Is Plaid Safe? What Really Happens When You Link Your Bank
Short answer: Plaid is a legitimate, widely used financial data network that uses bank-grade encryption and is generally considered safe from a security standpoint. The real question is not “will Plaid get hacked” but “how much of your financial data do you want a third-party company to see and store.” When you link your bank through Plaid, you typically grant an app ongoing read access to your transactions, balances, and account details — and that data lives on servers, not just on your phone.
What is Plaid, exactly?
Plaid is a financial data aggregator. It sits between the apps you use (like budgeting tools, bookkeeping software, and payment apps) and your bank. When an app says “Connect your bank account,” there is a very high chance Plaid — or a competitor like MX or Finicity (owned by Mastercard) — is doing the actual connecting behind the scenes.
Plaid is used by thousands of apps and, by its own reporting, has connected with a large share of US bank accounts. It is not a scam or a fringe service. It is core infrastructure for the modern fintech industry.
What actually happens when you link your bank through Plaid?
Here is the step-by-step of a typical Plaid connection:
- You tap “Connect bank account” inside an app.
- Plaid shows you a list of banks and asks you to select yours.
- You enter your online banking username and password (or authenticate through your bank’s own login, depending on the connection method).
- Plaid establishes a connection and retrieves data such as your account balances, transaction history, and account/routing numbers.
- Plaid passes the requested data to the app you were using — and, in most setups, keeps a connection open so the app can pull fresh data on an ongoing basis.
The key point: this is usually not a one-time snapshot. Many connections are persistent, meaning the app can keep reading your transactions for as long as the link stays active.
What data does Plaid collect and share?
The exact data depends on what the app requests, but it commonly includes the categories below.
| Data category | Examples | Typically ongoing? |
|---|---|---|
| Account identity | Name on account, account/routing numbers | One-time or refreshed |
| Balances | Current and available balance | Yes |
| Transactions | Merchant, amount, date, category | Yes |
| Account details | Account type, institution name | One-time |
| Investments/liabilities | Holdings, loan balances (if requested) | Varies |
Facts worth knowing:
- Plaid stores data on its own servers to power the connections it provides.
- Plaid has published a consumer-facing privacy policy and a “Plaid Portal” (plaid.com/legal) where users can view connections and, in some cases, request deletion.
- In 2022, Plaid agreed to a $58 million class-action settlement over allegations about how it collected and used consumer data, without admitting wrongdoing. This is public record and easy to verify.
- Under US rules, an app that aggregates your financial data can qualify as a “financial institution” subject to the FTC Safeguards Rule (16 CFR 314), which requires a written information security program.
Is Plaid safe from a security perspective?
From a pure cybersecurity standpoint, Plaid uses encryption in transit and at rest and undergoes third-party security assessments. There is no evidence of a mass breach of Plaid’s core systems as of this writing. In that narrow sense, “is Plaid safe” gets a reasonable “yes.”
But security and privacy are different questions:
- Security asks: can bad actors steal the data? Plaid invests heavily here.
- Privacy asks: who is allowed to see, store, and use the data — and for how long? This is where reasonable people disagree.
When you link a bank via Plaid, you are adding at least one more company (Plaid) and usually a second (the app itself, plus its cloud hosting provider) to the list of parties that hold a copy of your financial activity.
What are the real risks of linking your bank?
The realistic risks are less “dramatic hack” and more “quiet accumulation”:
- Expanded attack surface. Every company that stores your data is another potential breach target. More copies, more exposure.
- Persistent access. A connection you set up once may keep pulling data for months or years until you actively revoke it.
- Data used beyond the obvious. Aggregated financial data is valuable. Read the app’s privacy policy to see whether your data is used for analytics, product improvement, or shared with partners.
- Forgotten connections. Many people link banks to apps they later stop using but never disconnect.
None of this makes Plaid uniquely bad. It makes bank-linking, as a category, something worth doing deliberately rather than by reflex.
How do I protect myself if I do use Plaid?
If bank connection is worth the convenience for you, you can still reduce your exposure:
- Only connect to apps you actually trust and actively use.
- Review your active connections periodically (check the app and the Plaid Portal at plaid.com).
- Disconnect any app you have stopped using.
- Read the privacy policy of the app itself — Plaid is only one link in the chain.
- Prefer apps that let you choose which accounts to share, rather than all of them.
Is there a way to do bookkeeping without linking a bank at all?
Yes. Not every bookkeeping tool requires a bank connection. Keel: Invoice Maker & Receipts takes the opposite approach: there is no bank connection, no cloud account, and no data aggregator in the middle.
With Keel, your invoices, receipts, and mileage records are created and stored encrypted on your iPhone. The App Store privacy label reads “Data Not Collected.” The tradeoff is honest: because nothing pulls from your bank automatically, you do a little more manual entry. In exchange, no third party — not Plaid, not a cloud host — holds a copy of your books.
Bank connection is genuinely convenient and reasonable for many people. Keel exists for the people who would rather keep their financial records entirely on their own device.
You can see the on-device model here: Keel: Invoice Maker & Receipts on the App Store.
Frequently asked questions
Is Plaid a scam? No. Plaid is established financial infrastructure used by thousands of legitimate apps and banks. The concern is about data privacy and ongoing access, not legitimacy.
Does Plaid store my bank password? It depends on the connection method. Newer “open banking” connections authenticate through your bank directly and use tokens rather than storing raw credentials. Older methods may involve credential-based access. Check the specific app and Plaid’s current documentation.
Can I delete my data from Plaid? Plaid offers a consumer portal (plaid.com) where you can view connections and request deletion in supported regions. You should also disconnect the app on the app’s own side.
Is Plaid safe for banking? It is broadly considered secure, with encryption and third-party audits. “Safe” for you depends on how comfortable you are with additional companies storing your financial data.
What is the most private way to do bookkeeping? The most private approach is one where your data never leaves your device. On-device tools like Keel store everything encrypted on your iPhone with no bank link and no cloud, so there is no aggregator holding your records.
Keel keeps your books on your iPhone — no bank connection, no cloud, no account. Free to start (3 invoices/month plus unlimited receipts and mileage); Pro is $7.99/month or $59.99/year. Try it: Keel on the App Store.
Run your money on your own phone
Keel — invoice, receipts, and one honest number.
The on-device financial brain for a company of one. Free to start, no account, nothing readable leaves your iPhone.
On-device · No account · Data Not Collected