Last updated November 11th, 2013; Effective until June 13, 2018
This policy does not apply to any website, product or service of any third-party company even if the website or application links to (or from) the Service. Plaid does not operate those websites, products, or services - please always review the privacy practices of a company before deciding whether to provide any information to them.
Information We Collect
In general, we collect information in a number of ways, including (i) when a client or end-user provides it directly to us via the Website and/or Service, (ii) when we obtain end-user information through trusted third parties including financial institutions, (iii) through your continued access of the Service, including data passively collected through technology such as "cookies". The types of information we collect and our use of that information will depend on whether you are a Website Visitor, Client, or End-User.
Cookies and IP Addresses
We automatically receive and record information from your web browser when you interact with the Service, including your IP address and cookie information. This information is used for fighting spam/malware and also to facilitate collection of data concerning your interaction with the Service (e.g., what links you have clicked on). Generally, the Service automatically collect usage information, such as the number and frequency of visitors to the Site. We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Service so that we can analyze and improve them. We may also receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.
To simply browse our Website, you are not required to provide any Personal Information. However, we may gather non-personally-identifiable information, as described directly above, just for the purposes of monitoring and improving our Website and the Service. We will not share this information with third parties except as a necessary part of providing our Website and the Service, nor will we use it to target any advertisements to you. Of course, if you sign up with or use any of our services, more information is shared.
When you use Plaid services as a client, whether paid or unpaid, we will gather and store your name, company name, email address, phone number, billing address, and any other relevant information that you provide directly to us. Any and all test and/or live users that sign up as an end-user of your services fall under the end-user category. If you sign up for a paid account, we will also store the relevant data required to complete your transaction, including but not limited to your financial information, bank account numbers, routing numbers, billing address and company name. We may also rely on a third-party payment processor to complete transactions, and all data shared with them falls under their own privacy policies. Further, we will collect and associate all relevant end-user data with your client account, including but limited to end-user names, email addresses, billing addresses and financial information. We may additionally collect information on the IP addresses, devices, and locations used to access Plaid, which may be linked to your account for fraud detection and prevention purposes. Finally, we may collect additional data for identity verification on an as-needed based determined at our own sole discretion.
As an end-user of any application that utilizes the Service, whether via a client or other third-party, directly via use of our API or other services, or through an application built by us directly, you are agreeing to share financial information with us including, but not limited to, your account credentials, transactional histories, account numbers, and balances/limits as well as general identity data including names and addresses of all account holders. You are enabling us to interact with and through your financial institutions on your behalf and with your consent. We may also retrieve information pertaining to usage of our client applications and other general activity that comes through use of the Service.
We collect statistical information about how both unregistered and registered users, collectively, use the Service ("Aggregate Information"). Some of this information is derived from Personal Information. This statistical information is not Personal Information and cannot be tied back to you, your Account or your web browser.
How We Use Personal Information
Plaid uses your Personal Information as follows:
To operate and maintain the Service (such as, overall operating and maintenance, providing customer service, fixing malfunctions, testing our security systems, etc.).
To provide you with the features, functions and benefits of the Service (such as, displaying to information regarding your financial accounts).
To enhance, improve, add to and further develop the Service (such as, creating new features or functions, refining or personalizing the user experience, increasing Service technical performance, etc.).
We will use your contact information (such as, your email address or phone number) to provide you with Service notifications.
To help personalize the Service experience for you (such as, remembering your information so you will not have to enter it each time you use the Service or providing you with offers, advertisements or features you may like).
And for the other purposes referenced in the "Sharing and Disclosure" section below (such as, for the purposes of legal compliance).
Sharing and Disclosure
Plaid does not sell or rent any personal information to marketers or third parties that have not been explicitly authorized (e.g., in the case of a client).
We may share your Personal Information with trusted third parties who are integral to the operation of our Website and the Service, including but not limited to financial institutions, payment processors, verification services and credit bureaus, as well as any third parties that you have directly authorized to receive your Personal Information. We may store your Personal Information in locations outside the direct control of Plaid, for instance, on servers or databases co-located with hosting providers.
We will only disclose your Personal Information in response to such a request if we believe in good faith that doing so is necessary to comply with applicable law or a legal obligation to which we are bound. If we receive such a request, we will use reasonable efforts to give you prompt notice, so that you may contest it if you choose. We will not provide you such notice if we determine in good faith that either (a) we are not permitted to provide it under applicable law, or (b) that doing so would result in an imminent risk of death, serious physical injury or significant property loss or damage to Plaid or a third party. In addition, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar events, certain information in our possession may be transferred to our successor or assign.
We may occasionally email you with information about offers or new services. You can opt out of these email communications by replying with unsubscribe in the subject line, or via an unsubscribe link included in such communications. However, you will continue to receive certain email communications related to your account including information regarding transactions and your relationship with Plaid.
Protection of Information
Although no data storage or transmission can be 100% secure, we take significant steps to protect user and account information to ensure that it is kept private. Plaid maintains strict administrative, technical, and physical procedures to protect information stored in our servers, which are located in the United States. Access to information is limited (through user and password credentials and software systems) to those employees who require it to perform their job functions. We use industry-standard Secure Socket Layer encryption to safeguard the account registration and sign-up information, along with the end-user sign-up process. Other safeguards include, but are not limited to data encryption, firewalls, and physical access controls to building and files.
Information from Children
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Service or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at firstname.lastname@example.org.
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to email@example.com, or: Attn: Legal; Plaid Inc. - San Francisco, CA 94105.
Last updated on September 22nd, 2015
The Service enables applications to connect with end-user-authorized data from financial institutions including banks, card issuers, and card networks ("financial institutions"). Further, we attempt to structure, normalize, and cleanse the data we return to the client into a concise and highly functional format. Plaid currently supports financial institutions in the United States. We are neither a bank, money service business, nor payment processor – and we cannot assume any liability for the products or services that are built using our service.
We will provide customer service to help resolve any issues relating to your Account, our services, and the other use of our software. The extent and nature of such customer service may be determined by Plaid in its sole and absolute discretion. You, and you alone, are responsible for providing all customer service to your end-users for any and all issues relating to your product and services, including but not limited to issues relating to the Service. For questions on how to contact Plaid support, please see our support page.
General Services Content
You agree that the Service contains information and other content specifically provided by Plaid or its partners and that such content is protected by copyrights, trademarks, service marks, patents, trade secrets or other proprietary rights and laws. For clarity, this section does not apply to end User Data. Except as expressly authorized by Plaid in writing, you shall not sell, license, rent, modify, distribute, copy, reproduce, transmit, publicly display, publicly perform, publish, adapt, edit or create derivative works from such content. However, Plaid hereby grants you a limited, revocable, non-sublicensable license to reproduce and display such content (excluding any software code); provided, that you retain all copyright and other proprietary notices contained therein. Reproducing, copying or distributing any such content, including any materials or design elements on the Service, for any other purpose is strictly prohibited without the express prior written permission of Plaid.
Your Security Obligations
We cannot guarantee the security of our users' applications. We reserve the right to terminate a user without notice if we suspect that they are at risk of a security breach. While we cannot ensure that our users follow all the necessary security protocols, we strongly recommend that you adhere to the following minimum security protocols:
Use of PCI compliant servers
Use of HTTPS for all API requests (non-HTTPS requests are currently disabled)
Do not store end-user credentials or other sensitive personally identifiable information
Encryption of your client ID and secret in all storage and communication
It is your responsibility to maintain the security of your account information, including your Client Identification Number ("client ID") and Client Secret ("secret"). You must notify us immediately of any breach of security or unauthorized use of your Account. You may never publish, distribute or share your Client ID or Secret.
You are responsible for all of your (and your end users') activity in connection with the Service. You shall not (and shall not permit any other party to) either (a) take any action or (b) upload, download, post, submit or otherwise distribute or facilitate distribution of any content on or through the Service, that:
infringes any patent, trademark, trade secret, copyright, right of publicity or other right of any other person or entity or violates any law or contractual duty;
is unlawful, threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another's privacy, tortious, obscene, vulgar, pornographic, offensive, profane, contains or depicts nudity, contains or depicts sexual activity, or is otherwise inappropriate as determined by us in our sole discretion;
contains software viruses or any other computer codes, files, or programs that are designed or intended to disrupt, damage, limit or interfere with the proper function of any software, hardware, or telecommunications equipment or to damage or obtain unauthorized access to any system, data, password or other information of ours or of any third party;
impersonates any person or entity, including any of our employees or representatives; or
includes anyone's identification documents or sensitive financial information.
You shall not (directly or indirectly): (i) decipher, decompile, disassemble, reverse engineer or otherwise attempt to derive any source code or underlying ideas or algorithms of any part of the Service (including without limitation any application), except to the limited extent applicable laws specifically prohibit such restriction, (ii) modify, translate, or otherwise create derivative works of any part of the Service, or (iii) copy, rent, lease, distribute, or otherwise transfer any of the rights that you receive hereunder. You shall abide by all applicable local, state, national and international laws and regulations.
You shall not: (i) take any action that imposes or may impose (as determined by us in our sole discretion) an unreasonable or disproportionately large load on our (or our third party providers') infrastructure; (ii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; (iii) bypass, circumvent or attempt to bypass or circumvent any measures we may use to prevent or restrict access to the Service (or other accounts, computer systems or networks connected to the Service); (iv) run any form of auto-responder or "spam" on the Service; (v) use manual or automated software, devices, or other processes to "crawl" or "spider" any page of the Site; (vi) harvest or scrape any content from the Services; or (vii) otherwise take any action in violation of our guidelines and policies.
Privacy and End User Data
Payments and Billing
The terms of your payment will be based on your payment method and may be determined by agreements between you and the financial institution, credit card issuer or other provider of your payment method. If we, through the payment processor, do not receive payment from you, you agree to pay all amounts due on your billing account upon demand.
Some of the paid services may consist of recurring period charges as agreed to by you. By choosing a recurring payment plan, you acknowledge that such services have an initial and recurring payment feature and you accept responsibility for all recurring charges prior to cancellation. We may submit periodic charges (e.g., monthly) without further authorization from you, until you provide notice (receipt of which is confirmed by us) that you have terminated this authorization or wish to change your payment method. Such notice will not affect charges submitted before we reasonably could act.
You must provide current, complete and accurate information for your billing account. You must promptly update all information to keep your billing address current, complete and accurate, and must promptly notify us or your payment processor if your payment method is canceled (e.g., for loss or theft) or if you become aware of a potential breach of security. If you fail to provide any of the foregoing information, you agree that we may continue charging you for any use of paid services under your billing account unless you have terminated your paid services as set forth above.
If the amount to be charged to your billing account varies from the amount you preauthorized (other than due to the imposition or change in the amount of state sales taxes), you have the right to receive, and we shall provide, notice of the amount to be charged and the date of the charge before the scheduled date of the transaction. Any agreement you have with your payment provider will govern your use of your payment method. You agree that we may accumulate charges incurred and submit them as one or more aggregate charges during or at the end of each billing cycle.
Your non-termination or continued use of a paid service reaffirms that we are authorized to charge your payment method for that paid service. We may submit those charges for payment and you will be responsible for such charges. This does not waive our right to seek payment directly from you. Your charges may be payable in advance, in arrears, per usage, or as otherwise described when you initially selected to use the paid service.
You agree that, during the time you are a registered Service user, we may identify you as a customer of Plaid (including, without limitation, on the Site and in promotional materials).
Limitation on Liability
IN NO EVENT SHALL PLAID, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, VENDORS OR SUPPLIERS BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL THEORY WITH RESPECT TO THE APPLICATION: (I) FOR ANY LOST PROFITS OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, EVEN IF FORESEEABLE, (II) FOR ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION), OR (III) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) $100.00 (U.S.) (PROVIDED THAT, IF YOU ARE A PAYING USER OF THE SERVICE, SUCH AMOUNT SHALL BE CAPPED AT THE AMOUNTS PAID BY YOU TO PLAID DURING THE THREE (3) MONTH PERIOD IMMEDIATELY PRIOR TO THE DATE THE CAUSE OF ACTION ACCRUED). THE FOREGOING LIMITATIONS SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
THE SERVICE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. PLAID MAKES NO WARRANTY THAT (I) THE SERVICE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR (II) THE RESULTS OF USING THE SERVICE WILL MEET USER'S REQUIREMENTS. IN ADDITION, PLAID MAKES NO WARRANTY THAT ANY END USER DATA WILL BE TIMELY, ACCURATE OR COMPLETE. THE FOREGOING DISCLAIMERS SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
Effective Date: June 14, 2018
Jump to section:
First, Some Background
A quick note about Plaid
Our mission at Plaid is to empower innovators by delivering access to the financial system. Our technology provides an easy way for you (the "end user") to connect your bank account and other financial accounts to software applications that can help you do things like save for retirement, manage your spending, streamline credit applications, or transfer money. These software applications are built and provided by our business customers (we’ll call them “developers” here), and powered by Plaid. By delivering access to high-quality, usable financial account data that we’ve translated and standardized, we enable our developers to focus on building experiences that benefit you.
Our goal with this Policy is to provide a simple and straightforward explanation of what information Plaid collects from and about end users, and how we use and share that information. While we generally rely upon our developers to inform you about the services we provide to the developer, and also to provide notice and obtain any necessary consent for us to process your information, we value transparency and want to provide you with a clear and concise description of how we treat your information.
Please note that this Policy only covers the information that Plaid collects, uses, and shares, and it does not explain what our developers do with any end user information we provide to them (or any other information they may collect about you, their end user). This Policy also does not cover any websites, products, or services provided by others. We encourage you to review the privacy policies or notices of our developers or those third parties for information about their practices.
Our Data Practices
Information We Collect
Information you provide. When you connect your financial accounts with a developer application, you may provide, through our integrated services, login information required by your financial institution to access your account, such as your username and password, answers to challenge questions, or a security token. When providing this information, you give the developer, and Plaid as its service provider, the authority to act on your behalf to access and transmit your information from the relevant financial institution.
Information collected from your financial institutions. The information we receive from the financial institutions that maintain your financial accounts may vary depending on the specific Plaid services our developers use to power their applications, as well as the information made available by your financial institutions. The types of information we collect from your financial institutions may include, but are not limited to:
Account information, including financial institution name, account name, account type, and account and routing number;
Information about an account balance, including current and available balance;
Information about credit accounts, including statement due dates and balances owed, payment amounts and dates, transaction history, and interest;
Information about loan accounts, including due dates, balances, payment amounts and dates, interest, loan type, payment plan, and term;
Information about the account owner(s), including name, email address, phone number, and address information; and
Information about account transactions, including amount, date, type, and a description of the transaction.
The data may include information from all your sub-accounts (e.g., checking, savings, and credit card) accessible through a single set of account credentials, even if only a single sub-account is designated by you.
Information we receive about you from other sources. We may receive information about you directly from the relevant developer or other third parties, including service providers and identity verification services.
How We Use Your Information
We use the information we collect to operate, improve, and protect the services we provide to our developers, and to develop new services. More specifically, we use your information:
To operate, provide, and maintain our services;
To improve, enhance, modify, add to, and further develop our services;
To protect you, our developers, our partners, or Plaid from fraud, malicious activity, and other privacy and security-related concerns;
To develop new services;
To provide customer support to our developers, including to help respond to your inquiries related to our service or our developers’ applications;
To investigate any misuse of our service or our developers’ applications, including violations of our Developer Policy, criminal activity, or other unauthorized access to our services; and
For any other purpose with your consent.
How We Share and Store Your Information
We take deliberate steps designed to protect end user information in our possession. These steps include, but are not limited to, maintaining information security controls such as data encryption, firewalls, logical and physical access controls, and continuous monitoring. These controls are regularly evaluated for effectiveness against industry-standards internally and by independent security auditors.
We do not sell or rent end user information to marketers or other third parties. But we do share end user information with third parties as described in this Policy. For example, we share your information with the developer of the application you are using and as directed by that developer (such as with another third party if so directed by you). We may also share your information:
With your consent;
With our service providers, partners, or contractors in connection with the services they perform for us or our developers;
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; or
As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our developers, our partners, or Plaid.
We may collect, use, and share information we collect in an aggregated or de-identified manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated or de-identified data based on the collected information to develop new services and to facilitate research.
We retain information we collect about you for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted under applicable law, regulation, or contract. As permitted under applicable law, even after you stop using an application or terminate your account with our developers we may still retain your information (for example, if you still have an account with another developer or if there is residual information within our databases or systems); however, your information will only be used and shared as required by law or in accordance with this Policy.
Some Last Details…
Changes to This Policy
Our full company name is Plaid Inc., and you can contact us at:
P.O. Box 636
San Francisco, CA 94104
Please note: In certain jurisdictions, you may have the right to obtain access to any personal information of yours that is under the control of an organization. We encourage you to reach out directly to the developer or provider of the application you are using with any questions about the developer’s services, access to your personal information, or about our relationship with that developer. We work with our developers to respond to inquiries that relate to us, our services, or our data practices, and may share any communications we receive from you or your contact information with the applicable developer to respond to such inquiries.
Effective Date: June 14, 2018
Thank you for visiting and/or using Plaid!
This Privacy Statement explains the ways Plaid Inc. ("Plaid," “we,” or “us”) may collect, use, and share information about you in connection with your access to or use of Plaid’s websites and our products and services (collectively, “Services”), and in connection with any other information we collect when you interact with us, except as outlined in the paragraph below. We hope you will take some time to read this Privacy Statement carefully.
Jump to section:
Our Data Practices
Information We Collect
Information you provide. We collect the information you provide directly to us, such as the information you provide when you create a developer account, update your profile, fill out our "contact us" forms, sign up for our emails, request customer support, enroll in billing, execute a services agreement, complete a compliance questionnaire, or otherwise communicate with us. The types of information we collect from you may include, but is not limited to, full name, email address, company name, address, phone number, driver’s license, date of birth, taxpayer identification number, and any other information you choose to provide.
Information we collect when you use our Services. When you use our Services, we automatically collect information about you, including:
Log Information: We collect log files when you use our Services, which includes, but is not limited to, the type of browser you use, access times, pages viewed, and your IP address.
Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information when you use our Services, including cookies and web beacons. Cookies are small data files stored by your web browser, on your hard drive, or in device memory that help us improve our Services and your experience, determine usage of parts and features of our Services, and monitor for and detect potential harmful conduct. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.
Information we collect from other sources. We may also collect information about you from other sources. For example, we may collect information about you from other members of your company, which may include your name, email address, and date of birth.
How We Use Your Information
Examples of how we use the information we collect include:
To operate, improve, and develop our Services;
To verify the identity of you and other members of your company;
To bill developers for our Services, to transmit payment, and for tax reporting purposes;
To send you technical notices, updates, security alerts, and administrative messages;
To respond to your comments, questions, inquiries, and customer service requests;
To help personalize the Services experience for you;
To communicate with you about products, services, offers, and events offered or sponsored by Plaid, and to provide news and other information we think may be of interest to you;
To monitor and analyze trends, usage, and activities in connection with our Services;
To try to detect and prevent fraud, malicious activity, and other illegal activities;
To protect the rights, privacy, safety, or property of Plaid and others; and
For any other purpose described to you when the information was collected.
How We Share Your Information
We may share information about you as follows, or as otherwise described in this Privacy Statement:
With our service providers, partners, contractors, or vendors, including collection agencies in the event of delinquent payments from our developers;
If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena), including in connection with requests from law enforcement or other governmental authorities;
If we believe your actions are inconsistent with our agreements or policies, or to protect the rights, privacy, safety, or property of Plaid or others;
In connection with a change in ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; and
With your consent or at your direction.
We may also collect, use, and share aggregated or de-identified information, which cannot reasonably be used to identify you, for any purpose permitted under applicable law.
Advertising and Analytics Services Provided by Others
Developer Account Information. You may update information you provide to us as part of your online developer account by logging into your account or by contacting us.
Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
Promotional or Marketing Communications. You may opt out of receiving promotional or marketing emails from Plaid by following the instructions in those emails. If you opt out and are one of our developers, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Access to Your Information. In certain jurisdictions, you have the right (i) to know if we have collected information about you under this Privacy Statement, (ii) to request access to the personal information we have in our custody and control (subject to certain legal limitations), and (iii) to have the right to have it corrected or annotated if you believe there are any errors in your personal information. As described above, if you are one of our developers, you can conveniently access your online account information by logging into your account or by contacting us. To obtain access to personal information, please contact us at the contact information provided below. We may require additional information to verify your identity, which will only be used for that purpose.
Changes to this Statement
We may change this Privacy Statement periodically. If we make changes, we will notify you by updating the effective date at the top of the Statement. We may also provide notice of any changes through other means, such as placing a notice on our homepage or sending you an email. We encourage you to review the Privacy Statement whenever you access the Services or otherwise interact with us to stay informed about our data practices and the choices available to you.
If you have any questions about this Privacy Statement, please contact us at:
P.O. Box 636
San Francisco, CA 94104
Effective Date: May 15, 2018
This Developer Policy ("Policy") provides rules and guidelines that govern access to or use by our developers ("you" or “your”) of the Plaid API, websites (“Site”), dashboards, related tools, and other products or services (collectively, the "Service") provided by Plaid Inc. (“Plaid,” “we,” or “us”). Any violation of this Policy may result in suspension or termination of your access to the Service and/or access to end users’ personal and financial information ("End User Data").
By accessing and using the Service, you agree to comply with all the terms of this Policy. This Policy will apply each time you access or use the Service. If you are agreeing to the terms of this Policy on behalf of an organization or entity, you represent and warrant that you are so authorized to agree on behalf of that organization or entity. This Policy is important; please read it carefully.
We may change this Policy at any time in our discretion. If we make any change to this Policy that we deem to be material, we will make a reasonable effort to inform you of such change. If you don’t agree with the change, you are free to reject it; unfortunately, that means you will no longer be able to use the Service.
Jump to section:
To sign up for the Service, you must create an account ("Account") by registering on our Site and providing true, accurate, and complete information about yourself and your use of the Service. You agree not to misrepresent your identity or any information that you provide for your Account, and to keep your Account information up to date at all times. It is your responsibility to maintain access to your Account; you may never share your Account information, including your password and Client Secret, with a third party or allow any other application or service to act as you.
If you become aware of any unauthorized use of your Account or any other breach of security, please immediately notify us via email to firstname.lastname@example.org.
Compliance with Applicable Law
When using the Service, you must abide by all applicable local, state, national, and international laws and regulations. You also confirm that you, your business, your employees, your service providers, and any others acting on your behalf adhere to all applicable laws and regulations, especially those pertaining to financial and personally-identifiable data. You are solely responsible for ensuring that your use of the Service is in compliance with all laws and regulations applicable to you.
You are responsible for securely maintaining your authentication credentials, including your Client Identification Number ("Client ID") and Client Secret. You must notify us immediately in the event of any breach of security or unauthorized use of your Account or any End User Data. You must never publish, distribute, or share your Client ID or Secret, and must encrypt this information in storage and during transit.
Your systems and application(s) must handle End User Data securely. With respect to End User Data, you should follow industry best practices but, at a minimum, must perform the following:
Maintain administrative, technical, and physical safeguards that are designed to protect the security, privacy, and confidentiality of End User Data.
Use modern and industry standard cryptography when transmitting any End User Data.
Maintain reasonable access controls to ensure that only authorized people have access to any End User Data.
Monitor your systems for any unauthorized access. Patch vulnerabilities in a timely fashion. Log and review any events suggesting unauthorized access.
Plan for and respond to security incidents.
Comply with relevant rules and regulations with regard to the type of data you are handling, such as the Safeguards Rule.
Unless otherwise agreed in writing with Plaid, you agree to only store all End User Data in the locations in which you operate. Any End User Data in your possession must be stored securely and in accordance with applicable laws and regulations.
You, and you alone, are responsible for providing all customer service to your end users for any and all issues relating to your product and services, including but not limited to issues relating to your use of the Service.
Once you stop using the Service in accordance with any applicable agreement you may have with us, you may deactivate your Account by following the instructions on the Site. We may also deactivate your Account if you have ceased using the Service for three months; your applicable agreement with us terminates or expires; or as reasonably necessary under applicable law. After your Account deactivation, we will deprovision your access to all End User Data associated with your integration.
You agree not to, and agree not to assist or otherwise enable any third party to:
access or use the Service or End User Data for any unlawful, infringing, threatening, abusive, obscene, harassing, defamatory, deceptive, or fraudulent purpose;
collect and store end user’s bank credentials and/or End User Data other than as required to access or use the Service, as authorized by the end user, as permitted by Plaid, and as permitted under applicable law;
use or disclose any "nonpublic personal information" (as defined under the Gramm-Leach-Bliley Act) received from Plaid for any purpose not permitted under applicable law;
access or use the Service or access, transmit, process, or store End User Data in violation of any applicable privacy laws or in any manner that would be a breach of contract or agreement with the applicable end user;
access or use the Service to infringe any patent, trademark, trade secret, copyright, right of publicity, or other right of any person or entity;
access or use the Service for any purpose other than for which it is provided by us, including for competitive evaluation, spying, creating a substitute or similar service to any of the Service, or other nefarious purpose;
scan or test (manually or in an automated fashion) the vulnerability of any Plaid infrastructure without express prior written permission from Plaid;
breach, disable, interfere with, or otherwise circumvent any security or authentication measures or any other aspect of the Service;
overload, flood, or spam any part of the Service;
create developer accounts for the Service by any means other than our publicly-supported interfaces (e.g., creating developer accounts in an automated fashion or otherwise in bulk);
transfer, syndicate, resell, or otherwise distribute the Service or End User Data without express prior written permission from Plaid;
decipher, decompile, disassemble, copy, reverse engineer, or attempt to derive any source code or underlying ideas or algorithms of any part of the Service, except as permitted by applicable law;
modify, translate, or otherwise create derivative works of any part of the Service;
access or use the Service or End User Data in a manner that violates any agreement between you or the end user and Plaid; or
access or use the Service or End User Data in a manner that violates any applicable law, statute, ordinance, or regulation.
Suspension and Termination
We reserve the right to withhold or refuse access to the Service and/or End User Data in whole or in part where we believe the Service is being accessed or used in violation of this Policy or any other Plaid agreement, including Plaid’s agreements with any third party partners or data sources of Plaid (each, a "Partner"), or where use would pose a risk to an end user, any Partner, or Plaid itself.
We will use reasonable efforts to notify you via email or other method when deciding to suspend or terminate access to the Service and/or End User Data. We may immediately suspend or terminate access without notice if appropriate under the circumstances, such as when we become aware of activity that is a violation of any applicable law or that exposes Plaid, its infrastructure, data, or Service, or any Partner to harm, including reputational harm.
Plaid will not be liable for any damages of any nature suffered by you or any third party resulting from Plaid’s exercise of its rights under this Policy or under applicable law.
If any person becomes aware of a violation of this Policy, we request that you immediately notify us via email to email@example.com. We may take any appropriate action -- including reporting any activity or conduct that we suspect violates the law to appropriate law enforcement officials, regulators, or other appropriate third parties -- in our sole discretion in respect to such violations.
The failure by you or Plaid to exercise in any respect any right provided for herein shall not be deemed a waiver of any further rights hereunder.
If any provision of this Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Policy shall otherwise remain in full force and effect and enforceable.