits Candidate Information through Plaid’s Careers page (available at https://plaid.com/careers/ ), or whose information is otherwise provided to or is collected by Plaid, including by and from recruitment agencies, in connection with an application or search for a position with Plaid. This includes information submitted by you or on your behalf by a third-party.
Please note that if you submit your CV/resume or other Candidate Information through our website, in addition to this Notice, we also process your information as further described in our Privacy Statement.
Jump to section:
Our Data Practices
Information We Collect
We collect the following categories of Candidate Information during the job search, application, or interview process with Plaid:
identifiers and contact information, including your full name, address, phone number, email address, or other contact information;
professional or employment-related information, including information in your resume or CV; your work history, certifications, professional licenses, and other experience; and contact details of your former/current employer (when such details contain your personal data);
education information, including information about your degrees and training; transcripts; and academic achievements;
social networking and similar information, such as social media and public profile information, including URLs related to your LinkedIn, Twitter, GitHub, and Portfolio profiles, and your personal website;
demographic information (e.g., race, gender, and veteran status), including additional information you provide in an application form, cover letter, and other work product; and
identifiers and contact information, if you voluntarily submit such information as part of your application.
We collect the following categories of Candidate Information during the job search, application, or interview process with Plaid:
information collected as part of the interview process, such as notes taken from your interview (when they contain your personal data); and personal data included in any take-home project;
information necessary to schedule your interview, including your gender; and identifiers such as your address, your Known Traveler Number, and any frequent traveler details;
details about employment expectations, including, to the extent they contain your personal data, type of employment sought, compensation expectations, willingness to relocate, and other job preferences;
background check information, such as information obtained through reference and background checks, subject to any further permissions or notifications required by applicable law; and
information required to initiate employment, including proof of eligibility to work in a specified country (such as a passport or visa); demographic information such as your date and place of birth, and citizenship; identifiers such as your social security number, national insurance number, other government-issued identifier, tax identifiers and related tax information, and bank account numbers and related information; benefits eligibility information; and other information you provide for the purposes of starting employment or executing an employment agreement.
How We Use Your Information
We use the Candidate Information collected about you to process your application for employment and to comply with statutory obligations we have in relation to your application, including confirming your eligibility to work in a given location. Your Candidate Information will be used and disclosed only for the purposes of administering and evaluating your application and completing the on-boarding/new hire process, should you be offered and accept a position with Plaid.
We will use your Candidate Information for the following business and commercial purposes:
administering and processing your application, including verifying your identification, experience and other information you submit and, if your application progresses, any interview information and background check information;
communicating with you about your application, including contacting you via phone, email or social media platforms about your application and, if your application progresses, coordinating any interview and background check;
assessing and evaluating your suitability for the role for which you have applied, including verifying your identification, experience and other information you submit and, if your application progresses, any interview information and background check information;
conducting reference and background checks, including criminal records checks, as part of your application, subject to applicable law, including verifying your identification, experience and other information you submit and, if your application progresses, any interview information and background check information;
complying with applicable laws and employment-related requirements, including verifying identification information and information required to initiate employment, for purposes such as confirming ability to legally work in a specific location, setting up payroll, withholdings and benefits, and complying with statutory reporting requirements;
improving our recruitment process, including by generating analytics using Candidate Information to ensure we recruit a diverse set of candidates;
informing you of career opportunities, including other vacancies for which you may be eligible; and
for other notified purposes with your consent.
Please note that if you accept employment with Plaid, your Candidate Information will become part of your employment record and will be used for employment purposes in accordance with applicable law and any applicable Personnel Privacy Notice. If you are not accepted for a role, however, we may still keep your application to allow us to consider you for other career opportunities with Plaid. If you do not want your information retained in the event you are not offered a position, as applicable, please refer to “Your Data Protection Rights (EEA and Canadian Candidates Only)” below for options that may be available to you.
How We Share Your Information
We share your personal information with third parties as follows, or as otherwise described in this Notice:
between and among Plaid and our subsidiaries and affiliated entities, as the specific entity you're applying to work for is part of a wider group of companies with headquarters in the United States and offices in various jurisdictions that share human resources and IT systems for processing your application, assessing your suitability for the role, and initiating employment (if applicable);
to law enforcement, government authorities, regulators, and other third parties, such as courts and other authorities, independent external advisers and internal compliance and investigation teams, if we believe such disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process;
with our data processors and other service providers, including recruitment agencies, in connection with the services they perform for us or on our behalf. Where required, these service providers, partners, contractors, or vendors acting on our behalf will be subject to contractual obligations to implement appropriate technical and organizational measures to safeguard the Candidate Information, and to process it only as instructed.
where it is in our legitimate business interest to grow and develop our business in connection with, or during the negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
as necessary to protect Plaid, including to establish, exercise, or defend against potential, threatened or actual legal claims;
to enforce any contract with you;
in an aggregated or anonymized manner, which does not identify you personally;
to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
for any other notified purpose with your consent.
Our Lawful Bases for Processing (EEA Candidates Only)
For candidates in the European Economic Area (“EEA”), our legal basis for collecting, using, and sharing Candidate Information will depend on the information concerned and the context in which we collected or processed it. In general, however, we will normally only collect and process Candidate Information where:
(a) we need to comply with legal obligations applicable to us (such as applicable immigration and/or employment laws and regulations); (b) we need the information to fulfill our responsibilities in any actual or prospective agreement with you (such as an employment agreement or an offer of employment if you are considered for employment); (c) the processing is necessary for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (such as to ensure a safe working environment for all our team members, and to ensure the reliability of our candidates, and otherwise to administer and process your application, or to communicate with you about your application); and (d) we have your consent to do so.
Where we collect and process special categories of data (for example, race), then we will only process such information:
where we reasonably need to do so in order to comply with our legal obligations as a prospective employer;
where we need to do so in order to assess your working capacity;
where we need to do so to protect your or another person's vital interests (and we are unable to obtain your consent); or
where you have given us your consent.
To the extent we rely on consent to collect and process Candidate Information, you have the right to withdraw or decline your consent at any time by contacting us at people-privacy@plaid.com. Withdrawing your consent will not, however, affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Our Retention Practices
We retain Candidate Information for no longer than necessary to satisfy the purpose for which it was collected and used, as described in this Notice, unless a longer retention period is required or permitted under applicable law. As noted above, however, if you accept employment with Plaid, your Candidate Information will become part of your employment record and will be used for employment purposes in accordance with applicable law and any applicable Employee Privacy Notice.
Other Details
International Data Transfers
We operate internationally, and as a result, will transfer Candidate Information across international borders, including from the EEA and Canada to the United States, for processing and storage. To the extent that Candidate Information is transferred from the EEA to territories/countries for which the EU Commission has not made a finding that the legal framework in that territory/country provides adequate protection for individuals' rights and freedoms for their personal data, we will transfer such data consistent with applicable data protection laws, including through the use of the EU Commission-approved standard contractual clauses. You can ask for a copy of these standard contractual clauses by contacting us as set out below.
Your Data Protection Rights (EEA and Canadian Candidates Only)
Under applicable law, you have certain rights in relation to your Candidate Information. These rights can differ by country and province.
Subject to certain limitations and exceptions, those rights include the right to: (i) know whether we process personal data about you, (ii) request access to or rectification of the personal data we process about you; (iii) object to, or request that we restrict, the processing of your personal data; (iv) request that we delete personal data about you; (v) request that we provide the personal data you provided to us in a structured, commonly used and machine-readable format, for transmission to another controller; (vi) revoke consent at any time where our processing is based on your consent; and (vii) lodge a complaint with your local supervisory authority (if you’re in the EEA, please see this page for contact details).
If you’d like to exercise any of your rights, where applicable, please contact us using the contact information provided below.
Changes to this Notice
We may change this Candidate Privacy Notice from time to time. If we make any changes, we will update the effective date at the top of this Notice. In addition, if any of the changes are material and impact your Candidate Information, we will also send you a copy via email.
Contacting Plaid
If you have any questions about this Candidate Privacy Notice, our privacy practices, or the Candidate Information we collect about you, or have requests related to such Candidate Information, you can contact us at people-privacy@plaid.com or by mail at
If you are applying for a job with Plaid Inc. (located in the United States):
Plaid Inc.
Attn: Legal
PO Box 7775 #35278
San Francisco, California 94120-7775, U.S.A.
If you are applying for a job with Plaid Financial Ltd. (located in the United Kingdom) or Plaid, B.V. (located in The Netherlands):
Plaid Financial Ltd.
Attn: Legal
New Penderel House, 4th Floor
283-288 High Holborn
London, United Kingdom, WC1V 7HP
End User Services Agreement (US)
Effective Date: July 1, 2019
Thanks for using Plaid! Plaid provides a platform (“Platform”) that allows you and other end users to connect your bank accounts and other financial accounts (“Accounts”) with applications that can help you do things like save for retirement, manage your spending, streamline credit applications or transfer money (“Apps”).
This End User Services Agreement (US) (“Agreement”) is an agreement between you and Plaid Inc. (“Plaid”, “we” or “us”). By accepting this Agreement or accessing my.plaid.com or your Plaid profile, you agree to this Agreement and certify that you have all necessary rights to do so. If you are accepting on behalf of your employer or another entity, you represent and warrant that: (i) you have full legal authority to bind your employer or such entity to this Agreement; (ii) you have read and understand this Agreement; and (iii) you agree to this Agreement on behalf of the party that you represent. If you do not have the legal authority to bind your employer or the applicable entity, please do not accept this Agreement or access the features covered by this Agreement.
Please note that this Agreement does not apply to the services we provide to the developers of Apps. Those services are covered by our Developer Terms of Use and other terms.
my.plaid.com.
You can use my.plaid.com to manage connections between your Accounts and Apps. my.plaid.com is designed to empower you with greater control over your financial data, but the decision to use any App remains yours. Your use of any App and Account, and the App and Account providers’ use of your data, is governed by separate terms between you and the applicable providers. Plaid is not responsible for any Apps or Accounts provided by third parties or the acts or omissions of any third-party providers, and does not guarantee that any Apps or Accounts will remain available or compatible with the Platform.
Plaid Profile Creation.
You need to create an profile with Plaid in order to use certain features of the Platform, including certain features of my.plaid.com. You also need to ensure that your information is accurate, complete and up-to-date. You must notify us if you learn of any unauthorized access to or use of your Plaid Profile.
Control and Responsibilities.
You represent and warrant that you have all necessary rights to use your Accounts and Apps with the Platform, and you agree to comply with all laws and regulations applicable to your use, as well as any rules and guidelines that we post. You must not (1) use or access anyone else’s Accounts or related data, (2) submit information about anyone else’s identity or Accounts or that violates any third-party rights or (3) use the Platform for any fraudulent, illegal or misleading purpose. You also agree not to (a) modify, reverse engineer or seek to gain unauthorized access to the Platform or related systems, data or source code, (b) bypass or circumvent measures designed to prevent or limit access to any part of the Platform, (c) rent, lease, provide access to or sublicense any elements of the Platform to a third party or use the Platform on behalf of or to provide services to third parties, (d) copy, modify or create derivative works of the Platform or remove any of Plaid’s proprietary notices, (e) access the Platform for competitive purposes or publish any benchmark or performance information about the Platform, or (f) use the Platform in any manner that could damage, disable, overburden, or impair the functioning of the Platform or interfere with, disrupt or negatively affect other users.
How Plaid Uses Your Data.
Please review our End User Privacy Policy to learn how Plaid uses data related to your Accounts (e.g., your Account login information and balance information). You should also refer to our Privacy Statement and Cookie Policy for information about what we collect from the use of our websites. If you have questions, contact us at privacy@plaid.com.
Rights to the Platform.
Note that Plaid owns all right, title and interest (including intellectual property rights) in and to the Platform (including my.plaid.com and Plaid Profile features) and our related websites and technology. If you choose to give us feedback, suggestions or other inputs about the Platform, we may use them without restriction.
Our Disclaimers.
TO THE EXTENT PERMITTED BY LAW, THE PLATFORM (INCLUDING MY.PLAID.COM AND PLAID PROFILES) IS PROVIDED “AS IS” AND “AS AVAILABLE,” AND ANY USE IS AT YOUR DISCRETION AND RISK. PLAID, ITS AFFILIATES AND ITS AND THEIR SUPPLIERS MAKE NO WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. PLAID DOES NOT WARRANT THAT USE WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ANY OF YOUR DATA WILL BE ACCURATE OR COMPLETE OR THAT PLAID WILL MAINTAIN ANY DATA WITHOUT LOSS.
Liabilities for our Platform. TO THE EXTENT PERMITTED BY LAW, PLAID, ITS AFFILIATES AND ITS AND THEIR SUPPLIERS WILL NOT BE RESPONSIBLE FOR: (A) ANY LOST PROFITS, LOSS OF USE, LOST OR INACCURATE DATA, FAILURE OF SECURITY MECHANISMS, FINANCIAL LOSSES, OR ANY INDIRECT, SPECIAL, INCIDENTAL, RELIANCE OR CONSEQUENTIAL DAMAGES OF ANY KIND OR (B) ANY DAMAGES OR AMOUNTS EXCEEDING, IN THE AGGREGATE, THE GREATER OF (1) THE AMOUNT YOU PAID US TO USE THE PLATFORM AND (2) ONE HUNDRED U.S. DOLLARS (US $100).
Dispute Resolution.
We hope you will have a positive experience using our Platform, but should a dispute between us arise out of or relating to these Terms, we agree to resolve the dispute by following these steps:
- Send us a notice, according to the Notices section below, describing the dispute and including all relevant facts so we know how to help you.
- Within 5 business days after our receipt of your notice, we will reach out to discuss your dispute with you.
- If we’re not able to resolve your dispute during our discussion, you will send us a written proposal for resolving your dispute.
- Within 15 business days after our receipt of your written proposal, we will let you know whether we agree to your proposal, or we will provide you with a counter-proposal.
After Step 4, it’s up to you to decide whether you’d like to continue to negotiate with us to resolve your dispute, or whether you’d like to pursue a resolution through some other means.
Throughout this process, both you and Plaid agree to negotiate in good faith and according to the terms of this section to resolve the dispute before resorting to litigation or some other form of dispute resolution procedure. All negotiations (including your notice, our discussions, and your and our proposals) pursuant to this section are confidential and treated as compromise and settlement negotiations for the purposes of federal and state rules of evidence and procedure.
Notices.
Plaid may provide notices or communications to you through the email associated with your Plaid profile, through my.plaid.com or through other reasonable methods. All notices, requests and other communications to Plaid under this Agreement must be in writing to Plaid Inc., Attention: Legal, P.O. Box 7777 #35278, San Francisco, CA 94120-7775 (with a courtesy copy to legalnotices@plaid.com ) and will be deemed given when delivered.
Ending This Agreement.
At any time in its discretion, Plaid may terminate or suspend this Agreement (or your use of the Platform) with or without notice and for any or no reason, including if Plaid suspects that you have violated this Agreement. Plaid will have no liability to you for any termination or suspension, nor will such action limit any other rights or remedies Plaid may have. Except for your right to use the Platform, this Agreement will survive any termination.
About This Agreement.
This Agreement may not be transferred or assigned by you without Plaid’s prior written consent. Plaid may assign or transfer this Agreement to its affiliates or in connection with a merger, sale, reorganization or other change of control. In addition, Plaid’s affiliates, contractors and service providers may exercise Plaid’s rights or fulfill its obligations under this Agreement. Waivers must be in writing and no waivers will be implied. If any provision of this Agreement is held by a court of competent jurisdiction to be unenforceable for any reason, the remaining provisions will remain unaffected and in full force and effect. This Agreement is the final, complete and exclusive agreement between you and us relating the subject matter of this Agreement and supersedes all prior or contemporaneous understandings and agreements relating to such subject matter, whether oral or written. In this Agreement, headings are for convenience only and the term “including” (and similar terms) will be construed without limitation.
Plaid may modify this Agreement from time to time. Unless we specify otherwise, modifications take effect (and govern future use of the Platform, including my.plaid.com and your Plaid Profile) when we post the modified version. Plaid will use reasonable efforts to notify you of the modifications, and you may be required to agree to the modified version. If you do not agree to the modifications, your sole remedy is to cease using the Platform.
End User Services Agreement (UK)
Last Updated: 5 March 2020
Thank you for using Plaid!
This End User Services Agreement ("Agreement") is a legal agreement between Plaid Financial Ltd. ("Plaid", "we" or "us") and the end user of our Services ("you", "your"). This Agreement only applies when we provide account information services and payment initiation services to you with respect to a UK or EEA payment account, and when we transmit retrieved data and/or the payment status related to such services to third parties on your behalf in the UK ("Services"). Such third parties include the owner or provider of the website, desktop and/or mobile application through which you have accessed our Services ("Application").
This Agreement describes the terms and conditions that apply to your use of the Services. You may not access or use the Services unless you agree to comply with all of the terms and conditions in this Agreement. You should therefore read this Agreement carefully and make sure you understand it. If you do not understand any of the terms and conditions of this Agreement, please contact us before using the Services by emailing us at regulatory@plaid.com.
You may view an up-to-date copy of this Agreement at any time at https://plaid.com/legal/.
Jump to section:
Incorrect or Unauthorised Payments
1. Plaid
1.1. Plaid Financial Ltd. (company registration number 11103959) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 for the provision of payment initiation and account information services (firm reference number 804718).
1.2. Plaid's registered office address is New Penderel House, 4th Floor, 283-288 High Holborn, London WC1V 7HP. Plaid's trading address is 35-41 Folgate Street, London, E1 6BX.
2. Plaid Services
2.1. You have accessed our Services through an Application or within the Plaid dashboard (available at https://my.plaid.com/ ). The products and services provided to you by the Application are governed by a separate agreement between you and the provider of the Application ("Application Terms"). We have no responsibility for the products and services provided to you by or through the Application and will not be liable to you for any harm, damage or loss arising from your use of the products and services provided by or through the Application.
2.2. Our Services will allow you to obtain financial information from your online bank or payment account ("Payment Account") (account information services) and to make online payments directly from your Payment Account (payment initiation services).
2.3. The terms and conditions that apply to the Payment Accounts that you access through our Services (the "Account Terms") will remain in effect and this Agreement does not change your Account Terms.
2.4. We will not charge you for the use of our Services. Applications or other third parties may, however, charge you for products and services provided to you that make use of the Services provided by Plaid under this Agreement. Application providers and other third parties may pay us fees and other amounts in connection with the services we provide to them.
Account information services
2.5. Plaid's account information services allow you to access and view information relating to your selected Payment Account within the Plaid dashboard (available at https://my.plaid.com/ ) and the Application through which you have accessed our Services.
2.6. To access the Plaid dashboard, you need to create an account with Plaid. You also need to ensure that your information is accurate, complete and up-to-date. You must follow best practices to help secure your Plaid account and notify us if you learn of any unauthorised access to or use of your Plaid account.
2.7. With your explicit consent, we access and display information relating to your selected Payment Account(s) ("Account Information") within the Plaid dashboard and transmit such information to the Application through which you have accessed our Services. Such information may include: a. financial transaction history, for example, transaction amount, data, description and currency; b. financial account details, for example, account number, type, currency and balance; and c. financial account holder information, for example, name, address, phone number, and email address.
2.8. Before receiving Plaid's account information service, you will have instructed the Application through which you have accessed our Services to retrieve your Account Information using Plaid. Upon such an instruction, you will generally be redirected to us.
2.9. Once you are redirected to us, we will ask you to select which Payment Account provider ("Account Provider") you would like us to access Account Information from. You will give your explicit consent to us: (i) accessing your Account Information from the Account Provider you have selected; and (ii) taking the steps outlined in clause 2.12. once we have accessed your Account Information. Plaid will request your Account Information from your Account Provider on a periodic basis in accordance with your consent until the consent expires or is withdrawn.
2.10. Please note, you may be redirected to your Account Provider's website or mobile application in order to authenticate yourself so that your Account Provider knows that you consent to us accessing your Account Information.
2.11. Alternatively, in some circumstances, we may ask you to provide us with the login details for your Payment Account. By providing us with your Payment Account login details, you confirm that you have all the necessary rights, permissions and authority to share your login details and Account Information with us, and you grant us explicit consent to use your login details to access your Payment Account to obtain the necessary Account Information on your behalf and at your direction in order to provide you with the Services.
2.12. Once we have accessed your Account Information we may: a. share your Account Information with the Application through which you have accessed our Services; b. share your Account Information with third parties as directed by the Application through which you have accessed our Services provided, however, that you have explicitly consent to such sharing; or c. display your Account Information on the Plaid dashboard.
2.13. You agree to us sharing the Account Information we have accessed from your Account Provider with the Application through which you have accessed our Services, and with third parties as directed by that Application provided that in both cases you have explicitly consented to such sharing. Such sharing allows the Application to provide you with products and services in accordance with the Application Terms.
2.14. We do not check the accuracy of the Account Information retrieved from your Account Provider and we rely on your Account Provider to ensure that your Account Information is up to date and accurate.
2.15. We may standardize, categorize, merge, aggregate, and otherwise process your Account Information before displaying your Account Information on the Plaid dashboard, sharing it with the Application through which you have accessed our Services, or sharing it with third parties as directed by that Application with your explicit consent.
2.16. You may withdraw or vary your consent for Plaid to provide account information services at any time.
Payment initiation services
2.17. Plaid's payment initiation service allows you to make online payments from your Payment Account(s).
2.18. Before receiving our payment initiation service, you will have instructed the Application through which you have accessed our Services to make an online payment using Plaid. Upon such an instruction to your Application, you will generally be redirected to us.
2.19. When you are redirected to us, you will be asked to review and confirm your payment order details, including: a. the amount of the payment; b. the recipient details; and c. the payment reference.
2.20. It is your responsibility to ensure that all of the payment order details are correct before you confirm the payment order. You may not be able to recover a payment to an incorrect account or recipient. Plaid will pre-populate the recipient details for you to review and confirm. For example, where you use Plaid payment initiation services to purchase goods or services online you must ensure that the merchant recipient details are correct.
2.21. You will confirm the payment order and provide explicit consent for Plaid to send the payment order to your Account Provider for execution, to receive information from your Account Provider on the initiation and execution of the payment order and to pass this information on to the Application through which you accessed our Services.
2.22. You will be asked to select the Payment Account from which you will fund the payment and you may be redirected to your Account Provider's website or mobile application in order to authenticate yourself so that your Account Provider knows that you consent to the transaction.
2.23. If the payment order relates to a transaction that is to be executed by your Account Provider immediately, you will not be able to cancel the payment order once you have provided your confirmation and explicit consent in accordance with paragraph 2.21.
3. Eligibility and Availability
3.1. You can only use the Services if: a. you are 18 or over; b. your Payment Account and Account Provider are located in the UK or EEA; c. you provide us with accurate, complete, and up-to-date information, and do not misrepresent your identity or any other information about you; d. you agree to this Agreement, and to using our Services in accordance with this Agreement; and e. you agree to comply with all laws and regulations applicable to your use of the Services.
3.2. The Services that are available and the manner in which the Services are delivered may vary depending on the type of device you are using, the type of Payment Account(s) you have, the Account Terms and the Application Terms.
4. Communication
4.1. Where relevant, Plaid may send you information and notifications to your email address or mobile number via SMS where Plaid considers this appropriate.
4.2. If your contact details (including your mobile phone number or email address) change, you should tell us as soon as you can. You are responsible for maintaining and regularly checking your device or email inbox for information and notifications from Plaid.
4.3. You can contact Plaid by emailing us at regulatory@plaid.com.
5. Incorrect or Unauthorised Payments
5.1. If you suspect that an incorrect or unauthorised payment has been made using the Plaid payment initiation services you must contact us as soon as possible by emailing security@plaid.com.
5.2. You may be entitled to a refund of the incorrect or unauthorised payment from your Account Provider provided that you notify them of the incorrect or unauthorised payment without delay and in any event no later than 13 months after the date of the relevant payment. You must contact your Account Provider in the manner set out in the applicable Account Terms.
5.3. You should be aware that your Account Provider may contact you directly (and not through Plaid or the Application through which you have accessed our Services) if there is an issue with a payment order submitted through Plaid for whatever reason (for example, if there are insufficient funds or an issue with your authorisation). You may need to resolve such matters directly with your Account Provider.
6. Data
6.1. We use your information in line with our End User Privacy Policy (“Privacy Policy”) which can be found on our website at https://plaid.com/legal/#end-user-privacy-policy. If you are not comfortable with how we handle your information as explained in the Privacy Policy, you should not use our Service.
7. Liability
7.1. Plaid will not be liable to refund you for any losses caused by circumstances beyond our control, for example, due to extreme weather, terrorist activity or industrial action.
7.2. Plaid is not liable for any contravention of a requirement imposed on it by or under Part 7 of the Payment Services Regulations 2017 where the contravention is due to: a. abnormal or unforeseeable circumstances beyond Plaid's control, the consequences of which would have been unavoidable despite all efforts to the contrary; or b. the obligations of Plaid under other provisions of EU or national law.
7.3. Nothing excludes or limits our liability for: a. death or personal injury caused by our negligence; b. our fraud or fraudulent misrepresentation; or c. a deliberate breach of this Agreement in a major way that is designed to harm you.
7.4. We are not liable to you for any harm, damage or loss to you arising from the acts or omissions of any third parties, in particular your Account Provider(s) and the Application through which you have accessed our Services.
8. Complaints
8.1. If you have a complaint about our Services, please email us at regulatory@plaid.com so that Plaid can investigate the circumstances for you. We will aim to deal quickly and fairly with any complaints you have about our Services in accordance with our obligations under applicable law. Plaid may, however, direct you to: a. your Account Provider, if your complaint relates to the services provided under the Account Terms or involves an incorrect or unauthorised payment in accordance with paragraph 5 above; or b. the Application through which you accessed our Services, if your complaint relates to the products and/or services provided by the Application under the Application Terms.
8.2. If your complaint relates to our Services and we do not resolve it, you may be able to refer it to the UK Financial Ombudsman Service. You can contact the UK Financial Ombudsman by telephone on: from inside the UK: 0300 123 9123 or 0800 023 4567; from other countries: +44 20 7964 0500 on Monday to Friday, 8am to 8pm and on Saturday 9am to 1pm; by post at The Financial Ombudsman Service, Exchange Tower, London E14 9SR; or by email: complaint.info@financial-ombudsman.org.uk. The UK Financial Ombudsman Service is also available in a number of different languages and if you need it you will be put in touch with a translator when you contact the UK Financial Ombudsman Service.
8.3. Plaid is not responsible for any complaints or disputes about purchases made using our payment initiation services. You should settle these with the person from whom you bought the goods or services. We are not responsible for the quality, safety, legality or any other aspect of any goods or services purchased using our payment initiation services. Remember that once you have used our payment initiation service to make a purchase, Plaid cannot cancel or stop that payment transaction.
8.4. Plaid is also not responsible for any complaints or disputes about products and/or services provided by the Application through which you accessed our Services, other third parties, or your Account Provider. You should settle these with the Application, third party, or Account Provider directly.
9. Changes to this Agreement
9.1. The contract between you and Plaid which is set out in this Agreement and which governs your use of the Services will continue until cancelled in accordance with this paragraph 9.
9.2. We will give you at least two months' prior written notice via, at a minimum, the contact details you have supplied to us of any intended material change to this Agreement along with the new version of the Agreement.
9.3. If you do not agree with the proposed change(s) you must tell us using the Plaid contact details set out in paragraph 4.3. before that change takes effect and you will have the right to terminate this Agreement at any time before the proposed date of their entry into force. If you do not contact us in order to tell us that you do not accept the changes and request to terminate this Agreement you will be deemed to have accepted the change(s) to the Agreement.
10. Termination
10.1. You have the right to cancel the contract between us, which is set out in this Agreement, at any time without notice by contacting Plaid using the Plaid contact details set out at paragraph 4.3.
10.2. We may cancel the contract with you, with immediate effect, by giving written notice: a. if you repeatedly break this Agreement and fail to resolve the matter to Plaid's satisfaction in a timely manner; or b. in the event of your death or incapacity.
10.3. We may cancel this Agreement with you for any reason by giving you at least 2 months' written notice.
11. Governing law and language
11.1. This Agreement is governed by English law and is subject to the non-exclusive jurisdiction of the English Courts.
11.2. This Agreement is in English and all communications with you will be in English.
Developer Policy
Effective Date: December 30, 2019
This Developer Policy ("Policy") provides rules and guidelines that govern access to or use by our developers (“you” or “your”) of the Plaid API, websites (“Site”), dashboards, related tools, and other products or services (collectively, the "Service") provided by Plaid Inc. and its subsidiaries, including Plaid Financial Ltd. and Plaid, B.V. (“Plaid”, “we”, “our”, and “us”). Any violation of this Policy may result in suspension or termination of your access to the Service and/or access to end users’ personal and financial information ("End User Data").
By accessing and using the Service, you agree to comply with all the terms of this Policy. This Policy will apply each time you access or use the Service. If you are agreeing to the terms of this Policy on behalf of an organization or entity, you represent and warrant that you are so authorized to agree on behalf of that organization or entity. This Policy is important; please read it carefully.
We may update or change this Policy at any time in our discretion. If we make any changes to this Policy that we deem to be material, we will make a reasonable effort to inform you of such change. If you don’t agree with the change, you are free to reject it; unfortunately, that means you will no longer be able to use the Service.
Jump to section:
Compliance with Applicable Law
Registration
To sign up for the Service, you must create an account ("Account") by registering on our Site and providing true, accurate, and complete information about yourself and your use of the Service. You agree not to misrepresent your identity or any information that you provide for your Account, and to keep your Account information up to date at all times. It is your responsibility to maintain access to your Account; you may never share your Account information, including your Plaid Dashboard password, as well as your API authentication credentials, including your Client Identification Number (“Client ID”) and secret, with a third party or allow any other application or service to act as you.
If you become aware of any unauthorized use of your Account or any other breach of security, please immediately notify us via email to security@plaid.com.
Compliance with Applicable Law
When using the Service, you must abide by all applicable local, state, national, and international laws. You also confirm that you, your business, your employees, your service providers, and any others acting on your behalf adhere to all applicable laws, especially those pertaining to financial data and to data protection, privacy and data security.
In addition, you certify that you, your officers, directors, shareholders, direct and indirect parent entities, subsidiaries, and affiliates:
- are and will remain in compliance with all applicable import, re-import, sanctions, anti-boycott, export, and re-export control laws and regulations (including all such laws and regulations that apply to a U.S. company, such as the Export Administration Regulations, the International Traffic in Arms Regulations, and economic sanctions programs implemented by the Office of Foreign Assets Control (OFAC));
- are not subject to, or owned by parties that are subject to, sanctions or otherwise identified on any sanctions-related list, including but not limited to lists maintained by the United States government (such as the List of Specially Designated Nationals and Blocked Persons, maintained by OFAC, the Entity List maintained by the U.S. Commerce Department’s Bureau of Industry and Security, and the CAATSA section 231(d) list maintained by the U.S. State Department), the United Nations Security Council, the United Kingdom, the European Union or its Member States, or other applicable government authority; and
- are not engaging, and will not engage, in activities which may require or permit any applicable government authority to pursue an enforcement action against, or impose economic sanctions on you or us.
The certifications immediately above are not sought, and are not provided, if and to the extent such request or certification would constitute a violation of the EU Blocking Statute, of laws or regulations implementing the EU Blocking Statute in the EU Member States or in the United Kingdom, or any similar anti-boycott, non-discrimination, or blocking provisions foreseen in applicable local laws.
You are solely responsible for ensuring that your use of the Service is in compliance with all laws applicable to you, including without limitation, the rules and guidelines of any system or network that facilitates payments and any security requirements, including under the Payment Card Industry Data Security Standards (PCI-DSS), as may be applicable to you.
Security
You are responsible for securely maintaining your Plaid Dashboard username and password, as well as your API authentication credentials, including your Client ID and secret. You must notify us immediately in the event of any breach of security or unauthorized use of your Account or any End User Data. You must never publish, distribute, or share your Client ID or secret, and must encrypt this information in storage and during transit.
Your systems and application(s) must handle End User Data securely. With respect to End User Data, you should follow industry best practices but, at a minimum, must perform the following:
- Maintain administrative, technical, and physical safeguards that are designed to ensure the security, privacy, and confidentiality of End User Data.
- Use modern and industry standard cryptography when storing or transmitting any End User Data.
- Maintain reasonable access controls to ensure that only authorized individuals that have a business need have access to any End User Data.
- Monitor your systems for any unauthorized access. Patch vulnerabilities in a timely fashion. Log and review any events suggesting unauthorized access.
- Plan for and respond to security incidents.
- Comply with relevant rules and regulations with regard to the type of data you are handling, such as the Safeguards Rule.
Data Storage
Any End User Data in your possession must be stored securely and in accordance with applicable laws.
Account Deactivation
Once you stop using the Service in accordance with any applicable agreement you may have with us, you may deactivate your Account by following the instructions on the Site. We may also deactivate your Account if you have ceased using the Service for three months; your applicable agreement with us terminates or expires; or as reasonably necessary under applicable law. After your Account deactivation, we will deprovision your access to all End User Data associated with your integration.
Even after your Account deactivation, and to the extent permitted under applicable law, we may still retain any information we collected about you for as long as necessary to fulfill the purposes outlined in our privacy policy/statement, or for a longer retention period if required or permitted under applicable law.
Prohibited Conduct
You agree not to, and agree not to assist or otherwise enable any third party to:
- sell or rent End User Data to marketers or any other third party;
- access or use the Service or End User Data for any unlawful, infringing, threatening, abusive, obscene, harassing, defamatory, deceptive, or fraudulent purpose;
- collect and store end users’ bank credentials and/or End User Data other than as required to access or use the Service, as authorized by the end user, as permitted by Plaid, and as permitted under applicable law;
- use, disclose, or retain any “nonpublic personal information” (as defined under the Gramm-Leach-Bliley Act) or “personal information” (as defined under the California Consumer Privacy Act) other than in strict compliance with applicable law;
- use, disclose, or otherwise process any “personal data” (as defined in Regulation (EU) 2016/679 (General Data Protection Regulation)) other than in strict compliance with applicable law;
- access or use the Service or access, transmit, process, or store End User Data in violation of any applicable privacy laws or in any manner that would be a breach of contract or agreement with the applicable end user;
- access or use the Service to infringe any patent, trademark, trade secret, copyright, right of publicity, or other right of any person or entity;
- access or use the Service for any purpose other than for which it is provided by us, including for competitive evaluation, spying, creating a substitute or similar service to any of the Service, or other nefarious purpose;
- scan or test (manually or in an automated fashion) the vulnerability of any Plaid infrastructure without express prior written permission from Plaid;
- breach, disable, interfere with, or otherwise circumvent any security or authentication measures or any other aspect of the Service;
- overload, flood, or spam any part of the Service;
- create developer accounts for the Service by any means other than our publicly-supported interfaces (e.g., creating developer accounts in an automated fashion or otherwise in bulk);
- transfer, syndicate, or otherwise distribute the Service or End User Data without express prior written permission from Plaid;
- decipher, decompile, disassemble, copy, reverse engineer, or attempt to derive any source code or underlying ideas or algorithms of any part of the Service, except as permitted by applicable law;
- modify, translate, or otherwise create derivative works of any part of the Service;
- access or use the Service or End User Data in a manner that violates any agreement between you or the end user and Plaid; or
- access or use the Service or End User Data in a manner that violates any applicable law, statute, ordinance, or regulation.
Suspension and Termination
We reserve the right to withhold, refuse, or terminate access to the Service and/or End User Data in whole or in part where we believe the Service is being accessed or used in violation of this Policy or any other Plaid agreement, including Plaid’s agreements with any third party partners or data sources of Plaid (each, a “Partner”), or where use would pose a risk of harm, including reputational harm, to Plaid, its infrastructure, its data, the Service, an end user, or a Partner.
We will use reasonable efforts to notify you via email or other method when deciding to withhold, refuse, or terminate access to the Service and/or End User Data. We may immediately suspend or terminate access without notice if appropriate under the circumstances, such as when we become aware of activity that is a violation of any applicable law or when we determine, in our sole discretion, that harm is imminent.
Plaid will not be liable for any damages of any nature suffered by you or any third party resulting from Plaid’s exercise of its rights under this Policy or under applicable law.
Reporting Violations
If any person becomes aware of a violation of this Policy, we request that you immediately notify us via email to legalnotices@plaid.com. We may take any appropriate action -- including reporting any activity or conduct that we suspect violates the law to appropriate law enforcement officials, regulators, or other appropriate third parties -- in our sole discretion in respect to such violations.
Miscellaneous
The failure by you or Plaid to exercise in any respect any right provided for herein shall not be deemed a waiver of any further rights hereunder.
If any provision of this Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Policy shall otherwise remain in full force and effect and enforceable.
Cookie Policy
Effective Date: December 30, 2019
This Cookie Policy (“Policy”) explains how Plaid Inc. and its subsidiaries, including Plaid Financial Ltd. and Plaid, B.V., (collectively, “we”, “our”, or “us”), and trusted third parties, use cookies on our websites and other online services (collectively the “Services”), as well as your choices related to those cookies. Please review this Policy to learn more about the types of cookies we use, why we use them, and how you can control or limit the use of cookies.
To find out more about our privacy practices, please refer to our End User Privacy Policy and our Privacy Statement.
Jump to section:
What Are Cookies
Cookies are small data files stored on your browser or device, which can be in the form of session cookies (which expire once you close your web browser) or persistent cookies (which stay on your browser for a set period of time or until you delete them). They generally contain information such as website preferences, user settings, and browsing history. This information helps us recognize you as you interact with or revisit our Services.
Cookies may be served by the entity that operates the website you are visiting (“first-party cookies”) or by other companies (“third-party cookies”). For example, we use first-party cookies to remember your settings and preferences, such as language and location. We also integrate third-party analytics cookies, like Google Analytics, onto our websites to help us understand how you are using our websites so that we can improve them.
We also use other technologies that function similarly to cookies. For instance, we use web beacons (also called pixels), which are small images on a web page or in an email. Web beacons collect information about your browser or device and can set cookies. In addition, we use local storage, which allows data to be stored locally on your browser or device.
How We Use Cookies
We use cookies for a number of reasons, like helping us determine the popularity of certain content, improving our Services and your experience, and to better understand your online activity. The cookies we use generally fall into one or more of the following categories:
| Category of Cookies | How We Use These Cookies |
|---|---|
| Essential | These cookies are strictly necessary for our Services to function properly. Some of our Services depend on these cookies and may not work properly, or at all, if they are disabled. |
| Security | We use these cookies to help identify and mitigate potential security risks. |
| Preferences | We use these cookies to remember your settings and preferences, such as language and location, when you use our Services. |
| Analytics | We use these cookies to better understand how you interact with our Services so that we can improve them. For example, we may use these cookies to determine if you have interacted with certain content or features. We can also use these cookies to learn more about which features are the most popular with our users and where we may need to make improvements. |
| Advertising | We and our trusted advertising partners use these cookies to display advertisements, to make advertisements more relevant to visitors to our websites, and to track the efficiency of any advertising campaigns, both on our Services and on other websites. |
Your Choices
You have the right to choose whether or not to accept cookies. However, since cookies can be an important part of how our Services work, if you remove or reject cookies, this could affect the availability and functionality of our Services.
Below are some options to control or limit how cookies are used on our Services:
You can usually manage settings to remove or reject browser cookies manually within your browser’s configuration settings. To manage these settings, please follow the instructions given by your browser.
To prevent your data from being used by Google Analytics, you can install Google’s opt-out browser add-on.
For information on how our advertising partners may allow you to opt out of receiving ads based on your web browsing history, please visit http://optout.aboutads.info/. In addition, European users should visit European Interactive Digital Advertising Alliance and Canadian users should visit Digital Advertising Alliance of Canada to learn more about how to opt out of receiving these types of ads.
Changes to This Policy
We may update or change the cookies (or similar technologies) we use from time to time. The most up-to-date version of this Policy will be posted on our website at https://plaid.com/legal, and if we make any changes, we will update the effective date at the top of the Policy. We recommend that you check back periodically for any changes.
Contacting Us
If you have any questions about our use of cookies or this Policy, you can contact us at privacy@plaid.com.
Short Message Service (SMS) Terms
Effective Date: September 3, 2019
By agreeing to these Short Message Service Terms (“SMS Terms”), you consent to receive automated SMS messages from Plaid Inc. (“Plaid”), and any of its SMS-related service providers (“service providers”), including through the use of an automatic telephone dialing system, at the telephone number you have selected. Message and data rates may apply.
By agreeing to these SMS Terms, you also authorize your wireless operator to disclose your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber and device details, if available, to Plaid and service providers for the duration of the business relationship, solely for identity verification and fraud avoidance. See our Privacy Policy for how we treat your data.
If you do not wish to receive SMS messages from Plaid or its service providers, or if you no longer want your wireless operator to share information about you with Plaid or its service providers, you agree to reply STOP to any SMS message from Plaid or sent on behalf of Plaid in order to opt out of the SMS message notifications. You may receive an additional SMS message confirming your decision to opt out.
Changes to our legal policies
Our mission at Plaid is to enable innovation in financial services. As a result, we’re constantly working to improve our existing services, and to develop new services that give developers the ability to create amazing products, and for end users to connect their financial data to their favorite apps.
As we make changes to our services, we review and update our legal policies to reflect those changes. Additionally, we may periodically revise and reorganize the language in our policies to make them easier to follow and understand.
Stay up to date by reviewing highlights from the most recent changes to our policies below. And if you have any questions about the changes, please reach out to us at privacy@plaid.com.
2019-12-30
We updated our End User Privacy Policy, Privacy Statement, Developer Policy, and Cookie Policy.
2019-12-12
We added our Candidate Privacy Notice to our website.
2019-12-05
We added our End User Services Agreement (US) and the SMS Terms to our website.
2019-08-27
We added our End User Services Agreement (UK) to our website.
2019-05-29
We added information to our End User Privacy Policy and Privacy Statement to address requirements of the European Union’s General Data Protection Regulation. Additionally, we added more details about the information we collect from end users. Lastly, we translated our End User Privacy Policy into Spanish.
2019-05-06
We added our Cookie Policy to the website.
