Understand what data Plaid collects and uses

• Background
• Information we collect
• How we use your information
• How we share & store your info
• Some last details…

End User Privacy Policy

Effective Date: June 14, 2018

Privacy and security are very important to us at Plaid. This Privacy Policy is meant to help you understand how we collect, use, and share end user information in our possession to operate, improve, develop, and protect our services, and as otherwise outlined in this Policy. Please take some time to read this Policy carefully.

First, Some Background

A quick note about Plaid

Our mission at Plaid is to empower innovators by delivering access to the financial system. Our technology provides an easy way for you (the "end user") to connect your bank account and other financial accounts to software applications that can help you do things like save for retirement, manage your spending, streamline credit applications, or transfer money. These software applications are built and provided by our business customers (we’ll call them “developers” here), and powered by Plaid. By delivering access to high-quality, usable financial account data that we’ve translated and standardized, we enable our developers to focus on building experiences that benefit you.

About this Privacy Policy

Our goal with this Policy is to provide a simple and straightforward explanation of what information Plaid collects from and about end users, and how we use and share that information. While we generally rely upon our developers to inform you about the services we provide to the developer, and also to provide notice and obtain any necessary consent for us to process your information, we value transparency and want to provide you with a clear and concise description of how we treat your information.

Please note that this Policy only covers the information that Plaid collects, uses, and shares, and it does not explain what our developers do with any end user information we provide to them (or any other information they may collect about you, their end user). This Policy also does not cover any websites, products, or services provided by others. We encourage you to review the privacy policies or notices of our developers or those third parties for information about their practices.

Information We Collect

Information you provide. When you connect your financial accounts with a developer application, you may provide, through our integrated services, login information required by your financial institution to access your account, such as your username and password, answers to challenge questions, or a security token. When providing this information, you give the developer, and Plaid as its service provider, the authority to act on your behalf to access and transmit your information from the relevant financial institution.

Information collected from your financial institutions. The information we receive from the financial institutions that maintain your financial accounts may vary depending on the specific Plaid services our developers use to power their applications, as well as the information made available by your financial institutions. The types of information we collect from your financial institutions may include, but are not limited to:

• Account information, including financial institution name, account name, account type, and account and routing number;

• Information about an account balance, including current and available balance;

• Information about credit accounts, including statement due dates and balances owed, payment amounts and dates, transaction history, and interest;

• Information about loan accounts, including due dates, balances, payment amounts and dates, interest, loan type, payment plan, and term;

• Information about the account owner(s), including name, email address, phone number, and address information; and

• Information about account transactions, including amount, date, type, and a description of the transaction.

The data may include information from all your sub-accounts (e.g., checking, savings, and credit card) accessible through a single set of account credentials, even if only a single sub-account is designated by you.

Information received from your devices. Our technology is embedded in our developers’ applications. When you use your device to connect to our services through a developer application, we receive information about that device, including IP address, hardware model, operating system, and other technical information about the device. We may also use cookies or similar tracking technologies to collect usage statistics and to help us improve our services.

Information we receive about you from other sources. We may receive information about you directly from the relevant developer or other third parties, including service providers and identity verification services.

How We Use Your Information

We use the information we collect to operate, improve, and protect the services we provide to our developers, and to develop new services. More specifically, we use your information:

• To operate, provide, and maintain our services;

• To improve, enhance, modify, add to, and further develop our services;

• To protect you, our developers, our partners, or Plaid from fraud, malicious activity, and other privacy and security-related concerns;

• To develop new services;

• To provide customer support to our developers, including to help respond to your inquiries related to our service or our developers’ applications;

• To investigate any misuse of our service or our developers’ applications, including violations of our Developer Policy, criminal activity, or other unauthorized access to our services; and

• For any other purpose with your consent.

How We Share and Store Your Information

We take deliberate steps designed to protect end user information in our possession. These steps include, but are not limited to, maintaining information security controls such as data encryption, firewalls, logical and physical access controls, and continuous monitoring. These controls are regularly evaluated for effectiveness against industry-standards internally and by independent security auditors.

We do not sell or rent end user information to marketers or other third parties. But we do share end user information with third parties as described in this Policy. For example, we share your information with the developer of the application you are using and as directed by that developer (such as with another third party if so directed by you). We may also share your information:

• With your consent;

• With our service providers, partners, or contractors in connection with the services they perform for us or our developers;

• If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);

• In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);

• Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control and ownership; or

• As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, our developers, our partners, or Plaid.

We may collect, use, and share information we collect in an aggregated or de-identified manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated or de-identified data based on the collected information to develop new services and to facilitate research.

We retain information we collect about you for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted under applicable law, regulation, or contract. As permitted under applicable law, even after you stop using an application or terminate your account with our developers we may still retain your information (for example, if you still have an account with another developer or if there is residual information within our databases or systems); however, your information will only be used and shared as required by law or in accordance with this Policy.

Some Last Details…

Changes to This Policy

We may change this Privacy Policy from time to time. If we make changes, we will post the new policy on Plaid’s website at plaid.com/legal and update the effective date at the top of this Policy. We will also notify our developers of any material changes in accordance with our developer agreements, as they are generally best positioned to notify their end users about such changes to this Policy, as appropriate.

Contacting Plaid

Our full company name is Plaid Inc., and you can contact us at:

Please note: In certain jurisdictions, you may have the right to obtain access to any personal information of yours that is under the control of an organization. We encourage you to reach out directly to the developer or provider of the application you are using with any questions about the developer’s services, access to your personal information, or about our relationship with that developer. We work with our developers to respond to inquiries that relate to us, our services, or our data practices, and may share any communications we receive from you or your contact information with the applicable developer to respond to such inquiries.