Security is essential to everything we do. If you have specific questions or concerns, contact us at firstname.lastname@example.org
Role-based access controls are enforced at each layer of infrastructure. Multi-factor authentication is required for access to Plaid infrastructure. All application and user access logs are stored centrally and monitored.
Plaid regularly undergoes both internal and external network penetration tests, and third-party code reviews. Plaid also maintains a SOC 2 Type II report by testing the design and operational effectiveness of our Information Security program using independent auditors. If you have any questions, please email us at email@example.com.
The Plaid API only allows client requests using strong TLS protocols and ciphers. Communication between Plaid infrastructure and financial institutions is transmitted over encrypted tunnels. All client communication with the Plaid API requires API key authentication and utilizes cryptographically hashed headers and timestamps to verify authenticity.
We operate a bug bounty program through HackerOne that covers all of our public facing endpoints. If you think that you have found a security issue, please submit a report to us through our HackerOne campaign for a bounty, or contact us at firstname.lastname@example.org. We take all reports seriously, please do not publicly disclose the issue until we've addressed it.