What the Plaid Privacy Settlement Actually Means for People Using Budgeting Apps

If you have ever used Venmo, Coinbase, Robinhood, Stripe, or basically any modern app that touches your bank account, there is a very good chance you have used Plaid without knowing it.

Plaid is the company that sits between thousands of consumer apps and your bank. When you connect a budgeting app to your checking account by entering your bank login, it is usually Plaid receiving those credentials and pulling your transaction history.

In July 2022, Plaid agreed to pay $58 million to settle a class action lawsuit over how it handled that data. The case was In re Plaid Inc. Privacy Litigation, and final approval was granted by Judge Donna M. Ryu in the Northern District of California.

I read through the public summaries because I was building a personal finance app and trying to understand whether I should integrate Plaid myself. I decided not to, and a lot of that decision came from understanding what this lawsuit was actually about. This post is the explainer I wish I had found when I was looking into it.

A few things upfront so this is honest:

• I am not a lawyer. Nothing here is legal advice.
• Plaid denied the allegations and settled without admitting wrongdoing. That is standard in class action settlements and worth keeping in mind.
• Plaid is still a legitimate company used by enormous parts of the financial industry. This post is not a takedown. It is just an explanation of what the lawsuit alleged so you can make your own informed choice about which apps you trust with what.

What Plaid actually does

Most people I talk to think Plaid is just a "bank connector." That is sort of true but it misses the interesting part.

When you connect an app to your bank through Plaid, here is what typically happens:

1. The app shows you a Plaid-branded popup
2. You pick your bank
3. You enter your bank username and password into the popup
4. Plaid uses those credentials to log into your bank as you and pull your account info, balances, and transaction history
5. Plaid passes the relevant data back to the app

The catch is in step 4. Historically, this was done via a method called screen scraping. Plaid would log into your bank's website with your credentials and read the data off the page. That model dominated for years, until banks started offering proper APIs and OAuth flows so Plaid would no longer need your raw password.

In late 2022, Plaid announced that new connections to major US banks like Chase, Wells Fargo, and Capital One were going through OAuth APIs rather than credential-based screen scraping. The rollout has been a multi-year transition and legacy connections from earlier may still exist, but for new users linking through those institutions, the raw-password model is largely behind us. That is a real improvement and worth acknowledging.

But two things to notice about the older model, which still affects anyone using an app built before that transition:

• You were giving your actual bank login to a third party
• That third party was now logged into your bank as you, with the access your password gave

That is the part that became the basis of the lawsuit.

What the lawsuit alleged

The class action was filed by consumers who had used apps powered by Plaid. The plaintiffs alleged several things. I am going to use careful language here because these are claims that were made in court, not things Plaid was found to have done. Plaid denied the allegations.

According to the plaintiffs' filings, the allegations included:

• That Plaid collected more financial data than was necessary for the specific app the user was connecting. For example, pulling years of transaction history for what should have been a one-time balance check.
• That the Plaid-branded popup was designed to look like the user's own bank login screen, and that this allegedly led users to believe they were entering credentials directly into their bank rather than into a third-party service.
• That Plaid retained bank credentials and transaction data and used it for purposes beyond what users had agreed to when they connected an app.

Again: these are allegations from a complaint, not findings of fact. The case settled before going to trial. The full complaint and settlement notice documents are available on the official settlement website.

What the settlement included

The settlement had two parts.

Money: Plaid agreed to pay $58 million into a settlement fund. After legal fees and administrative costs, the rest was distributed to class members who filed claims. Per-person payouts were small, in the range of a few dollars to a few dozen dollars depending on use.

Business practice changes: As part of the settlement, Plaid agreed to:

• Delete certain data it had collected
• Provide more transparency about what it collects
• Make it easier for users to see and manage what data Plaid holds about them

The settlement was approved by Judge Donna M. Ryu, and the final approval order issued on July 20, 2022. The full order is available via class counsel at Lieff Cabraser.

Plaid's official position throughout was that they disagreed with the allegations and that the settlement allowed them to focus on what they called "building the future of digital finance." They also pointed to changes they had already made or were making to their consent flow, including the shift toward bank-issued OAuth where available, which removes the need to ever see your password.

The bigger picture: it is not just Plaid

Here is the part that makes this story interesting beyond one settlement.

A 2023 study by Incogni found that 60% of the 20 popular budgeting apps analyzed shared user data with third parties. The study also noted that "data-hungry" apps, the ones collecting twelve or more data points, were more likely to share that data with advertisers, analytics services, and data brokers.

That is not the same thing as the Plaid lawsuit. It is a different issue. But it is related: when you connect a budget app to your bank, your data is flowing through multiple companies, not just one. Plaid is one link in that chain. The app itself is another. Whatever analytics or marketing tools the app uses are more.

For a lot of people, that is fine. Convenience matters more than data minimalism, and modern apps can be careful with data even if they technically have access to a lot of it.

For a lot of other people, especially after seeing headlines about settlements and data sharing studies, the answer is "I would rather not."

What this means if you use a budgeting app

Practical takeaways, plain English:

1. Most major budgeting apps still use Plaid or a similar aggregator. YNAB, Monarch, Copilot, Rocket Money, and basically every "all in one" finance app relies on this kind of integration. If you are using one of them, your data has been through an aggregator at some point.

2. The screen-scraping era is mostly behind us at major US banks. OAuth flows are now standard at Chase, Wells Fargo, Capital One, and others, which means Plaid and similar services typically do not see your raw password anymore. They get a scoped token instead. This is a real improvement.

3. Aggregator coverage outside the US is still patchy. If you bank in Bulgaria, Romania, most of Eastern Europe, large parts of Asia, the Middle East, or Latin America, Plaid often does not work at all, or only works for a small number of banks. This is one of the practical reasons people in those countries end up looking for budget apps that do not require bank linking.

4. Manual entry is a real alternative, not a worse one. I want to be clear about this because the budgeting app industry has spent a decade telling people that bank linking is the only "modern" way to budget. Manual entry has tradeoffs (you have to actually update it) but it also has real advantages: complete privacy, complete control, works anywhere, and forces you to actually look at where your money goes.

5. Read the privacy policy of the app you are using. Specifically, look for what they collect, who they share it with, and how long they keep it. The privacy policy is usually clearer than the marketing page.

Where I landed

I built Lucrio without any bank integration. Not because I think Plaid is evil. Plaid is a real company with real engineers solving real problems, and they have made their consent flows better over time. I built it without bank integration because:

• I wanted the app to work for people in countries Plaid does not cover
• I wanted to be able to honestly tell users that their financial data never leaves their browser session unless they explicitly choose to share it with our AI assistant
• I wanted a budgeting model that forces you to actually engage with your money rather than passively watching dashboards update

If those tradeoffs sound right to you, Lucrio might be a fit. If they do not, there are several other no-bank-linking apps that work great. Goodbudget and Actual Budget are both worth looking at. I will write a longer comparison post later.

What to do with all this

If you read this and you are now anxious about every app on your phone, that is not the takeaway. Most of the apps you use are fine. The takeaway is:

• Know which of your apps see your bank data
• Read their privacy policies (just the data sharing section)
• Make sure you are comfortable with it
• If you are not, there are alternatives

The Plaid settlement was not the end of the story. It was a moment that pushed the industry toward better practices, and a useful prompt for people to think about what they actually want from a budgeting tool.

I am still figuring out what I think about all of this. If you have thoughts, I am at @lucr_io on X or just email me.

---

Sources

• Legal: Order Granting Final Approval of Plaid Settlement (N.D. Cal, July 20, 2022)
• Settlement documents: Official Plaid Settlement Website
• Technical shift: Plaid's announcement on 100% API-based connectivity at major banks
• Privacy research: Incogni Study: Budgeting Apps and Data Sharing