Last updated on September 22nd, 2015
The Service enables applications to connect with end-user-authorized data from financial institutions including banks, card issuers, and card networks ("financial institutions"). Further, we attempt to structure, normalize, and cleanse the data we return to the client into a concise and highly functional format. Plaid currently supports financial institutions in the United States. We are neither a bank, money service business, nor payment processor – and we cannot assume any liability for the products or services that are built using our service.
We will provide customer service to help resolve any issues relating to your Account, our services, and the other use of our software. The extent and nature of such customer service may be determined by Plaid in its sole and absolute discretion. You, and you alone, are responsible for providing all customer service to your end-users for any and all issues relating to your product and services, including but not limited to issues relating to the Service. For questions on how to contact Plaid support, please see our support page.
General Services Content
You agree that the Service contains information and other content specifically provided by Plaid or its partners and that such content is protected by copyrights, trademarks, service marks, patents, trade secrets or other proprietary rights and laws. For clarity, this section does not apply to end User Data. Except as expressly authorized by Plaid in writing, you shall not sell, license, rent, modify, distribute, copy, reproduce, transmit, publicly display, publicly perform, publish, adapt, edit or create derivative works from such content. However, Plaid hereby grants you a limited, revocable, non-sublicensable license to reproduce and display such content (excluding any software code); provided, that you retain all copyright and other proprietary notices contained therein. Reproducing, copying or distributing any such content, including any materials or design elements on the Service, for any other purpose is strictly prohibited without the express prior written permission of Plaid.
Your Security Obligations
We cannot guarantee the security of our users' applications. We reserve the right to terminate a user without notice if we suspect that they are at risk of a security breach. While we cannot ensure that our users follow all the necessary security protocols, we strongly recommend that you adhere to the following minimum security protocols:
- Use of PCI compliant servers
- Use of HTTPS for all API requests (non-HTTPS requests are currently disabled)
- Do not store end-user credentials or other sensitive personally identifiable information
- Encryption of your client ID and secret in all storage and communication
It is your responsibility to maintain the security of your account information, including your Client Identification Number ("client ID") and Client Secret ("secret"). You must notify us immediately of any breach of security or unauthorized use of your Account. You may never publish, distribute or share your Client ID or Secret.
You are responsible for all of your (and your end users') activity in connection with the Service. You shall not (and shall not permit any other party to) either (a) take any action or (b) upload, download, post, submit or otherwise distribute or facilitate distribution of any content on or through the Service, that:
- infringes any patent, trademark, trade secret, copyright, right of publicity or other right of any other person or entity or violates any law or contractual duty;
- is unlawful, threatening, abusive, harassing, defamatory, libelous, deceptive, fraudulent, invasive of another's privacy, tortious, obscene, vulgar, pornographic, offensive, profane, contains or depicts nudity, contains or depicts sexual activity, or is otherwise inappropriate as determined by us in our sole discretion;
- contains software viruses or any other computer codes, files, or programs that are designed or intended to disrupt, damage, limit or interfere with the proper function of any software, hardware, or telecommunications equipment or to damage or obtain unauthorized access to any system, data, password or other information of ours or of any third party;
- impersonates any person or entity, including any of our employees or representatives; or
- includes anyone's identification documents or sensitive financial information.
You shall not (directly or indirectly): (i) decipher, decompile, disassemble, reverse engineer or otherwise attempt to derive any source code or underlying ideas or algorithms of any part of the Service (including without limitation any application), except to the limited extent applicable laws specifically prohibit such restriction, (ii) modify, translate, or otherwise create derivative works of any part of the Service, or (iii) copy, rent, lease, distribute, or otherwise transfer any of the rights that you receive hereunder. You shall abide by all applicable local, state, national and international laws and regulations.
You shall not: (i) take any action that imposes or may impose (as determined by us in our sole discretion) an unreasonable or disproportionately large load on our (or our third party providers') infrastructure; (ii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; (iii) bypass, circumvent or attempt to bypass or circumvent any measures we may use to prevent or restrict access to the Service (or other accounts, computer systems or networks connected to the Service); (iv) run any form of auto-responder or "spam" on the Service; (v) use manual or automated software, devices, or other processes to "crawl" or "spider" any page of the Site; (vi) harvest or scrape any content from the Services; or (vii) otherwise take any action in violation of our guidelines and policies.
Privacy and End User Data
Payments and Billing
The terms of your payment will be based on your payment method and may be determined by agreements between you and the financial institution, credit card issuer or other provider of your payment method. If we, through the payment processor, do not receive payment from you, you agree to pay all amounts due on your billing account upon demand.
Some of the paid services may consist of recurring period charges as agreed to by you. By choosing a recurring payment plan, you acknowledge that such services have an initial and recurring payment feature and you accept responsibility for all recurring charges prior to cancellation. We may submit periodic charges (e.g., monthly) without further authorization from you, until you provide notice (receipt of which is confirmed by us) that you have terminated this authorization or wish to change your payment method. Such notice will not affect charges submitted before we reasonably could act.
You must provide current, complete and accurate information for your billing account. You must promptly update all information to keep your billing address current, complete and accurate, and must promptly notify us or your payment processor if your payment method is canceled (e.g., for loss or theft) or if you become aware of a potential breach of security. If you fail to provide any of the foregoing information, you agree that we may continue charging you for any use of paid services under your billing account unless you have terminated your paid services as set forth above.
If the amount to be charged to your billing account varies from the amount you preauthorized (other than due to the imposition or change in the amount of state sales taxes), you have the right to receive, and we shall provide, notice of the amount to be charged and the date of the charge before the scheduled date of the transaction. Any agreement you have with your payment provider will govern your use of your payment method. You agree that we may accumulate charges incurred and submit them as one or more aggregate charges during or at the end of each billing cycle.
Your non-termination or continued use of a paid service reaffirms that we are authorized to charge your payment method for that paid service. We may submit those charges for payment and you will be responsible for such charges. This does not waive our right to seek payment directly from you. Your charges may be payable in advance, in arrears, per usage, or as otherwise described when you initially selected to use the paid service.
You agree that, during the time you are a registered Service user, we may identify you as a customer of Plaid (including, without limitation, on the Site and in promotional materials).
Limitation on Liability
IN NO EVENT SHALL PLAID, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, VENDORS OR SUPPLIERS BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL THEORY WITH RESPECT TO THE APPLICATION: (I) FOR ANY LOST PROFITS OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, EVEN IF FORESEEABLE, (II) FOR ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION), OR (III) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) $100.00 (U.S.) (PROVIDED THAT, IF YOU ARE A PAYING USER OF THE SERVICE, SUCH AMOUNT SHALL BE CAPPED AT THE AMOUNTS PAID BY YOU TO PLAID DURING THE THREE (3) MONTH PERIOD IMMEDIATELY PRIOR TO THE DATE THE CAUSE OF ACTION ACCRUED). THE FOREGOING LIMITATIONS SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
THE SERVICE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. PLAID MAKES NO WARRANTY THAT (I) THE SERVICE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR (II) THE RESULTS OF USING THE SERVICE WILL MEET USER'S REQUIREMENTS. IN ADDITION, PLAID MAKES NO WARRANTY THAT ANY END USER DATA WILL BE TIMELY, ACCURATE OR COMPLETE. THE FOREGOING DISCLAIMERS SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
Last updated November 11th, 2013
This policy does not apply to any website, product or service of any third-party company even if the website or application links to (or from) the Service. Plaid does not operate those websites, products, or services - please always review the privacy practices of a company before deciding whether to provide any information to them.
Information We Collect
In general, we collect information in a number of ways, including (i) when a client or end-user provides it directly to us via the Website and/or Service, (ii) when we obtain end-user information through trusted third parties including financial institutions, (iii) through your continued access of the Service, including data passively collected through technology such as "cookies". The types of information we collect and our use of that information will depend on whether you are a Website Visitor, Client, or End-User.
Cookies and IP Addresses
We automatically receive and record information from your web browser when you interact with the Service, including your IP address and cookie information. This information is used for fighting spam/malware and also to facilitate collection of data concerning your interaction with the Service (e.g., what links you have clicked on). Generally, the Service automatically collect usage information, such as the number and frequency of visitors to the Site. We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Service so that we can analyze and improve them. We may also receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.
To simply browse our Website, you are not required to provide any Personal Information. However, we may gather non-personally-identifiable information, as described directly above, just for the purposes of monitoring and improving our Website and the Service. We will not share this information with third parties except as a necessary part of providing our Website and the Service, nor will we use it to target any advertisements to you. Of course, if you sign up with or use any of our services, more information is shared.
When you use Plaid services as a client, whether paid or unpaid, we will gather and store your name, company name, email address, phone number, billing address, and any other relevant information that you provide directly to us. Any and all test and/or live users that sign up as an end-user of your services fall under the end-user category. If you sign up for a paid account, we will also store the relevant data required to complete your transaction, including but not limited to your financial information, bank account numbers, routing numbers, billing address and company name. We may also rely on a third-party payment processor to complete transactions, and all data shared with them falls under their own privacy policies. Further, we will collect and associate all relevant end-user data with your client account, including but limited to end-user names, email addresses, billing addresses and financial information. We may additionally collect information on the IP addresses, devices, and locations used to access Plaid, which may be linked to your account for fraud detection and prevention purposes. Finally, we may collect additional data for identity verification on an as-needed based determined at our own sole discretion.
As an end-user of any application that utilizes the Service, whether via a client or other third-party, directly via use of our API or other services, or through an application built by us directly, you are agreeing to share financial information with us including, but not limited to, your account credentials, transactional histories, account numbers, and balances/limits as well as general identity data including names and addresses of all account holders. You are enabling us to interact with and through your financial institutions on your behalf and with your consent. We may also retrieve information pertaining to usage of our client applications and other general activity that comes through use of the Service.
We collect statistical information about how both unregistered and registered users, collectively, use the Service ("Aggregate Information"). Some of this information is derived from Personal Information. This statistical information is not Personal Information and cannot be tied back to you, your Account or your web browser.
How We Use Personal Information
Plaid uses your Personal Information as follows:
- To operate and maintain the Service (such as, overall operating and maintenance, providing customer service, fixing malfunctions, testing our security systems, etc.).
- To provide you with the features, functions and benefits of the Service (such as, displaying to information regarding your financial accounts).
- To enhance, improve, add to and further develop the Service (such as, creating new features or functions, refining or personalizing the user experience, increasing Service technical performance, etc.).
- We will use your contact information (such as, your email address or phone number) to provide you with Service notifications.
- To help personalize the Service experience for you (such as, remembering your information so you will not have to enter it each time you use the Service or providing you with offers, advertisements or features you may like).
- And for the other purposes referenced in the "Sharing and Disclosure" section below (such as, for the purposes of legal compliance).
Sharing and Disclosure
Plaid does not sell or rent any personal information to marketers or third parties that have not been explicitly authorized (e.g., in the case of a client).
We may share your Personal Information with trusted third parties who are integral to the operation of our Website and the Service, including but not limited to financial institutions, payment processors, verification services and credit bureaus, as well as any third parties that you have directly authorized to receive your Personal Information. We may store your Personal Information in locations outside the direct control of Plaid, for instance, on servers or databases co-located with hosting providers.
We will only disclose your Personal Information in response to such a request if we believe in good faith that doing so is necessary to comply with applicable law or a legal obligation to which we are bound. If we receive such a request, we will use reasonable efforts to give you prompt notice, so that you may contest it if you choose. We will not provide you such notice if we determine in good faith that either (a) we are not permitted to provide it under applicable law, or (b) that doing so would result in an imminent risk of death, serious physical injury or significant property loss or damage to Plaid or a third party. In addition, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar events, certain information in our possession may be transferred to our successor or assign.
We may occasionally email you with information about offers or new services. You can opt out of these email communications by replying with unsubscribe in the subject line, or via an unsubscribe link included in such communications. However, you will continue to receive certain email communications related to your account including information regarding transactions and your relationship with Plaid.
Protection of Information
Although no data storage or transmission can be 100% secure, we take significant steps to protect user and account information to ensure that it is kept private. Plaid maintains strict administrative, technical, and physical procedures to protect information stored in our servers, which are located in the United States. Access to information is limited (though user and password credentials and software systems) to those employees who require it to perform their job functions. We use industry-standard Secure Socket Layer encryption to safeguard the account registration and sign-up information, along with the end-user sign-up process. Other safeguards include, but are not limited to data encryption, firewalls, and physical access controls to building and files.
Information from Children
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Service or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at email@example.com.
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to firstname.lastname@example.org, or: Attn: Legal; Plaid Inc. - San Francisco, CA 94105.