Access Controls

Separate access controls are enforced at each layer of infrastructure. Multi-factor authentication is required for access to Plaid infrastructure. All application and user access logs are stored centrally and monitored.

Routine tests

Plaid regularly undergoes both internal and external network penetration tests, and third-party code reviews. Plaid has also completed a SOC 2 report. If you have any questions, please email us at

Traffic controls

The Plaid API only allows client requests using strong TLS protocols and ciphers. Communication between Plaid infrastructure and financial institutions is transmitted over encrypted tunnels. All client communication with Plaid's API utilizes cryptographically hashed headers and timestamps to verify authenticity.

Bug reports

If you think that you have found a security issue, please contact us at We take all reports seriously. Please do not publicly disclose the issue until we’ve addressed it.

Have security questions?

Please get in touch if you have specific questions or concerns

Contact us