Overview

As with everything we do, we have tried to simplify a complex process and make our legal documents as reader-friendly as possible. However, (contrary to the simplicity of our API) some complexities persist in these documents. As you read and have questions, please do not hesitate to contact us.

Privacy Policy

Last updated November 11th, 2013; Effective until June 13, 2018

Scope

We at Plaid Inc. ("we", "us" or "our") know you care about how your personal information is used and shared - and we take your privacy seriously. This privacy policy ("Privacy Policy") covers our treatment of personally identifiable information ("Personal Information"), and certain non-personally identifiable information, that we gather when you use or otherwise engage (via mobile application, web browsing or otherwise) with our website or services (collectively, the "Service"). It describes what types of information we collect, how we use that information, and who we share that information with.

By using or accessing the Service in any manner, you acknowledge that you accept and agree to the terms, practices and policies outlined in this Privacy Policy, and you hereby consent that we may collect, use, and share your information as set forth below.

This policy does not apply to any website, product or service of any third-party company even if the website or application links to (or from) the Service. Plaid does not operate those websites, products, or services - please always review the privacy practices of a company before deciding whether to provide any information to them.

Information We Collect

In general, we collect information in a number of ways, including (i) when a client or end-user provides it directly to us via the Website and/or Service, (ii) when we obtain end-user information through trusted third parties including financial institutions, (iii) through your continued access of the Service, including data passively collected through technology such as "cookies". The types of information we collect and our use of that information will depend on whether you are a Website Visitor, Client, or End-User.

By signing up for the Service, whether directly on our site, with one of the third-party applications that uses our software, or by any other means, you consent to these terms. Some features of the Service allow you to provide content, including financial credentials and information, to the Service. All content submitted by you to the Service or collected on your behalf from a third-party (e.g., client) application or a financial institution (e.g., a bank) may be retained by us indefinitely, even after you terminate your account. We may continue to disclose such content to third parties in a manner that does not reveal Personal Information, as described in this Privacy Policy

Cookies and IP Addresses

We automatically receive and record information from your web browser when you interact with the Service, including your IP address and cookie information. This information is used for fighting spam/malware and also to facilitate collection of data concerning your interaction with the Service (e.g., what links you have clicked on). Generally, the Service automatically collect usage information, such as the number and frequency of visitors to the Site. We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Service so that we can analyze and improve them. We may also receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.

Cookies are pieces of text that may be provided to your computer through your web browser when you access a website. Your browser stores cookies in a manner associated with each website you visit. We use cookies to enable our servers to recognize your web browser and tell us how and when you visit the Site and otherwise use the Service through the Internet. Our cookies do not, by themselves, contain Personal Information, and we do not combine the general information collected through cookies with other Personal Information to tell us who you are. As noted, however, we do use cookies to identify that your web browser has accessed aspects of the Service and may associate that information with your Account if you have one. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. We strongly recommend that you leave cookies active, because they enable you to take advantage the most attractive features of the Service. This Privacy Policy covers our use of cookies only and does not cover the use of cookies by third parties. We do not control when or how third parties place cookies on your computer. For example, third party websites to which a link points may set cookies on your computer.

Website Visitors

To simply browse our Website, you are not required to provide any Personal Information. However, we may gather non-personally-identifiable information, as described directly above, just for the purposes of monitoring and improving our Website and the Service. We will not share this information with third parties except as a necessary part of providing our Website and the Service, nor will we use it to target any advertisements to you. Of course, if you sign up with or use any of our services, more information is shared.

Clients

When you use Plaid services as a client, whether paid or unpaid, we will gather and store your name, company name, email address, phone number, billing address, and any other relevant information that you provide directly to us. Any and all test and/or live users that sign up as an end-user of your services fall under the end-user category. If you sign up for a paid account, we will also store the relevant data required to complete your transaction, including but not limited to your financial information, bank account numbers, routing numbers, billing address and company name. We may also rely on a third-party payment processor to complete transactions, and all data shared with them falls under their own privacy policies. Further, we will collect and associate all relevant end-user data with your client account, including but limited to end-user names, email addresses, billing addresses and financial information. We may additionally collect information on the IP addresses, devices, and locations used to access Plaid, which may be linked to your account for fraud detection and prevention purposes. Finally, we may collect additional data for identity verification on an as-needed based determined at our own sole discretion.

End-Users

As an end-user of any application that utilizes the Service, whether via a client or other third-party, directly via use of our API or other services, or through an application built by us directly, you are agreeing to share financial information with us including, but not limited to, your account credentials, transactional histories, account numbers, and balances/limits as well as general identity data including names and addresses of all account holders. You are enabling us to interact with and through your financial institutions on your behalf and with your consent. We may also retrieve information pertaining to usage of our client applications and other general activity that comes through use of the Service.

We collect statistical information about how both unregistered and registered users, collectively, use the Service ("Aggregate Information"). Some of this information is derived from Personal Information. This statistical information is not Personal Information and cannot be tied back to you, your Account or your web browser.

How We Use Personal Information

Plaid uses your Personal Information as follows:

  • To operate and maintain the Service (such as, overall operating and maintenance, providing customer service, fixing malfunctions, testing our security systems, etc.).

  • To provide you with the features, functions and benefits of the Service (such as, displaying to information regarding your financial accounts).

  • To enhance, improve, add to and further develop the Service (such as, creating new features or functions, refining or personalizing the user experience, increasing Service technical performance, etc.).

  • We will use your contact information (such as, your email address or phone number) to provide you with Service notifications.

  • To help personalize the Service experience for you (such as, remembering your information so you will not have to enter it each time you use the Service or providing you with offers, advertisements or features you may like).

  • And for the other purposes referenced in the "Sharing and Disclosure" section below (such as, for the purposes of legal compliance).

Sharing and Disclosure

Plaid does not sell or rent any personal information to marketers or third parties that have not been explicitly authorized (e.g., in the case of a client).

We may share your Personal Information with trusted third parties who are integral to the operation of our Website and the Service, including but not limited to financial institutions, payment processors, verification services and credit bureaus, as well as any third parties that you have directly authorized to receive your Personal Information. We may store your Personal Information in locations outside the direct control of Plaid, for instance, on servers or databases co-located with hosting providers.

If you authorize an application to access your Plaid account, you acknowledge that we may share financial information with the third party that provides the authorized application. The use of your information by such third party will be subject to their applicable privacy policy, which you should carefully review.

We may disclose your Personal Information to law enforcement, government officials, or other third parties if: (i) we are compelled to do so by subpoena, court order or other legal process, (ii) we must do so to comply with laws, statutes, rules or regulations, including credit card rules, (iii) we believe in good faith that the disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Use.

We will only disclose your Personal Information in response to such a request if we believe in good faith that doing so is necessary to comply with applicable law or a legal obligation to which we are bound. If we receive such a request, we will use reasonable efforts to give you prompt notice, so that you may contest it if you choose. We will not provide you such notice if we determine in good faith that either (a) we are not permitted to provide it under applicable law, or (b) that doing so would result in an imminent risk of death, serious physical injury or significant property loss or damage to Plaid or a third party. In addition, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar events, certain information in our possession may be transferred to our successor or assign.

We may occasionally email you with information about offers or new services. You can opt out of these email communications by replying with unsubscribe in the subject line, or via an unsubscribe link included in such communications. However, you will continue to receive certain email communications related to your account including information regarding transactions and your relationship with Plaid.

Protection of Information

Although no data storage or transmission can be 100% secure, we take significant steps to protect user and account information to ensure that it is kept private. Plaid maintains strict administrative, technical, and physical procedures to protect information stored in our servers, which are located in the United States. Access to information is limited (through user and password credentials and software systems) to those employees who require it to perform their job functions. We use industry-standard Secure Socket Layer encryption to safeguard the account registration and sign-up information, along with the end-user sign-up process. Other safeguards include, but are not limited to data encryption, firewalls, and physical access controls to building and files.

Updates

This Privacy Policy was last changed on the date set forth at the top of the policy. We're constantly trying to improve the Service, so we may need to change this Privacy Policy from time to time as well, but we will alert you to changes by placing a notice on our website, by sending you an email, and/or by some other means. In addition, we will also edit the date at the top of this policy to reflect the date of the changes. Please note that if you've opted not to receive legal notice emails from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Service, and you are still responsible for reading and understanding them. If you use the Service after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is collected.

Information from Children

We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Service or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at privacy@plaid.com.

Contacting Us

If you have any questions or concerns regarding our privacy policies, please send us a detailed message to privacy@plaid.com, or: Attn: Legal; Plaid Inc. - San Francisco, CA 94105.

Terms of Use

Last updated on September 22nd, 2015

Welcome to Plaid! We created the Plaid service to make it easy for developers to build applications that connect with banks and credit cards. These Terms of Use set forth here constitute a legally binding agreement between Plaid Inc. ("Plaid", "we", "us" or "our") and the individual(s), application, service, or business named on the registration page or API License Agreement ("you", "your", "user", or "client"). By registering with us on our website ("Site"), our API License Agreement, or by using our service in any way - you agree to these Terms of Use and all other operating rules, policies and procedures that will be published from time to time on the Site. The Site and Plaid service will be referred to together as the "Service".

Plaid Services

The Service enables applications to connect with end-user-authorized data from financial institutions including banks, card issuers, and card networks ("financial institutions"). Further, we attempt to structure, normalize, and cleanse the data we return to the client into a concise and highly functional format. Plaid currently supports financial institutions in the United States. We are neither a bank, money service business, nor payment processor – and we cannot assume any liability for the products or services that are built using our service.

Our services are accessible using the Plaid API and related tools made available on this site and on our page on GitHub. Plaid makes no warranty for use of these services, which are provided "as-is" (see our disclaimer). You assume all risk for use of these services, as we cannot guarantee data quality, uptime, or other relative metrics. Our service is built to help you connect with end users' personal and financial information (such as from third party banks) ("End User Data"), and it is your responsibility to obtain your end-users' consent in compliance with the applicable legal requirements and rules. Further, use of our services for anything other than what is named in these Terms of Use or our Privacy Policy is prohibited.

Plaid supports certain financial institutions via Plaid's native technology. For other institutions (which we label "longtail institutions"), Plaid utilizes information passed from a third-party provider. When you access information from the longtail institutions, your usage is governed by these Terms of Use and the relevant Additional Provisions.

Registration

The Service is made available under these Terms of Use to individuals or businesses to collect End User Data. To sign up for the Service, you must create an account ("Account") by registering using our registration page or our API License Agreement and providing basic information including your name, company name, location, email address, company/site URL, and phone number. You must provide accurate and complete information and keep your Account information updated. It is your responsibility to maintain access to your account; you may never share your account information with a third party or allow any other application or service to act as you.

By accepting these Terms of Use, you confirm that you, your business, your employees, and any others relating to you adhere to all local laws and regulations, especially those pertaining to financial and personally identifiable data.

Customer Service

We will provide customer service to help resolve any issues relating to your Account, our services, and the other use of our software. The extent and nature of such customer service may be determined by Plaid in its sole and absolute discretion. You, and you alone, are responsible for providing all customer service to your end-users for any and all issues relating to your product and services, including but not limited to issues relating to the Service. For questions on how to contact Plaid support, please see our support page.

General Services Content

You agree that the Service contains information and other content specifically provided by Plaid or its partners and that such content is protected by copyrights, trademarks, service marks, patents, trade secrets or other proprietary rights and laws. For clarity, this section does not apply to end User Data. Except as expressly authorized by Plaid in writing, you shall not sell, license, rent, modify, distribute, copy, reproduce, transmit, publicly display, publicly perform, publish, adapt, edit or create derivative works from such content. However, Plaid hereby grants you a limited, revocable, non-sublicensable license to reproduce and display such content (excluding any software code); provided, that you retain all copyright and other proprietary notices contained therein. Reproducing, copying or distributing any such content, including any materials or design elements on the Service, for any other purpose is strictly prohibited without the express prior written permission of Plaid.

Your Security Obligations

We cannot guarantee the security of our users' applications. We reserve the right to terminate a user without notice if we suspect that they are at risk of a security breach. While we cannot ensure that our users follow all the necessary security protocols, we strongly recommend that you adhere to the following minimum security protocols:

  • Use of PCI compliant servers

  • Use of HTTPS for all API requests (non-HTTPS requests are currently disabled)

  • Do not store end-user credentials or other sensitive personally identifiable information

  • Encryption of your client ID and secret in all storage and communication

It is your responsibility to maintain the security of your account information, including your Client Identification Number ("client ID") and Client Secret ("secret"). You must notify us immediately of any breach of security or unauthorized use of your Account. You may never publish, distribute or share your Client ID or Secret.

Prohibited Uses

You are responsible for all of your (and your end users') activity in connection with the Service. You shall not (and shall not permit any other party to) either (a) take any action or (b) upload, download, post, submit or otherwise distribute or facilitate distribution of any content on or through the Service, that:

  • infringes any patent, trademark, trade secret, copyright, right of publicity or other right of any other person or entity or violates any law or contractual duty;

  • is unlawful, threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another's privacy, tortious, obscene, vulgar, pornographic, offensive, profane, contains or depicts nudity, contains or depicts sexual activity, or is otherwise inappropriate as determined by us in our sole discretion;

  • contains software viruses or any other computer codes, files, or programs that are designed or intended to disrupt, damage, limit or interfere with the proper function of any software, hardware, or telecommunications equipment or to damage or obtain unauthorized access to any system, data, password or other information of ours or of any third party;

  • impersonates any person or entity, including any of our employees or representatives; or

  • includes anyone's identification documents or sensitive financial information.

The Service may only be used by you to interact directly with your end-users. You will not resell or otherwise distribute the Service. In accepting these Terms of Use, you agree to use the Service for the purposes for which it is provided by us and not for competitive evaluation, spying, copying, or other nefarious purposes.

You shall not (directly or indirectly): (i) decipher, decompile, disassemble, reverse engineer or otherwise attempt to derive any source code or underlying ideas or algorithms of any part of the Service (including without limitation any application), except to the limited extent applicable laws specifically prohibit such restriction, (ii) modify, translate, or otherwise create derivative works of any part of the Service, or (iii) copy, rent, lease, distribute, or otherwise transfer any of the rights that you receive hereunder. You shall abide by all applicable local, state, national and international laws and regulations.

You shall not: (i) take any action that imposes or may impose (as determined by us in our sole discretion) an unreasonable or disproportionately large load on our (or our third party providers') infrastructure; (ii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; (iii) bypass, circumvent or attempt to bypass or circumvent any measures we may use to prevent or restrict access to the Service (or other accounts, computer systems or networks connected to the Service); (iv) run any form of auto-responder or "spam" on the Service; (v) use manual or automated software, devices, or other processes to "crawl" or "spider" any page of the Site; (vi) harvest or scrape any content from the Services; or (vii) otherwise take any action in violation of our guidelines and policies.

Suspicion

We reserve the right to withhold our services in their entirety or in part where we believe they are being used in violation of these Terms of Use, any other Plaid agreement, or pose a risk to the end-user, client, or Plaid itself. Under the terms of these Terms of Use, you are granting us authorization to share information with law enforcement about you, your transactions, your Plaid account, or your end users if we reasonably suspect that your use of the Service has been for an unauthorized, illegal, or criminal purpose.

Privacy and End User Data

For our privacy policies, please see our Privacy Policy. If you produce an end user-facing product (such as a mobile application) using the Service, the following applies:

Your product must maintain a clear and conspicuous link in its privacy policy to Plaid's Privacy Policy. Such link must include a clear and conspicuous statement that each end user acknowledges and agrees that information will be treated in accordance with such policy. You will ensure that each end user is put on notice of, and agrees to, such policy prior to engaging with your product in a manner that uses the Service. In addition, your product's end user agreement must include an express authorization by the end user expressly granting Plaid the right, power and authority to (acting on behalf of such end user) access and transmit the End User Data as reasonably necessary for Plaid to provide the Service to such end user. All of the foregoing must be done in a form and manner that is acceptable to Plaid. You will immediately make any changes requested by us.

Payments and Billing

Certain aspects of the Service may be subject to payments now or in the future (the "paid services"). Please note that any payment terms presented to you in the process of using or signing up for a paid service are deemed part of these Terms of Use.

We may use a third-party payment processor to bill you through a payment account linked to your account on Plaid (your "billing account") for use of the paid services. The processing of payments will be subject to the terms, conditions and privacy policies of the payment processor in addition to these Terms of Use. We are not responsible for error by the payment processor. By choosing to use paid services, you agree to pay us, through the payment processor, all charges at the prices then in effect for any use of such paid services in accordance with the applicable payment terms and you authorize us, through the payment processor, to charge your payment provider (your "payment method"). You agree to make payment using that selected payment method. We reserve the right to correct any errors or mistakes that it makes even if it has already requested or received payment.

The terms of your payment will be based on your payment method and may be determined by agreements between you and the financial institution, credit card issuer or other provider of your payment method. If we, through the payment processor, do not receive payment from you, you agree to pay all amounts due on your billing account upon demand.

Some of the paid services may consist of recurring period charges as agreed to by you. By choosing a recurring payment plan, you acknowledge that such services have an initial and recurring payment feature and you accept responsibility for all recurring charges prior to cancellation. We may submit periodic charges (e.g., monthly) without further authorization from you, until you provide notice (receipt of which is confirmed by us) that you have terminated this authorization or wish to change your payment method. Such notice will not affect charges submitted before we reasonably could act.

You must provide current, complete and accurate information for your billing account. You must promptly update all information to keep your billing address current, complete and accurate, and must promptly notify us or your payment processor if your payment method is canceled (e.g., for loss or theft) or if you become aware of a potential breach of security. If you fail to provide any of the foregoing information, you agree that we may continue charging you for any use of paid services under your billing account unless you have terminated your paid services as set forth above.

If the amount to be charged to your billing account varies from the amount you preauthorized (other than due to the imposition or change in the amount of state sales taxes), you have the right to receive, and we shall provide, notice of the amount to be charged and the date of the charge before the scheduled date of the transaction. Any agreement you have with your payment provider will govern your use of your payment method. You agree that we may accumulate charges incurred and submit them as one or more aggregate charges during or at the end of each billing cycle.

Your non-termination or continued use of a paid service reaffirms that we are authorized to charge your payment method for that paid service. We may submit those charges for payment and you will be responsible for such charges. This does not waive our right to seek payment directly from you. Your charges may be payable in advance, in arrears, per usage, or as otherwise described when you initially selected to use the paid service.

Indemnification

You shall defend, indemnify, and hold harmless Plaid, our affiliates and each of our and their respective employees, contractors, directors, suppliers and representatives from all damages, losses, liabilities, claims, and costs and expenses, including all attorneys' fees, that arise from or relate to: (i) your use or misuse of, or access to, the Service, (ii) your violation of these Terms of Use, (iii) any content, information or materials provided by you or any or your end users, (iv) disputes or issues your end users may have with respect to you or any of your products or services or content, (v) disputes or issues your end users may have with respect to any End User Data (including, without limitation, with respect to the timeliness, accuracy or completeness thereof), or (vi) infringement by you, or any third party using your account or identity in the services, of any intellectual property or other right of any person or entity. We reserve the right to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you will assist and cooperate with us in asserting any available defenses.

References

You agree that, during the time you are a registered Service user, we may identify you as a customer of Plaid (including, without limitation, on the Site and in promotional materials).

Termination

We may terminate or suspend your access to all or any part of the Service at any time, with or without cause, with or without notice, effective immediately. If you wish to terminate your account, you may do so by following the instructions on the Site. Any fees paid hereunder are non-refundable. All provisions of these Terms of Use, which by their nature should survive termination, shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.

Limitation on Liability

IN NO EVENT SHALL PLAID, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, VENDORS OR SUPPLIERS BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL THEORY WITH RESPECT TO THE APPLICATION: (I) FOR ANY LOST PROFITS OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, EVEN IF FORESEEABLE, (II) FOR ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION), OR (III) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) $100.00 (U.S.) (PROVIDED THAT, IF YOU ARE A PAYING USER OF THE SERVICE, SUCH AMOUNT SHALL BE CAPPED AT THE AMOUNTS PAID BY YOU TO PLAID DURING THE THREE (3) MONTH PERIOD IMMEDIATELY PRIOR TO THE DATE THE CAUSE OF ACTION ACCRUED). THE FOREGOING LIMITATIONS SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

Disclaimers

THE SERVICE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. PLAID MAKES NO WARRANTY THAT (I) THE SERVICE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR (II) THE RESULTS OF USING THE SERVICE WILL MEET USER'S REQUIREMENTS. IN ADDITION, PLAID MAKES NO WARRANTY THAT ANY END USER DATA WILL BE TIMELY, ACCURATE OR COMPLETE. THE FOREGOING DISCLAIMERS SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

Modification

We reserve the right, in our sole discretion, to modify or replace any of these Terms of Use, or change, suspend, or discontinue an aspect of the Service at any time by posting a notice on the Site or by sending you notice through the Service, via e-mail, as an account notification, or by another appropriate means of electronic communication. We may also impose limits on certain features and services or restrict your access to parts or all of the Service without notice or liability. While we will timely provide notice of modifications, it is also your responsibility to check these Terms of Use periodically for changes. Your continued use of the services following notification of any changes to these Terms of Use constitutes acceptance of those changes.

Miscellaneous

The failure of either party to exercise in any respect any right provided for herein shall not be deemed a waiver of any further rights hereunder. Plaid shall not be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond Plaid's reasonable control, including, without limitation, mechanical, electronic or communications failure or degradation (including "line-noise" interference). If any provision of these Terms of Use is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that these Terms of Use shall otherwise remain in full force and effect and enforceable. These Terms of Use are not assignable, transferable or sublicensable by you except with our prior written consent. Plaid may transfer, assign or delegate these Terms of Use and its rights and obligations without consent. These Terms of Use shall be governed by and construed in accordance with the laws of the state of California, as if made within California between two residents thereof, and the parties submit to the exclusive jurisdiction and venue of the state and Federal courts located in San Francisco, California. Notwithstanding the foregoing sentence, (but without limiting either party's right to seek injunctive or other equitable relief immediately, at any time, in any court of competent jurisdiction), any disputes arising with respect to these Terms of Use shall be settled by arbitration in accordance with the rules and procedures of the Judicial Arbitration and Mediation Service, Inc. ("JAMS"). The arbitrator shall be selected by joint agreement of the parties. In the event the parties cannot agree on an arbitrator within thirty (30) days of the initiating party providing the other party with written notice that it plans to seek arbitration, the parties shall each select an arbitrator affiliated with JAMS, which arbitrators shall jointly select a third such arbitrator to resolve the dispute. The written decision of the arbitrator shall be final and binding on the parties and enforceable in any court. The arbitration proceeding shall take place in San Francisco, California using the English language. Both parties agree that these Terms of Use are the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of these Terms of Use, and that all modifications must be in a writing signed by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of these Terms of Use and you do not have any authority of any kind to bind Plaid in any respect whatsoever.

End User Privacy Policy

Effective Date: June 14, 2018

Privacy and security are very important to us at Plaid. This Privacy Policy is meant to help you understand how we collect, use, and share end user information in our possession to operate, improve, develop, and protect our services, and as otherwise outlined in this Policy. Please take some time to read this Policy carefully.

Jump to section:

First, Some Background

Our Data Practices

Some Last Details...

First, Some Background

A quick note about Plaid

Our mission at Plaid is to empower innovators by delivering access to the financial system. Our technology provides an easy way for you (the "end user") to connect your bank account and other financial accounts to software applications that can help you do things like save for retirement, manage your spending, streamline credit applications, or transfer money. These software applications are built and provided by our business customers (we’ll call them “developers” here), and powered by Plaid. By delivering access to high-quality, usable financial account data that we’ve translated and standardized, we enable our developers to focus on building experiences that benefit you.

About this Privacy Policy

Our goal with this Policy is to provide a simple and straightforward explanation of what information Plaid collects from and about end users, and how we use and share that information. While we generally rely upon our developers to inform you about the services we provide to the developer, and also to provide notice and obtain any necessary consent for us to process your information, we value transparency and want to provide you with a clear and concise description of how we treat your information.

Please note that this Policy only covers the information that Plaid collects, uses, and shares, and it does not explain what our developers do with any end user information we provide to them (or any other information they may collect about you, their end user). This Policy also does not cover any websites, products, or services provided by others. We encourage you to review the privacy policies or notices of our developers or those third parties for information about their practices.

Our Data Practices

Information We Collect

Information you provide. When you connect your financial accounts with a developer application, you may provide, through our integrated services, login information required by your financial institution to access your account, such as your username and password, answers to challenge questions, or a security token. When providing this information, you give the developer, and Plaid as its service provider, the authority to act on your behalf to access and transmit your information from the relevant financial institution.

Information collected from your financial institutions. The information we receive from the financial institutions that maintain your financial accounts may vary depending on the specific Plaid services our developers use to power their applications, as well as the information made available by your financial institutions. The types of information we collect from your financial institutions may include, but are not limited to:

  • Account information, including financial institution name, account name, account type, and account and routing number;

  • Information about an account balance, including current and available balance;

  • Information about credit accounts, including statement due dates and balances owed, payment amounts and dates, transaction history, and interest;

  • Information about loan accounts, including due dates, balances, payment amounts and dates, interest, loan type, payment plan, and term;

  • Information about the account owner(s), including name, email address, phone number, and address information; and

  • Information about account transactions, including amount, date, type, and a description of the transaction.

The data may include information from all your sub-accounts (e.g., checking, savings, and credit card) accessible through a single set of account credentials, even if only a single sub-account is designated by you.

Information received from your devices. Our technology is embedded in our developers’ applications. When you use your device to connect to our services through a developer application, we receive information about that device, including IP address, hardware model, operating system, and other technical information about the device. We may also use cookies or similar tracking technologies to collect usage statistics and to help us improve our services.

Information we receive about you from other sources. We may receive information about you directly from the relevant developer or other third parties, including service providers and identity verification services.

How We Use Your Information

We use the information we collect to operate, improve, and protect the services we provide to our developers, and to develop new services. More specifically, we use your information:

  • To operate, provide, and maintain our services;

  • To improve, enhance, modify, add to, and further develop our services;

  • To protect you, our developers, our partners, or Plaid from fraud, malicious activity, and other privacy and security-related concerns;

  • To develop new services;

  • To provide customer support to our developers, including to help respond to your inquiries related to our service or our developers’ applications;

  • To investigate any misuse of our service or our developers’ applications, including violations of our Developer Policy, criminal activity, or other unauthorized access to our services; and

  • For any other purpose with your consent.

How We Share and Store Your Information

We take deliberate steps designed to protect end user information in our possession. These steps include, but are not limited to, maintaining information security controls such as data encryption, firewalls, logical and physical access controls, and continuous monitoring. These controls are regularly evaluated for effectiveness against industry-standards internally and by independent security auditors.

We do not sell or rent end user information to marketers or other third parties. But we do share end user information with third parties as described in this Policy. For example, we share your information with the developer of the application you are using and as directed by that developer (such as with another third party if so directed by you). We may also share your information:

  • With your consent;

  • With our service providers, partners, or contractors in connection with the services they perform for us or our developers;

  • If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);

  • In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);

  • Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; or

  • As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our developers, our partners, or Plaid.

We may collect, use, and share information we collect in an aggregated or de-identified manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated or de-identified data based on the collected information to develop new services and to facilitate research.

We retain information we collect about you for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted under applicable law, regulation, or contract. As permitted under applicable law, even after you stop using an application or terminate your account with our developers we may still retain your information (for example, if you still have an account with another developer or if there is residual information within our databases or systems); however, your information will only be used and shared as required by law or in accordance with this Policy.

Some Last Details…

Changes to This Policy

We may change this Privacy Policy from time to time. If we make changes, we will post the new policy on Plaid’s website at plaid.com/legal and update the effective date at the top of this Policy. We will also notify our developers of any material changes in accordance with our developer agreements, as they are generally best positioned to notify their end users about such changes to this Policy, as appropriate.

Contacting Plaid

Our full company name is Plaid Inc., and you can contact us at:

Plaid Inc.

P.O. Box 636

San Francisco, CA 94104

Attn: Legal

privacy@plaid.com

Please note: In certain jurisdictions, you may have the right to obtain access to any personal information of yours that is under the control of an organization. We encourage you to reach out directly to the developer or provider of the application you are using with any questions about the developer’s services, access to your personal information, or about our relationship with that developer. We work with our developers to respond to inquiries that relate to us, our services, or our data practices, and may share any communications we receive from you or your contact information with the applicable developer to respond to such inquiries.

Politique de protection de la confidentialité

Date d’entrée en vigueur : le 14 juin 2018

Plaid attache une grande importance à la confidentialité et à la sécurité. Cette Politique de confidentialité vise à vous aider à comprendre, entre autres méthodes décrites dans les présentes, comment nous recueillons, utilisons et communiquons l’information sur l’utilisateur final que nous détenons, dans le but d’exécuter, d’améliorer, de développer et de protéger nos services. Nous vous prions de prendre le temps de la lire attentivement.

Passez à la section:

Un peu de contexte pour commencer

Comment nous traitons les données

Quelques derniers petits détails...

Un peu de contexte pour commencer

Un petit mot au sujet de Plaid

Plaid se fixe pour mission d’autonomiser les innovateurs en leur assurant un accès au système financier. Notre technologie vous offre (à titre d’« utilisateur final ») un moyen facile de relier votre compte bancaire et vos autres comptes financiers à des applications logicielles qui peuvent vous aider à, par exemple, épargner en vue de la retraite, gérer vos dépenses, simplifier vos demandes de crédit, ou transférer des fonds. Plaid est le moteur de ces applications logicielles, qui sont créées et fournies par nos clients commerciaux (nous les désignons ici sous le nom de « développeurs »). Nous assurons l’accès à des données financières utilisables et de grande qualité, que nous traduisons et normalisons en vue d’aider nos développeurs à se concentrer sur l’élaboration d’une expérience dont vous tirerez profit.

Concernant cette Politique de confidentialité

Nous voulons dans cette Politique donner une explication simple et directe de la nature de l’information que Plaid recueille auprès des utilisateurs finaux, et à leur sujet, ainsi que de nos méthodes d’utilisation et de communication de cette information. Si nous faisons généralement appel à nos développeurs pour vous tenir informés des services que nous fournissons à ces derniers, et aussi pour communiquer des avis et obtenir les consentements qui nous sont nécessaires pour traiter vos données, nous avons la transparence à cœur et nous tenons à décrire clairement et en peu de mots comment nous traitons vos données.

Notez que cette Politique porte uniquement sur l’information que Plaid recueille, utilise et transmet, sans expliquer l’usage que font nos développeurs de toute donnée sur un utilisateur final que nous leur transmettons (ou autre information qu’ils peuvent recueillir au sujet de cet utilisateur final, c’est-à-dire vous-même). Cette politique ne traite pas non plus des sites Web, produits ou services fournis par d’autres. Nous vous invitons à passer en revue les politiques ou avis de confidentialité de nos développeurs ou des tierces parties en cause afin de vous mettre au courant de leurs façons de faire.

Comment nous traitons les données

Information que nous recueillons

L’information que vous fournissez: lorsque vous reliez vos comptes financiers à l’application d’un développeur, vous pouvez faire appel à nos services intégrés pour communiquer les données de connexion dont votre institution financière a besoin pour accéder à votre compte (nom d’utilisateur et mot de passe, réponses à des questions d’identification, jeton de sécurité, etc.). Quand vous donnez cette information, vous accordez au développeur (et à Plaid en sa qualité de fournisseur de services) le pouvoir d’agir en votre nom pour accéder à vos renseignements depuis l’institution financière en cause, et les transmettre.

L’information recueillie auprès de vos institutions financières : la nature de l’information que nous envoient les institutions financières détenant vos comptes financiers varie en fonction des services particuliers de Plaid dont se servent nos développeurs pour leurs applications, de même que de l’information mise à notre disposition par vos institutions financières. Les types d’information que nous recueillons auprès de vos institutions financières peuvent comprendre, notamment, mais non limitativement:

  • de l’information sur le compte (nom de l’institution financière, nom du compte, type de compte, numéro de compte et d’acheminement, etc.);

  • de l’information sur le solde du compte, notamment le solde actuel et le solde disponible;

  • de l’information sur les comptes de crédit, notamment dates d’échéance et solde dû dans les relevés, montants et dates des paiements, historique des opérations, et intérêts;

  • de l’information sur les comptes de prêt, notamment dates d’échéance, soldes, montants et dates des paiements, intérêts, type de prêt, mode de paiement, et durée du prêt;

  • de l’information sur le ou les détenteurs du compte (nom, adresse courriel, numéro de téléphone, adresse, etc.);

  • de l’information sur les opérations du compte, notamment le montant, la date et le type, et une description de l’opération.

Les données peuvent comprendre de l’information sur tous vos sous-comptes (de chèques, d’épargne, carte de crédit, etc.) accessibles au moyen d’un ensemble unique d’identifiants de compte, même si vous n’avez désigné qu’un seul sous-compte.

L’information envoyée par vos appareils : notre technologie est intégrée aux applications de nos développeurs. Quand votre appareil se connecte à nos services par une application d’un développeur, nous recevons des données sur cet appareil (adresse IP, modèle du matériel, système d’exploitation et autres données techniques). Nous pouvons aussi faire appel à des cookies (témoins), ou technologies de suivi semblables, pour recueillir des données sur le taux d’utilisation et pour nous aider à améliorer nos services.

L’information à votre sujet qui nous parvient d’autres sources: nous pouvons aussi recevoir de l’information à votre sujet directement du développeur en cause ou d’autres tierces parties, notamment des fournisseurs de services et des services de vérification de l’identité.

Usage que nous faisons de vos renseignements

Nous nous servons de l’information que nous recueillons pour exploiter, améliorer et protéger les services que nous offrons à nos développeurs, et pour en créer de nouveaux. Plus précisément, nous faisons l’usage des renseignements à votre sujet aux fins suivantes :

  • Exploiter, fournir et maintenir nos services;

  • Améliorer, rehausser, modifier, agrandir et développer encore davantage nos services;

  • Vous protéger et protéger nos développeurs, nos partenaires ou Plaid contre la fraude, les actes malveillants, et les autres problèmes de confidentialité et de sécurité;

  • Développer de nouveaux services;

  • Assurer un soutien à nos clients développeurs, entre autres aider à répondre à vos demandes de renseignements sur nos services ou sur les applications de nos développeurs;

  • Enquêter sur tout usage abusif de nos services ou des applications de nos développeurs, y compris sur toute violation de notre Politique relative aux développeurs, sur des activités criminelles ou sur les accès non autorisés à nos services;

  • À toute autre fin à laquelle vous consentez.

Comment nous communiquons et stockons vos renseignements

Nous prenons des mesures destinées spécifiquement à protéger l’information de l’utilisateur final en notre possession, entre autres en assurant des contrôles de la sécurité de l’information comme le cryptage de données, les pare-feu, les contrôles d’accès logiques et physiques, et la surveillance permanente. L’efficacité de ces contrôles fait l’objet d’évaluations périodiques à l’interne en fonction des normes de l’industrie, et par des auditeurs de sécurité indépendants.

Nous ne vendons ni ne louons de renseignements relatifs aux utilisateurs finaux aux spécialistes du marketing ou autres tierces parties, mais nous communiquons en fait de tels renseignements à des tiers, comme décrit dans la présente Politique. À titre d’exemple, nous communiquons vos renseignements au développeur de l’application que vous utilisez, selon les directives de ce développeur (par exemple avec une autre tierce partie si vous en donnez instruction). Nous pouvons aussi communiquer vos renseignements :

  • Avec votre consentement;

  • Avec nos fournisseurs de services, partenaires ou entrepreneurs relativement aux services qu’ils rendent à nous ou à nos développeurs;

  • Si nous croyons de bonne foi que la divulgation s’impose pour se conformer aux lois, règlements ou procédures juridiques applicables (par exemple une ordonnance d’un tribunal ou une assignation à témoigner);

  • En lien avec un changement de propriétaire ou de contrôle de notre entreprise, en tout ou en partie (fusion, acquisition, réorganisation, faillite, etc.);

  • Entre et parmi Plaid et ses parents, filiales et succursales actuels et futurs, et autres entreprises sous un même contrôle et une même propriété;

  • Selon ce que nous estimons raisonnable pour protéger vos droits, votre confidentialité, votre sécurité ou vos biens, ou ceux de nos développeurs ou partenaires, ou de Plaid.

Nous pouvons recueillir, utiliser et communiquer les renseignements que nous recueillons sous une forme groupée ou anonymisée (qui ne vous identifie pas personnellement) à toute fin autorisée par le droit applicable. Cela comprend la création ou l’utilisation de données groupées ou anonymisées à partir de l’information recueillie en vue d’établir de nouveaux services et de faciliter les recherches.

Nous conservons l’information que nous recueillons à votre sujet aussi longtemps qu’il le faut pour répondre aux objets énoncés dans cette Politique, à moins qu’un délai de conservation plus long soit exigé ou autorisé par le droit applicable, des règlements ou un contrat. Nous pouvons, dans le respect du droit applicable, conserver vos renseignements même après que vous avez cessé d’utiliser une application ou résilié votre compte avec nos développeurs (si par exemple vous avez encore un compte avec un autre développeur, ou s’il reste quelques renseignements dans nos bases de données ou systèmes); dans ce cas, vos renseignements ne seront utilisés et communiqués que dans la mesure exigée par la loi ou conformément à cette Politique.

Quelques derniers petits détails…

Nous pouvons à l’occasion modifier cette Politique de confidentialité. Dans ce cas, nous affichons la nouvelle politique sur le site Web de Plaid (plaid.com/legal) et actualisons la date d’entrée en vigueur figurant au début des présentes. Conformément à nos ententes avec les développeurs, nous informons également ces derniers de toute modification importante, parce qu’ils sont généralement les mieux placés pour en informer au besoin leurs utilisateurs finaux.

Modifications de cette politique

Le nom complet de notre entreprise est Plaid Inc. Voici nos coordonnées :

Plaid Inc.

P.O. Box 636

San Francisco, CA 94104

Attn: Legal

privacy@plaid.com

Nota : dans certains ressorts, vous avez le droit d’accéder à des renseignements personnels vous concernant, qui sont sous le contrôle d’une organisation. Nous vous invitons à prendre directement contact avec le développeur ou fournisseur de l’application que vous utilisez pour toute question sur les services offerts par le développeur, l’accès à vos renseignements personnels ou notre lien avec ce développeur. Nous nous associons à nos développeurs pour répondre aux demandes de renseignements à notre sujet, ou qui concernent nos services ou la façon dont nous traitons les données, et il peut arriver que nous communiquions les messages que nous recevons de votre part, ou vos coordonnées, au développeur en cause pour qu’il y réponde.

Privacy Statement

Effective Date: June 14, 2018

Thank you for visiting and/or using Plaid!

This Privacy Statement explains the ways Plaid Inc. ("Plaid," “we,” or “us”) may collect, use, and share information about you in connection with your access to or use of Plaid’s websites and our products and services (collectively, “Services”), and in connection with any other information we collect when you interact with us, except as outlined in the paragraph below. We hope you will take some time to read this Privacy Statement carefully.

Please note that this Privacy Statement does not apply to the information we collect about the end users of our developers’ software applications. If you are an end user of one of our developers’ applications, we encourage you to review our End User Privacy Policy.

Jump to section:

Our Data Practices

Other Details

Our Data Practices

Information We Collect

Information you provide. We collect the information you provide directly to us, such as the information you provide when you create a developer account, update your profile, fill out our "contact us" forms, sign up for our emails, request customer support, enroll in billing, execute a services agreement, complete a compliance questionnaire, or otherwise communicate with us. The types of information we collect from you may include, but is not limited to, full name, email address, company name, address, phone number, driver’s license, date of birth, taxpayer identification number, and any other information you choose to provide.

Information we receive when you test our technology. You may provide us with login information for your bank account or other financial account to test and evaluate how our technology will appear and operate in your applications. If you test our technology in this way, we will collect information from your financial account as further described in our End User Privacy Policy.

Information we collect when you use our Services. When you use our Services, we automatically collect information about you, including:

Log Information: We collect log files when you use our Services, which includes, but is not limited to, the type of browser you use, access times, pages viewed, and your IP address.

Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information when you use our Services, including cookies and web beacons. Cookies are small data files stored by your web browser, on your hard drive, or in device memory that help us improve our Services and your experience, determine usage of parts and features of our Services, and monitor for and detect potential harmful conduct. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.

Information we collect from other sources. We may also collect information about you from other sources. For example, we may collect information about you from other members of your company, which may include your name, email address, and date of birth.

How We Use Your Information

Examples of how we use the information we collect include:

  • To operate, improve, and develop our Services;

  • To verify the identity of you and other members of your company;

  • To bill developers for our Services, to transmit payment, and for tax reporting purposes;

  • To send you technical notices, updates, security alerts, and administrative messages;

  • To respond to your comments, questions, inquiries, and customer service requests;

  • To help personalize the Services experience for you;

  • To communicate with you about products, services, offers, and events offered or sponsored by Plaid, and to provide news and other information we think may be of interest to you;

  • To monitor and analyze trends, usage, and activities in connection with our Services;

  • To try to detect and prevent fraud, malicious activity, and other illegal activities;

  • To protect the rights, privacy, safety, or property of Plaid and others; and

  • For any other purpose described to you when the information was collected.

How We Share Your Information

We may share information about you as follows, or as otherwise described in this Privacy Statement:

  • With our service providers, partners, contractors, or vendors, including collection agencies in the event of delinquent payments from our developers;

  • If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena), including in connection with requests from law enforcement or other governmental authorities;

  • If we believe your actions are inconsistent with our agreements or policies, or to protect the rights, privacy, safety, or property of Plaid or others;

  • In connection with a change in ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or bankruptcy);

  • Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; and

  • With your consent or at your direction.

We may also collect, use, and share aggregated or de-identified information, which cannot reasonably be used to identify you, for any purpose permitted under applicable law.

Other Details

Advertising and Analytics Services Provided by Others

We may allow third parties to provide analytics services or serve advertisements on our behalf across the internet, including Google Analytics, a web analytics service provided by Google. These entities may use cookies, web beacons, and other technologies to collect information about your use of the Services and other websites and online services, including your IP address, web browser, pages viewed, time spent on pages, links clicked, and conversion information. This information may be used by Plaid and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites and online services, and to better understand your online activity. For more information about interest-based ads, including to learn how you may be able to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices. And for more information on how Google uses your data, please visit www.google.com/policies/privacy/partners/.

Your Choices

Developer Account Information. You may update information you provide to us as part of your online developer account by logging into your account or by contacting us.

Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.

Promotional or Marketing Communications. You may opt out of receiving promotional or marketing emails from Plaid by following the instructions in those emails. If you opt out and are one of our developers, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

Access to Your Information. In certain jurisdictions, you have the right (i) to know if we have collected information about you under this Privacy Statement, (ii) to request access to the personal information we have in our custody and control (subject to certain legal limitations), and (iii) to have the right to have it corrected or annotated if you believe there are any errors in your personal information. As described above, if you are one of our developers, you can conveniently access your online account information by logging into your account or by contacting us. To obtain access to personal information, please contact us at the contact information provided below. We may require additional information to verify your identity, which will only be used for that purpose.

Changes to this Statement

We may change this Privacy Statement periodically. If we make changes, we will notify you by updating the effective date at the top of the Statement. We may also provide notice of any changes through other means, such as placing a notice on our homepage or sending you an email. We encourage you to review the Privacy Statement whenever you access the Services or otherwise interact with us to stay informed about our data practices and the choices available to you.

Contact Plaid

If you have any questions about this Privacy Statement, please contact us at:

Plaid Inc.

P.O. Box 636

San Francisco, CA 94104

Attn: Legal

privacy@plaid.com

Developer Policy

Effective Date: May 15, 2018

This Developer Policy ("Policy") provides rules and guidelines that govern access to or use by our developers ("you" or “your”) of the Plaid API, websites (“Site”), dashboards, related tools, and other products or services (collectively, the "Service") provided by Plaid Inc. (“Plaid,” “we,” or “us”). Any violation of this Policy may result in suspension or termination of your access to the Service and/or access to end users’ personal and financial information ("End User Data").

By accessing and using the Service, you agree to comply with all the terms of this Policy. This Policy will apply each time you access or use the Service. If you are agreeing to the terms of this Policy on behalf of an organization or entity, you represent and warrant that you are so authorized to agree on behalf of that organization or entity. This Policy is important; please read it carefully.

We may change this Policy at any time in our discretion. If we make any change to this Policy that we deem to be material, we will make a reasonable effort to inform you of such change. If you don’t agree with the change, you are free to reject it; unfortunately, that means you will no longer be able to use the Service.

Jump to section:

Registration

To sign up for the Service, you must create an account ("Account") by registering on our Site and providing true, accurate, and complete information about yourself and your use of the Service. You agree not to misrepresent your identity or any information that you provide for your Account, and to keep your Account information up to date at all times. It is your responsibility to maintain access to your Account; you may never share your Account information, including your password and Client Secret, with a third party or allow any other application or service to act as you.

If you become aware of any unauthorized use of your Account or any other breach of security, please immediately notify us via email to security@plaid.com.

Compliance with Applicable Law

When using the Service, you must abide by all applicable local, state, national, and international laws and regulations. You also confirm that you, your business, your employees, your service providers, and any others acting on your behalf adhere to all applicable laws and regulations, especially those pertaining to financial and personally-identifiable data. You are solely responsible for ensuring that your use of the Service is in compliance with all laws and regulations applicable to you.

Security

You are responsible for securely maintaining your authentication credentials, including your Client Identification Number ("Client ID") and Client Secret. You must notify us immediately in the event of any breach of security or unauthorized use of your Account or any End User Data. You must never publish, distribute, or share your Client ID or Secret, and must encrypt this information in storage and during transit.

Your systems and application(s) must handle End User Data securely. With respect to End User Data, you should follow industry best practices but, at a minimum, must perform the following:

  • Maintain administrative, technical, and physical safeguards that are designed to protect the security, privacy, and confidentiality of End User Data.

  • Use modern and industry standard cryptography when transmitting any End User Data.

  • Maintain reasonable access controls to ensure that only authorized people have access to any End User Data.

  • Monitor your systems for any unauthorized access. Patch vulnerabilities in a timely fashion. Log and review any events suggesting unauthorized access.

  • Plan for and respond to security incidents.

  • Comply with relevant rules and regulations with regard to the type of data you are handling, such as the Safeguards Rule.

Data Storage

Unless otherwise agreed in writing with Plaid, you agree to only store all End User Data in the locations in which you operate. Any End User Data in your possession must be stored securely and in accordance with applicable laws and regulations.

Customer Service

You, and you alone, are responsible for providing all customer service to your end users for any and all issues relating to your product and services, including but not limited to issues relating to your use of the Service.

Account Deactivation

Once you stop using the Service in accordance with any applicable agreement you may have with us, you may deactivate your Account by following the instructions on the Site. We may also deactivate your Account if you have ceased using the Service for three months; your applicable agreement with us terminates or expires; or as reasonably necessary under applicable law. After your Account deactivation, we will deprovision your access to all End User Data associated with your integration.

Even after your Account deactivation, we may still retain any information we collected about you for as long as necessary to fulfill the purposes outlined in our privacy policy/statement, or for a longer retention period if required or permitted under applicable law.

Prohibited Conduct

You agree not to, and agree not to assist or otherwise enable any third party to:

  • access or use the Service or End User Data for any unlawful, infringing, threatening, abusive, obscene, harassing, defamatory, deceptive, or fraudulent purpose;

  • collect and store end user’s bank credentials and/or End User Data other than as required to access or use the Service, as authorized by the end user, as permitted by Plaid, and as permitted under applicable law;

  • use or disclose any "nonpublic personal information" (as defined under the Gramm-Leach-Bliley Act) received from Plaid for any purpose not permitted under applicable law;

  • access or use the Service or access, transmit, process, or store End User Data in violation of any applicable privacy laws or in any manner that would be a breach of contract or agreement with the applicable end user;

  • access or use the Service to infringe any patent, trademark, trade secret, copyright, right of publicity, or other right of any person or entity;

  • access or use the Service for any purpose other than for which it is provided by us, including for competitive evaluation, spying, creating a substitute or similar service to any of the Service, or other nefarious purpose;

  • scan or test (manually or in an automated fashion) the vulnerability of any Plaid infrastructure without express prior written permission from Plaid;

  • breach, disable, interfere with, or otherwise circumvent any security or authentication measures or any other aspect of the Service;

  • overload, flood, or spam any part of the Service;

  • create developer accounts for the Service by any means other than our publicly-supported interfaces (e.g., creating developer accounts in an automated fashion or otherwise in bulk);

  • transfer, syndicate, resell, or otherwise distribute the Service or End User Data without express prior written permission from Plaid;

  • decipher, decompile, disassemble, copy, reverse engineer, or attempt to derive any source code or underlying ideas or algorithms of any part of the Service, except as permitted by applicable law;

  • modify, translate, or otherwise create derivative works of any part of the Service;

  • access or use the Service or End User Data in a manner that violates any agreement between you or the end user and Plaid; or

  • access or use the Service or End User Data in a manner that violates any applicable law, statute, ordinance, or regulation.

Suspension and Termination

We reserve the right to withhold or refuse access to the Service and/or End User Data in whole or in part where we believe the Service is being accessed or used in violation of this Policy or any other Plaid agreement, including Plaid’s agreements with any third party partners or data sources of Plaid (each, a "Partner"), or where use would pose a risk to an end user, any Partner, or Plaid itself.

We will use reasonable efforts to notify you via email or other method when deciding to suspend or terminate access to the Service and/or End User Data. We may immediately suspend or terminate access without notice if appropriate under the circumstances, such as when we become aware of activity that is a violation of any applicable law or that exposes Plaid, its infrastructure, data, or Service, or any Partner to harm, including reputational harm.

Plaid will not be liable for any damages of any nature suffered by you or any third party resulting from Plaid’s exercise of its rights under this Policy or under applicable law.

Reporting Violations

If any person becomes aware of a violation of this Policy, we request that you immediately notify us via email to legalnotices@plaid.com. We may take any appropriate action -- including reporting any activity or conduct that we suspect violates the law to appropriate law enforcement officials, regulators, or other appropriate third parties -- in our sole discretion in respect to such violations.

Miscellaneous

The failure by you or Plaid to exercise in any respect any right provided for herein shall not be deemed a waiver of any further rights hereunder.

If any provision of this Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Policy shall otherwise remain in full force and effect and enforceable.