If you've ever connected a bank account to an app, there's a good chance Plaid was involved. Venmo, Coinbase, Robinhood, and thousands of other fintech apps use Plaid to access your bank data.
But what exactly does Plaid hand over? "Transaction data" is vague. Let's get specific.
What Plaid Is
Plaid is a data network that sits between your bank and the apps you use. Instead of giving each app your bank credentials directly, you authenticate through Plaid once, and Plaid handles the ongoing connection.
Think of Plaid as a secure intermediary. Your bank trusts Plaid. Apps build on Plaid's API. You authorize each connection individually.
Plaid connects to over 12,000 financial institutions and is used by more than 8,000 apps. It's the plumbing behind most of the fintech industry.
The Exact Data Plaid Shares
When an app requests your transaction data through Plaid, here's what it can access:
Transactions
| Field | Example |
|---|---|
| Date | 2026-04-15 |
| Merchant name | Whole Foods Market |
| Amount | -$47.23 |
| Category | Food and Drink |
| Payment channel | In-store |
| Transaction ID | unique identifier |
| Pending status | false |
Accounts
| Field | Example |
|---|---|
| Account name | Chase Checking |
| Account type | Depository / Checking |
| Last 4 digits | ••4821 |
| Current balance | $2,341.00 |
| Available balance | $2,291.00 |
Institution
| Field | Example |
|---|---|
| Bank name | Chase |
| Institution ID | ins_56 |
That's the core dataset. Most read-only apps get nothing beyond this.
What Plaid Does NOT Share
This list matters more than what it does share:
- Your bank username or password
- Your full account number (only last 4 digits)
- Your routing number
- Your Social Security Number
- Your date of birth
- Wire transfer or ACH initiation capability
- The ability to move money in any direction
An app with standard read-only Plaid access can see your transactions. It cannot touch your money.
💡 Tip
The question to ask about any Plaid-connected app isn't "can it see my data?" — it's "what does it do with the data it sees?" That's governed by the app's privacy policy, not Plaid's.
How Plaid Permissions Work
Plaid uses a scoped permission model. Apps must declare which data types they need, and you authorize each scope when you connect.
The main permission categories:
- Transactions — read historical and recent transactions
- Auth — read account and routing numbers (for ACH payments)
- Identity — read name, address, email on file with the bank
- Assets — read account history for loan underwriting
- Investments — read investment account holdings
- Liabilities — read loan and credit card balances
- Payment initiation — initiate bank transfers (separate, explicit permission)
A budgeting or spreadsheet app only needs Transactions. It has no reason to request Auth, Identity, or Payment Initiation — and if it does, that's worth questioning.
SheetLink requests Transactions only. No payment initiation, no identity data, no account numbers.
What Happens After You Connect
Once you authorize an app, Plaid issues that app an access token — a long, encrypted string tied to your specific bank connection. The app stores this token and uses it to request data from Plaid on your behalf.
Your actual bank credentials are never stored by the app. They go to Plaid once during setup and are not retained after authentication.
The access token:
- Is scoped to the specific permissions you authorized
- Can be revoked at any time (from the app or from my.plaid.com)
- Expires if unused for an extended period
- Does not grant access to other banks or accounts
The Difference Between Apps Built on Plaid
Plaid controls what data it shares. But what each app does with that data is entirely up to the app.
Two apps can both use Plaid and handle data completely differently:
App A — fetches transactions, writes them to your Google Sheet, stores nothing server-side. Transaction data lives in your spreadsheet, not on their servers.
App B — fetches transactions, stores them in their own database, builds behavioral profiles, shares aggregate data with "partners."
Both are Plaid-powered. Neither violates Plaid's terms. But App A is meaningfully more private.
When evaluating an app, read the privacy policy specifically for:
- What data is stored on their servers
- How long it's retained
- Whether it's shared with third parties
- Whether you can request deletion
Plaid's Own Data Practices
Plaid itself collects and stores data beyond what it passes to apps. Their privacy policy covers:
- They store transaction data to power their network (fraud detection, income verification products)
- They previously sold consumer data — a 2022 class action settlement ($58 million) resulted in updated practices prohibiting selling transaction data for advertising
- They offer a consumer portal at my.plaid.com where you can see connections and request data deletion
Plaid is a business with its own interests. Their practices have improved significantly post-settlement, but it's worth understanding that the data network itself has economic value beyond just providing an API.
How to See and Control Your Plaid Connections
my.plaid.com is the central dashboard for your Plaid connections:
- Go to my.plaid.com
- Log in with the email associated with your bank
- See every app connected to every bank via Plaid
- Revoke any connection in one click
You can also disconnect from within each app — most have a "Remove bank" or "Disconnect" option. Either method works; revocation is immediate.
What This Means for SheetLink
SheetLink uses Plaid with Transactions scope only. Here's specifically what that means:
- We request: date, merchant, amount, category, account name, balance
- We do not request: account numbers, identity data, payment initiation
- We do not store transaction data on our servers — it goes from Plaid directly to your Google Sheet or output format of choice
- You sync manually — data only moves when you initiate it
- You can disconnect any bank from the Bank tab at any time
The Chrome extension source code is publicly available on GitHub if you want to verify any of this.
The short version: Plaid shares transaction metadata — not credentials, not account numbers, not the ability to move money. What matters is what the app on top of Plaid does with that data. Read the privacy policy, check the permissions requested, and look for apps that give you control over when your data moves.