Overview

As with everything we do, we have tried to simplify a complex process and make our legal documents as reader-friendly as possible. However, (contrary to the simplicity of our API) some complexities persist in these documents. As you read and have questions, please do not hesitate to contact us.

End User Privacy Policy

Effective Date: June 14, 2018

Privacy and security are very important to us at Plaid. This Privacy Policy is meant to help you understand how we collect, use, and share end user information in our possession to operate, improve, develop, and protect our services, and as otherwise outlined in this Policy. Please take some time to read this Policy carefully.

Jump to section:

First, Some Background

Our Data Practices

Some Last Details...

First, Some Background

A quick note about Plaid

Our mission at Plaid is to empower innovators by delivering access to the financial system. Our technology provides an easy way for you (the "end user") to connect your bank account and other financial accounts to software applications that can help you do things like save for retirement, manage your spending, streamline credit applications, or transfer money. These software applications are built and provided by our business customers (we’ll call them “developers” here), and powered by Plaid. By delivering access to high-quality, usable financial account data that we’ve translated and standardized, we enable our developers to focus on building experiences that benefit you.

About this Privacy Policy

Our goal with this Policy is to provide a simple and straightforward explanation of what information Plaid collects from and about end users, and how we use and share that information. While we generally rely upon our developers to inform you about the services we provide to the developer, and also to provide notice and obtain any necessary consent for us to process your information, we value transparency and want to provide you with a clear and concise description of how we treat your information.

Please note that this Policy only covers the information that Plaid collects, uses, and shares, and it does not explain what our developers do with any end user information we provide to them (or any other information they may collect about you, their end user). This Policy also does not cover any websites, products, or services provided by others. We encourage you to review the privacy policies or notices of our developers or those third parties for information about their practices.

Our Data Practices
Information We Collect

Information you provide. When you connect your financial accounts with a developer application, you may provide, through our integrated services, login information required by your financial institution to access your account, such as your username and password, answers to challenge questions, or a security token. When providing this information, you give the developer, and Plaid as its service provider, the authority to act on your behalf to access and transmit your information from the relevant financial institution.

Information collected from your financial institutions. The information we receive from the financial institutions that maintain your financial accounts may vary depending on the specific Plaid services our developers use to power their applications, as well as the information made available by your financial institutions. The types of information we collect from your financial institutions may include, but are not limited to:

  • Account information, including financial institution name, account name, account type, and account and routing number;

  • Information about an account balance, including current and available balance;

  • Information about credit accounts, including statement due dates and balances owed, payment amounts and dates, transaction history, and interest;

  • Information about loan accounts, including due dates, balances, payment amounts and dates, interest, loan type, payment plan, and term;

  • Information about the account owner(s), including name, email address, phone number, and address information.

  • Information about account transactions, including amount, date, type, and a description of the transaction.

The data may include information from all your sub-accounts (e.g., checking, savings, and credit card) accessible through a single set of account credentials, even if only a single sub-account is designated by you.

Information received from your devices. Our technology is embedded in our developers’ applications. When you use your device to connect to our services through a developer application, we receive information about that device, including IP address, hardware model, operating system, and other technical information about the device. We may also use cookies or similar tracking technologies to collect usage statistics and to help us improve our services.

Information we receive about you from other sources. We may receive information about you directly from the relevant developer or other third parties, including service providers and identity verification services.

How We Use Your Information

We use the information we collect to operate, improve, and protect the services we provide to our developers, and to develop new services. More specifically, we use your information:

  • To operate, provide, and maintain our services;

  • To improve, enhance, modify, add to, and further develop our services;

  • To protect you, our developers, our partners, or Plaid from fraud, malicious activity, and other privacy and security-related concerns;

  • To develop new services;

  • To provide customer support to our developers, including to help respond to your inquiries related to our service or our developers’ applications;

  • To investigate any misuse of our service or our developers’ applications, including violations of our Developer Policy, criminal activity, or other unauthorized access to our services; and

  • For any other purpose with your consent.

How We Share and Store Your Information

We take deliberate steps designed to protect end user information in our possession. These steps include, but are not limited to, maintaining information security controls such as data encryption, firewalls, logical and physical access controls, and continuous monitoring. These controls are regularly evaluated for effectiveness against industry-standards internally and by independent security auditors.

We do not sell or rent end user information to marketers or other third parties. But we do share end user information with third parties as described in this Policy. For example, we share your information with the developer of the application you are using and as directed by that developer (such as with another third party if so directed by you). We may also share your information:

  • With your consent;

  • With our service providers, partners, or contractors in connection with the services they perform for us or our developers;

  • If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);

  • In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);

  • Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; or

  • As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our developers, our partners, or Plaid.

We may collect, use, and share information we collect in an aggregated or de-identified manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated or de-identified data based on the collected information to develop new services and to facilitate research.

We retain information we collect about you for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted under applicable law, regulation, or contract. As permitted under applicable law, even after you stop using an application or terminate your account with our developers we may still retain your information (for example, if you still have an account with another developer or if there is residual information within our databases or systems); however, your information will only be used and shared as required by law or in accordance with this Policy.

Some Last Details…
Changes to This Policy

We may change this Privacy Policy from time to time. If we make changes, we will post the new policy on Plaid’s website at plaid.com/legal and update the effective date at the top of this Policy. We will also notify our developers of any material changes in accordance with our developer agreements, as they are generally best positioned to notify their end users about such changes to this Policy, as appropriate.

Contacting Plaid

Our full company name is Plaid Inc., and you can contact us at:

Plaid Inc.

P.O. Box 636

San Francisco, CA 94104

Attn: Legal

privacy@plaid.com

Please note: In certain jurisdictions, you may have the right to obtain access to any personal information of yours that is under the control of an organization. We encourage you to reach out directly to the developer or provider of the application you are using with any questions about the developer’s services, access to your personal information, or about our relationship with that developer. We work with our developers to respond to inquiries that relate to us, our services, or our data practices, and may share any communications we receive from you or your contact information with the applicable developer to respond to such inquiries.


Politique de protection de la confidentialité

Date d’entrée en vigueur : le 14 juin 2018

Plaid attache une grande importance à la confidentialité et à la sécurité. Cette Politique de confidentialité vise à vous aider à comprendre, entre autres méthodes décrites dans les présentes, comment nous recueillons, utilisons et communiquons l’information sur l’utilisateur final que nous détenons, dans le but d’exécuter, d’améliorer, de développer et de protéger nos services. Nous vous prions de prendre le temps de la lire attentivement.

Passez à la section:

Un peu de contexte pour commencer

Comment nous traitons les données

Quelques derniers petits détails...

Un peu de contexte pour commencer
Un petit mot au sujet de Plaid

Plaid se fixe pour mission d’autonomiser les innovateurs en leur assurant un accès au système financier. Notre technologie vous offre (à titre d’« utilisateur final ») un moyen facile de relier votre compte bancaire et vos autres comptes financiers à des applications logicielles qui peuvent vous aider à, par exemple, épargner en vue de la retraite, gérer vos dépenses, simplifier vos demandes de crédit, ou transférer des fonds. Plaid est le moteur de ces applications logicielles, qui sont créées et fournies par nos clients commerciaux (nous les désignons ici sous le nom de « développeurs »). Nous assurons l’accès à des données financières utilisables et de grande qualité, que nous traduisons et normalisons en vue d’aider nos développeurs à se concentrer sur l’élaboration d’une expérience dont vous tirerez profit.

Concernant cette Politique de confidentialité Nous voulons dans cette Politique donner une explication simple et directe de la nature de l’information que Plaid recueille auprès des utilisateurs finaux, et à leur sujet, ainsi que de nos méthodes d’utilisation et de communication de cette information. Si nous faisons généralement appel à nos développeurs pour vous tenir informés des services que nous fournissons à ces derniers, et aussi pour communiquer des avis et obtenir les consentements qui nous sont nécessaires pour traiter vos données, nous avons la transparence à cœur et nous tenons à décrire clairement et en peu de mots comment nous traitons vos données.

Notez que cette Politique porte uniquement sur l’information que Plaid recueille, utilise et transmet, sans expliquer l’usage que font nos développeurs de toute donnée sur un utilisateur final que nous leur transmettons (ou autre information qu’ils peuvent recueillir au sujet de cet utilisateur final, c’est-à-dire vous-même). Cette politique ne traite pas non plus des sites Web, produits ou services fournis par d’autres. Nous vous invitons à passer en revue les politiques ou avis de confidentialité de nos développeurs ou des tierces parties en cause afin de vous mettre au courant de leurs façons de faire.

Comment nous traitons les données
Information que nous recueillons

L’information que vous fournissez: lorsque vous reliez vos comptes financiers à l’application d’un développeur, vous pouvez faire appel à nos services intégrés pour communiquer les données de connexion dont votre institution financière a besoin pour accéder à votre compte (nom d’utilisateur et mot de passe, réponses à des questions d’identification, jeton de sécurité, etc.). Quand vous donnez cette information, vous accordez au développeur (et à Plaid en sa qualité de fournisseur de services) le pouvoir d’agir en votre nom pour accéder à vos renseignements depuis l’institution financière en cause, et les transmettre.

L’information recueillie auprès de vos institutions financières: la nature de l’information que nous envoient les institutions financières détenant vos comptes financiers varie en fonction des services particuliers de Plaid dont se servent nos développeurs pour leurs applications, de même que de l’information mise à notre disposition par vos institutions financières. Les types d’information que nous recueillons auprès de vos institutions financières peuvent comprendre, notamment, mais non limitativement:

  • de l’information sur le compte (nom de l’institution financière, nom du compte, type de compte, numéro de compte et d’acheminement, etc.);

  • de l’information sur le solde du compte, notamment le solde actuel et le solde disponible;

  • de l’information sur les comptes de crédit, notamment dates d’échéance et solde dû dans les relevés, montants et dates des paiements, historique des opérations, et intérêts;

  • de l’information sur les comptes de prêt, notamment dates d’échéance, soldes, montants et dates des paiements, intérêts, type de prêt, mode de paiement, et durée du prêt;

  • de l’information sur le ou les détenteurs du compte (nom, adresse courriel, numéro de téléphone, adresse, etc.);

  • de l’information sur les opérations du compte, notamment le montant, la date et le type, et une description de l’opération.

Les données peuvent comprendre de l’information sur tous vos sous-comptes (de chèques, d’épargne, carte de crédit, etc.) accessibles au moyen d’un ensemble unique d’identifiants de compte, même si vous n’avez désigné qu’un seul sous-compte.

L’information envoyée par vos appareils: notre technologie est intégrée aux applications de nos développeurs. Quand votre appareil se connecte à nos services par une application d’un développeur, nous recevons des données sur cet appareil (adresse IP, modèle du matériel, système d’exploitation et autres données techniques). Nous pouvons aussi faire appel à des cookies (témoins), ou technologies de suivi semblables, pour recueillir des données sur le taux d’utilisation et pour nous aider à améliorer nos services.

L’information à votre sujet qui nous parvient d’autres sources: nous pouvons aussi recevoir de l’information à votre sujet directement du développeur en cause ou d’autres tierces parties, notamment des fournisseurs de services et des services de vérification de l’identité.

Usage que nous faisons de vos renseignements

Nous nous servons de l’information que nous recueillons pour exploiter, améliorer et protéger les services que nous offrons à nos développeurs, et pour en créer de nouveaux. Plus précisément, nous faisons l’usage des renseignements à votre sujet aux fins suivantes :

  • Exploiter, fournir et maintenir nos services;

  • Améliorer, rehausser, modifier, agrandir et développer encore davantage nos services;

  • Vous protéger et protéger nos développeurs, nos partenaires ou Plaid contre la fraude, les actes malveillants, et les autres problèmes de confidentialité et de sécurité;

  • Développer de nouveaux services;

  • Assurer un soutien à nos clients développeurs, entre autres aider à répondre à vos demandes de renseignements sur nos services ou sur les applications de nos développeurs;

  • Enquêter sur tout usage abusif de nos services ou des applications de nos développeurs, y compris sur toute violation de notre Politique relative aux développeurs, sur des activités criminelles ou sur les accès non autorisés à nos services;

  • À toute autre fin à laquelle vous consentez.

Comment nous communiquons et stockons vos renseignements

Nous prenons des mesures destinées spécifiquement à protéger l’information de l’utilisateur final en notre possession, entre autres en assurant des contrôles de la sécurité de l’information comme le cryptage de données, les pare-feu, les contrôles d’accès logiques et physiques, et la surveillance permanente. L’efficacité de ces contrôles fait l’objet d’évaluations périodiques à l’interne en fonction des normes de l’industrie, et par des auditeurs de sécurité indépendants.

Nous ne vendons ni ne louons de renseignements relatifs aux utilisateurs finaux aux spécialistes du marketing ou autres tierces parties, mais nous communiquons en fait de tels renseignements à des tiers, comme décrit dans la présente Politique. À titre d’exemple, nous communiquons vos renseignements au développeur de l’application que vous utilisez, selon les directives de ce développeur (par exemple avec une autre tierce partie si vous en donnez instruction). Nous pouvons aussi communiquer vos renseignements :

  • Avec votre consentement;

  • Avec nos fournisseurs de services, partenaires ou entrepreneurs relativement aux services qu’ils rendent à nous ou à nos développeurs;

  • Si nous croyons de bonne foi que la divulgation s’impose pour se conformer aux lois, règlements ou procédures juridiques applicables (par exemple une ordonnance d’un tribunal ou une assignation à témoigner);

  • En lien avec un changement de propriétaire ou de contrôle de notre entreprise, en tout ou en partie (fusion, acquisition, réorganisation, faillite, etc.);

  • Entre et parmi Plaid et ses parents, filiales et succursales actuels et futurs, et autres entreprises sous un même contrôle et une même propriété;

  • Selon ce que nous estimons raisonnable pour protéger vos droits, votre confidentialité, votre sécurité ou vos biens, ou ceux de nos développeurs ou partenaires, ou de Plaid.

Nous pouvons recueillir, utiliser et communiquer les renseignements que nous recueillons sous une forme groupée ou anonymisée (qui ne vous identifie pas personnellement) à toute fin autorisée par le droit applicable. Cela comprend la création ou l’utilisation de données groupées ou anonymisées à partir de l’information recueillie en vue d’établir de nouveaux services et de faciliter les recherches.

Nous conservons l’information que nous recueillons à votre sujet aussi longtemps qu’il le faut pour répondre aux objets énoncés dans cette Politique, à moins qu’un délai de conservation plus long soit exigé ou autorisé par le droit applicable, des règlements ou un contrat. Nous pouvons, dans le respect du droit applicable, conserver vos renseignements même après que vous avez cessé d’utiliser une application ou résilié votre compte avec nos développeurs (si par exemple vous avez encore un compte avec un autre développeur, ou s’il reste quelques renseignements dans nos bases de données ou systèmes); dans ce cas, vos renseignements ne seront utilisés et communiqués que dans la mesure exigée par la loi ou conformément à cette Politique.

Quelques derniers petits détails…

Nous pouvons à l’occasion modifier cette Politique de confidentialité. Dans ce cas, nous affichons la nouvelle politique sur le site Web de Plaid (plaid.com/legal) et actualisons la date d’entrée en vigueur figurant au début des présentes. Conformément à nos ententes avec les développeurs, nous informons également ces derniers de toute modification importante, parce qu’ils sont généralement les mieux placés pour en informer au besoin leurs utilisateurs finaux.

Modifications de cette politique

Le nom complet de notre entreprise est Plaid Inc. Voici nos coordonnées :

Plaid Inc.

P.O. Box 636

San Francisco, CA 94104

Attn: Legal

privacy@plaid.com

Nota : dans certains ressorts, vous avez le droit d’accéder à des renseignements personnels vous concernant, qui sont sous le contrôle d’une organisation. Nous vous invitons à prendre directement contact avec le développeur ou fournisseur de l’application que vous utilisez pour toute question sur les services offerts par le développeur, l’accès à vos renseignements personnels ou notre lien avec ce développeur. Nous nous associons à nos développeurs pour répondre aux demandes de renseignements à notre sujet, ou qui concernent nos services ou la façon dont nous traitons les données, et il peut arriver que nous communiquions les messages que nous recevons de votre part, ou vos coordonnées, au développeur en cause pour qu’il y réponde.


Privacy Statement

Effective Date: June 14, 2018

Thank you for visiting and/or using Plaid!

This Privacy Statement explains the ways Plaid Inc. ("Plaid," “we,” or “us”) may collect, use, and share information about you in connection with your access to or use of Plaid’s websites and our products and services (collectively, “Services”), and in connection with any other information we collect when you interact with us, except as outlined in the paragraph below. We hope you will take some time to read this Privacy Statement carefully.

Please note that this Privacy Statement does not apply to the information we collect about the end users of our developers’ software applications. If you are an end user of one of our developers’ applications, we encourage you to review our End User Privacy Policy.

Jump to section:

Our Data Practices

Other Details

Our Data Practices

Information We Collect

Information you provide. We collect the information you provide directly to us, such as the information you provide when you create a developer account, update your profile, fill out our "contact us" forms, sign up for our emails, request customer support, enroll in billing, execute a services agreement, complete a compliance questionnaire, or otherwise communicate with us. The types of information we collect from you may include, but is not limited to, full name, email address, company name, address, phone number, driver’s license, date of birth, taxpayer identification number, and any other information you choose to provide.

Information we receive when you test our technology. You may provide us with login information for your bank account or other financial account to test and evaluate how our technology will appear and operate in your applications. If you test our technology in this way, we will collect information from your financial account as further described in our End User Privacy Policy.

Information we collect when you use our Services. When you use our Services, we automatically collect information about you, including:

Log Information: We collect log files when you use our Services, which includes, but is not limited to, the type of browser you use, access times, pages viewed, and your IP address.

Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information when you use our Services, including cookies and web beacons. Cookies are small data files stored by your web browser, on your hard drive, or in device memory that help us improve our Services and your experience, determine usage of parts and features of our Services, and monitor for and detect potential harmful conduct. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.

Information we collect from other sources. We may also collect information about you from other sources. For example, we may collect information about you from other members of your company, which may include your name, email address, and date of birth.

How We Use Your Information

Examples of how we use the information we collect include:

  • To operate, improve, and develop our Services;

  • To verify the identity of you and other members of your company;

  • To bill developers for our Services, to transmit payment, and for tax reporting purposes;

  • To send you technical notices, updates, security alerts, and administrative messages;

  • To respond to your comments, questions, inquiries, and customer service requests;

  • To help personalize the Services experience for you;

  • To communicate with you about products, services, offers, and events offered or sponsored by Plaid, and to provide news and other information we think may be of interest to you;

  • To monitor and analyze trends, usage, and activities in connection with our Services;

  • To try to detect and prevent fraud, malicious activity, and other illegal activities;

  • To protect the rights, privacy, safety, or property of Plaid and others; and

  • For any other purpose described to you when the information was collected.

How We Share Your Information

We may share information about you as follows, or as otherwise described in this Privacy Statement:

  • With our service providers, partners, contractors, or vendors, including collection agencies in the event of delinquent payments from our developers;

  • If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena), including in connection with requests from law enforcement or other governmental authorities;

  • If we believe your actions are inconsistent with our agreements or policies, or to protect the rights, privacy, safety, or property of Plaid or others;

  • In connection with a change in ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or bankruptcy);

  • Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; and

  • With your consent or at your direction.

We may also collect, use, and share aggregated or de-identified information, which cannot reasonably be used to identify you, for any purpose permitted under applicable law.

Other Details

Advertising and Analytics Services Provided by Others We may allow third parties to provide analytics services or serve advertisements on our behalf across the internet, including Google Analytics, a web analytics service provided by Google. These entities may use cookies, web beacons, and other technologies to collect information about your use of the Services and other websites and online services, including your IP address, web browser, pages viewed, time spent on pages, links clicked, and conversion information. This information may be used by Plaid and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites and online services, and to better understand your online activity. For more information about interest-based ads, including to learn how you may be able to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices. And for more information on how Google uses your data, please visit www.google.com/policies/privacy/partners/.

Your Choices

Developer Account Information. You may update information you provide to us as part of your online developer account by logging into your account or by contacting us.

Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.

Promotional or Marketing Communications. You may opt out of receiving promotional or marketing emails from Plaid by following the instructions in those emails. If you opt out and are one of our developers, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

Access to Your Information. In certain jurisdictions, you have the right (i) to know if we have collected information about you under this Privacy Statement, (ii) to request access to the personal information we have in our custody and control (subject to certain legal limitations), and (iii) to have the right to have it corrected or annotated if you believe there are any errors in your personal information. As described above, if you are one of our developers, you can conveniently access your online account information by logging into your account or by contacting us. To obtain access to personal information, please contact us at the contact information provided below. We may require additional information to verify your identity, which will only be used for that purpose.

Changes to this Statement

We may change this Privacy Statement periodically. If we make changes, we will notify you by updating the effective date at the top of the Statement. We may also provide notice of any changes through other means, such as placing a notice on our homepage or sending you an email. We encourage you to review the Privacy Statement whenever you access the Services or otherwise interact with us to stay informed about our data practices and the choices available to you.

Contact Plaid

If you have any questions about this Privacy Statement, please contact us at:

Plaid Inc.

P.O. Box 636

San Francisco, CA 94104

Attn: Legal

privacy@plaid.com


Developer Policy

Effective Date: May 15, 2018

This Developer Policy ("Policy") provides rules and guidelines that govern access to or use by our developers ("you" or “your”) of the Plaid API, websites (“Site”), dashboards, related tools, and other products or services (collectively, the "Service") provided by Plaid Inc. (“Plaid,” “we,” or “us”). Any violation of this Policy may result in suspension or termination of your access to the Service and/or access to end users’ personal and financial information ("End User Data").

By accessing and using the Service, you agree to comply with all the terms of this Policy. This Policy will apply each time you access or use the Service. If you are agreeing to the terms of this Policy on behalf of an organization or entity, you represent and warrant that you are so authorized to agree on behalf of that organization or entity. This Policy is important; please read it carefully.

We may change this Policy at any time in our discretion. If we make any change to this Policy that we deem to be material, we will make a reasonable effort to inform you of such change. If you don’t agree with the change, you are free to reject it; unfortunately, that means you will no longer be able to use the Service.

Jump to section:

Registration

Compliance with Applicable Law

Security

Data Storage

Customer Service

Account Deactivation

Prohibited Conduct

Suspension and Termination

Reporting Violations

Miscellaneous

Registration

To sign up for the Service, you must create an account ("Account") by registering on our Site and providing true, accurate, and complete information about yourself and your use of the Service. You agree not to misrepresent your identity or any information that you provide for your Account, and to keep your Account information up to date at all times. It is your responsibility to maintain access to your Account; you may never share your Account information, including your password and Client Secret, with a third party or allow any other application or service to act as you.

If you become aware of any unauthorized use of your Account or any other breach of security, please immediately notify us via email to security@plaid.com.

Compliance with Applicable Law

When using the Service, you must abide by all applicable local, state, national, and international laws and regulations. You also confirm that you, your business, your employees, your service providers, and any others acting on your behalf adhere to all applicable laws and regulations, especially those pertaining to financial and personally-identifiable data. You are solely responsible for ensuring that your use of the Service is in compliance with all laws and regulations applicable to you.

Security

You are responsible for securely maintaining your authentication credentials, including your Client Identification Number ("Client ID") and Client Secret. You must notify us immediately in the event of any breach of security or unauthorized use of your Account or any End User Data. You must never publish, distribute, or share your Client ID or Secret, and must encrypt this information in storage and during transit.

Your systems and application(s) must handle End User Data securely. With respect to End User Data, you should follow industry best practices but, at a minimum, must perform the following:

  • Maintain administrative, technical, and physical safeguards that are designed to protect the security, privacy, and confidentiality of End User Data.

  • Use modern and industry standard cryptography when transmitting any End User Data.

  • Maintain reasonable access controls to ensure that only authorized people have access to any End User Data.

  • Monitor your systems for any unauthorized access. Patch vulnerabilities in a timely fashion. Log and review any events suggesting unauthorized access.

  • Plan for and respond to security incidents.

  • Comply with relevant rules and regulations with regard to the type of data you are handling, such as the Safeguards Rule.

Data Storage

Unless otherwise agreed in writing with Plaid, you agree to only store all End User Data in the locations in which you operate. Any End User Data in your possession must be stored securely and in accordance with applicable laws and regulations.

Customer Service

You, and you alone, are responsible for providing all customer service to your end users for any and all issues relating to your product and services, including but not limited to issues relating to your use of the Service.

Account Deactivation

Once you stop using the Service in accordance with any applicable agreement you may have with us, you may deactivate your Account by following the instructions on the Site. We may also deactivate your Account if you have ceased using the Service for three months; your applicable agreement with us terminates or expires; or as reasonably necessary under applicable law. After your Account deactivation, we will deprovision your access to all End User Data associated with your integration.

Even after your Account deactivation, we may still retain any information we collected about you for as long as necessary to fulfill the purposes outlined in our privacy policy/statement, or for a longer retention period if required or permitted under applicable law.

Prohibited Conduct

You agree not to, and agree not to assist or otherwise enable any third party to:

  • access or use the Service or End User Data for any unlawful, infringing, threatening, abusive, obscene, harassing, defamatory, deceptive, or fraudulent purpose;

  • collect and store end user’s bank credentials and/or End User Data other than as required to access or use the Service, as authorized by the end user, as permitted by Plaid, and as permitted under applicable law;

  • use or disclose any "nonpublic personal information" (as defined under the Gramm-Leach-Bliley Act) received from Plaid for any purpose not permitted under applicable law;

  • access or use the Service or access, transmit, process, or store End User Data in violation of any applicable privacy laws or in any manner that would be a breach of contract or agreement with the applicable end user;

  • access or use the Service to infringe any patent, trademark, trade secret, copyright, right of publicity, or other right of any person or entity;

  • access or use the Service for any purpose other than for which it is provided by us, including for competitive evaluation, spying, creating a substitute or similar service to any of the Service, or other nefarious purpose;

  • scan or test (manually or in an automated fashion) the vulnerability of any Plaid infrastructure without express prior written permission from Plaid;

  • breach, disable, interfere with, or otherwise circumvent any security or authentication measures or any other aspect of the Service;

  • overload, flood, or spam any part of the Service;

  • create developer accounts for the Service by any means other than our publicly-supported interfaces (e.g., creating developer accounts in an automated fashion or otherwise in bulk);

  • transfer, syndicate, resell, or otherwise distribute the Service or End User Data without express prior written permission from Plaid;

  • decipher, decompile, disassemble, copy, reverse engineer, or attempt to derive any source code or underlying ideas or algorithms of any part of the Service, except as permitted by applicable law;

  • modify, translate, or otherwise create derivative works of any part of the Service;

  • access or use the Service or End User Data in a manner that violates any agreement between you or the end user and Plaid; or

  • access or use the Service or End User Data in a manner that violates any applicable law, statute, ordinance, or regulation.

Suspension and Termination

We reserve the right to withhold or refuse access to the Service and/or End User Data in whole or in part where we believe the Service is being accessed or used in violation of this Policy or any other Plaid agreement, including Plaid’s agreements with any third party partners or data sources of Plaid (each, a "Partner"), or where use would pose a risk to an end user, any Partner, or Plaid itself.

We will use reasonable efforts to notify you via email or other method when deciding to suspend or terminate access to the Service and/or End User Data. We may immediately suspend or terminate access without notice if appropriate under the circumstances, such as when we become aware of activity that is a violation of any applicable law or that exposes Plaid, its infrastructure, data, or Service, or any Partner to harm, including reputational harm.

Plaid will not be liable for any damages of any nature suffered by you or any third party resulting from Plaid’s exercise of its rights under this Policy or under applicable law.

Reporting Violations

If any person becomes aware of a violation of this Policy, we request that you immediately notify us via email to legalnotices@plaid.com. We may take any appropriate action -- including reporting any activity or conduct that we suspect violates the law to appropriate law enforcement officials, regulators, or other appropriate third parties -- in our sole discretion in respect to such violations.

Miscellaneous

The failure by you or Plaid to exercise in any respect any right provided for herein shall not be deemed a waiver of any further rights hereunder.

If any provision of this Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Policy shall otherwise remain in full force and effect and enforceable.