You think you're diversifying your financial tools. You use YNAB for budgeting, Venmo for payments, Robinhood for investing, Rocket Money for subscriptions. Different apps, different logos, different marketing copy.
But pull back the curtain, and they all feed into the same pipe: Plaid.
Plaid connects to over 12,000 financial institutions, powers 8,000+ fintech apps, and as of 2025, more than 150 million American consumers have connected a bank account through Plaid's infrastructure. That's roughly 1 in 2 U.S. adults with a bank account.
The "facade" changes — the YNAB envelope, the Venmo emoji, the Robinhood confetti — but the backend remains the same. Every one of those apps sends your bank credentials and transaction data through Plaid's servers.
Think about that. One company has the keys to your entire financial life. Every purchase. Every paycheck. Every transfer. Across every app you use.
That's not diversification. That's a single point of failure.
The $58 Million Lawsuit You Probably Never Heard About
In July 2022, a U.S. federal court approved a $58 million class-action settlement against Plaid. The case, consolidated from five separate complaints, alleged that Plaid had been engaging in deceptive practices regarding consumer data. Plaid denied any wrongdoing but agreed to the settlement to resolve the litigation.
According to court filings, the core allegations included:
- Deceptive login screens: Plaid designed its "Plaid Link" interface to mimic the actual login pages of consumers' banks — using bank-specific colors, logos, and layouts. Users believed they were entering their credentials into their own bank's system. They weren't. They were handing them directly to Plaid.
- Over-collection of data: The lawsuit alleged Plaid collected far more financial data than necessary for the services consumers intended to use — including years of transaction history.
- Credential storage: According to the lawsuit, once Plaid had a user's bank username and password, it used those credentials to access and store financial information — allegedly without adequate consent or disclosure.
The settlement covered approximately 98 million eligible consumers — nearly a third of the U.S. population. Individual payouts averaged around $13.50. That's what your entire financial history was worth, apparently.
As part of the settlement, Plaid was required to: minimize the data it stores, delete certain previously retrieved data, improve disclosures, and stop using bank-specific color schemes on its credential screens.
Whether or not Plaid acted in bad faith, the settlement terms — requiring interface changes and data deletion — speak for themselves. These are matters of public court record.
TD Bank Sued Plaid for Impersonating Its Login Page
The class-action wasn't the only legal action. In October 2020, TD Bank filed a separate lawsuit against Plaid in the U.S. District Court for the District of New Jersey.
According to the complaint, TD Bank accused Plaid of trademark infringement and false advertising, specifically alleging that Plaid had:
- Used TD Bank's name, trademarks, logos, and signature green color scheme
- Created login screens that "duped" TD customers into thinking they were on TD's platform
- Stored those login credentials on Plaid's own servers
- Used the credentials to harvest and potentially sell customer transaction data
TD Bank stated it had tried to resolve the issue privately before filing suit. The case was settled inApril 2021 under undisclosed terms. But the message was clear: even the banks themselves had to sue Plaid to stop it from impersonating them.
The DOJ Blocked Visa From Buying Plaid — Because of Monopoly Risk
In November 2020, Visa announced a $5.3 billion acquisition of Plaid. The U.S. Department of Justice immediately filed an antitrust lawsuit to block the deal.
The DOJ's argument was straightforward:
"Visa sought to buy Plaid to eliminate a nascent competitive threat to its monopoly in the online debit market. Internal Visa documents characterized the acquisition as an 'insurance policy' to protect its debit business."
Visa's own internal communications described Plaid as a "threat" and the acquisition as "strategic, not financial." The DOJ cited violations of both the Sherman Act (which prohibits monopolization) and the Clayton Act (which prohibits anti-competitive mergers).
In January 2021, Visa dropped the deal. But the episode revealed how Plaid had consolidated enough power over financial data infrastructure that the U.S. government itself had to intervene.
The Facade Problem: Every App Uses Plaid
Here's what most people don't realize. When you use these popular finance apps, you're not making independent choices. You're funneling your data into the same company:
| App | What You Think You're Using | What's Actually Connecting Your Bank |
|---|---|---|
| YNAB | A budgeting tool | Plaid (+ MX, TrueLayer) |
| Venmo | A payment app | Plaid |
| Robinhood | A stock trading platform | Plaid |
| Rocket Money | A subscription manager | Plaid |
| Monarch Money | A net worth tracker | Plaid (+ Finicity, MX) |
| Coinbase | A crypto exchange | Plaid |
| Acorns | A micro-investing app | Plaid |
| Chime | A neobank | Plaid |
Different logos. Different color schemes. Same data pipeline. Plaid is the common denominator in your entire fintech stack.
If Plaid suffers a data breach, all of these accounts are compromised simultaneously. If Plaid changes its data practices, all of these apps are affected. If Plaid sells data to a new partner, your transaction history from every connected app could be included.
What "No Bank Linking" Actually Means
When we say Finly never links your bank account, we're not just making a privacy marketing claim. We're making an architectural decision that removes Plaid — and every other data aggregator — from your financial life entirely.
Here's what that means in practice:
- No credential sharing: You never type your bank password into our app or any third-party system
- No transaction scraping: We never pull your purchase history from your bank's servers
- No aggregator dependency: If Plaid goes down, gets breached, or changes its terms — Finly is unaffected
- No single point of failure: Your financial data lives in encrypted form whether locally or on Finly servers, not in a centralized database shared across 8,000 apps
Instead, Finly uses AI-powered voice entry and receipt scanning — you speak or snap a photo, and the AI categorizes and logs the transaction locally. The data never needs to leave your device for the core tracking to work.
The Real Math: How Much Data Does Plaid Actually Have?
Let's put some numbers on this to understand the scale:
- 150+ million consumers connected as of 2025
- 500 million linked bank accounts over the past six years
- 40% of U.S. bank account holders have connected through Plaid
- 8,000+ apps feeding data through Plaid's infrastructure
- 12,000+ banks integrated into the system
That's not a fintech company. That's a surveillance infrastructure on par with credit bureaus — except you never applied for it, never asked for it, and probably didn't know you were part of it.
Compare that to how Finly works: zero bank connections, zero accounts linked, zero credentials stored. Your data exists on your device. Period.
But Plaid Says It's Secure
Plaid will tell you they use AES-256 encryption, TLS protocols, multi-factor authentication, and that they hold ISO 27001 and SOC 2 certifications. All true.
They will also tell you they "don't sell or rent consumer financial information." Possibly true.
But here's what they won't tell you:
- Security ≠ Privacy. You can encrypt a database of 150 million people's financial records and still have a privacy problem. The existence of the centralized database is the problem.
- The settlement required them to change. If Plaid's practices were always transparent and fair, a federal court wouldn't have forced them to delete data, change their interface, and pay $58 million.
- Revoking access ≠ deleting data. Even after you disconnect an app through the Plaid Portal, previously shared data may already be in the hands of the apps and their sub-processors.
- "Don't sell" ≠ "Don't monetize." Data doesn't need to be "sold" to be used for commercial advantage. Aggregated insights, market research, and algorithmic profiling are all forms of monetization that exist in gray areas.
What You Can Do Right Now
- Check the Plaid Portal: See which apps have access to your data. You might be shocked by how many connections exist that you forgot about.
- Revoke unused connections: Disconnect apps you no longer use. But know that previously shared data may still exist with those apps.
- Consider manual alternatives: For expense tracking specifically, you don't need bank linking. Finly proves that AI-powered manual entry is faster and infinitely more private.
- Read the privacy policies: Not Plaid's — the apps'. Check what data they receive from Plaid and what they do with it. Most people never read past the first paragraph.
- Separate concerns: If you must use bank-linked apps, at least don't use the same credential across every fintech service. Different email addresses, different passwords, different linked accounts where possible.
The Bottom Line
Plaid isn't evil. It solved a real problem: banks were terrible at sharing data, and fintech apps needed access to function. But the solution created a new problem: a single, centralized chokepoint that holds more financial data than most banks.
You wouldn't store all your physical money in one unlocked box. So why would you route all your financial data through one company?
The next time you connect a new app and see that familiar bank login screen pop up, pause. Ask yourself:who am I actually giving my password to?
Because when the facade changes but the backend stays the same, you're not making a choice. You're making an assumption.
And in privacy, assumptions are the most expensive thing you can afford.
