What Plaid Actually Sees When You Link a Bank Account
If you've used any modern finance app in the last decade, you've almost certainly linked an account through Plaid. It's the plumbing behind Venmo, Robinhood, Chime, Wise, countless budgeting apps — and UseKYN. But Plaid is a black box to most people. What does it actually see? What does it store? Where does the data go?
This post answers those questions plainly, and explains what UseKYN does differently from apps that request everything by default.
Short version: Plaid connects to your bank on your behalf and pulls only the categories of data the app asks for. Those categories are called "products." The app chooses which products to request. Privacy depends heavily on that choice — and most apps choose "all of them."
What Plaid is
Plaid is a data-network company. Apps pay Plaid to let users connect their financial accounts. When you tap "Link Account" in an app, Plaid shows you a login screen for your bank, you enter credentials (or OAuth through your bank's app), and Plaid gets a token that lets it pull data on the app's behalf.
Two important points:
- Your credentials don't go to the app. You log in inside Plaid's window. The app never sees your bank username or password. It gets a token instead.
- Plaid acts as a middle layer. It talks to your bank via API (at banks that support it) or via screen-scraping (at banks that don't). It normalizes the data and hands it to the app.
What Plaid can access — by product
Plaid offers different "products," each with a different scope of access. An app requests specific products when it builds its Plaid integration. Here are the main ones:
| Product | What It Sees |
|---|---|
| Auth | Account and routing numbers. Used to verify an account for payments or transfers. |
| Balance | Real-time account balance. Nothing else. |
| Transactions | Transaction history — merchant name, amount, date, category. Typically 24 months. |
| Identity | Name, address, email, phone number on file at the bank. |
| Assets | A snapshot of balances + transactions formatted as an asset report (often for underwriting). |
| Investments | Holdings, cost basis, and investment transactions at brokerages. |
| Liabilities | Student loan, credit card, and mortgage details — balances, APRs, minimum payments. |
| Income | Verified employment and income data (used by lenders and payroll tools). |
An app that only needs transactions can request just Transactions. An app that verifies bank accounts for transfers only needs Auth. Most budgeting apps request Transactions + Identity + Auth + Balance at minimum — and many grab Investments and Liabilities on top "in case users want those features someday."
What Plaid stores
Plaid does store data. It caches transactions, account metadata, and tokens. Per its policies, Plaid is also allowed to use end-user data to improve its own services and products — though it says it does not sell end-user data to third parties, and in 2022 it settled a class action about data collection by agreeing to restrict how long it retains data from former users.
Plaid's privacy practices are not identical across all jurisdictions. In the EU and UK, Plaid operates under tighter Open Banking frameworks. In the US, policy is looser and evolving.
Where most apps leak — "link everything"
The hidden cost of "all products" linking: When an app requests every Plaid product at once, two things happen — (1) your data exposure expands beyond what you actually need, and (2) institution availability shrinks, because not every bank supports every product.
Many budgeting apps ask for every product upfront because it's convenient for the app — no need to re-prompt later if the user adds a feature. But this creates a data surplus: the app now has access to your identity details, liabilities, and investments even if you never use those features.
It also causes a real UX problem: institutions that don't support every product are hidden from the selector. You might not see your credit union listed because Plaid's Liabilities product isn't available for that bank.
How UseKYN uses Plaid differently — intent-based linking
UseKYN requests only the Plaid products you actually need for the feature you're using. This is called intent-based linking:
- Linking a checking account to track spending? UseKYN requests Transactions only (plus the base Auth/Balance needed to identify the account).
- Linking a brokerage? Investments only.
- Linking a credit card or student loan? Liabilities only.
Identity is not requested by default. Income is not requested. Assets reports are not pulled unless a specific feature needs them. The result: less data exposure, and more banks available in the selector because each request only needs the narrow product set the user chose.
What UseKYN does with the data that is pulled
This is where the PII firewall comes in. The transaction and account data that comes back from Plaid still contains sensitive fields — merchant names, account numbers, bank names. UseKYN stores the data it needs (encrypted in a private database), but it does not pass it to external services in raw form.
In particular, when UseKYN's AI companion (KYN) answers a question, it doesn't see your bank names, merchant names, creditor names, account numbers, or personal identifiers. It sees category totals ("$2,140 on food"), debt types and APRs ("$8,200 credit card at 24%"), and portfolio summaries ("$31,400 across 12 holdings"). That's it. The identity-level detail never leaves the app's own infrastructure.
The pattern: Plaid is the pipe. What matters is how wide you open the valve (which products) and what you do with the water afterward (PII handling). UseKYN keeps the valve narrow and filters identity out before anything touches the AI layer.
What you can do about your own Plaid data
Plaid has a consumer-facing portal at my.plaid.com where you can see every app you've connected through Plaid and revoke individual connections. If you're not sure what you've linked over the years, it's worth checking once and disconnecting apps you no longer use.
Revoking a Plaid connection there stops the data flow between Plaid and that app. It doesn't delete data the app has already stored — you'd need to ask the app for deletion separately.
TL;DR
- Plaid is a middle layer between your bank and finance apps.
- Your bank credentials don't go to the app — they're entered inside Plaid's window.
- Apps choose which "products" to request. That choice defines how much Plaid sees.
- Most budgeting apps request everything; UseKYN requests only what each feature needs.
- Even after data comes back, UseKYN keeps your identity out of the AI layer with a PII firewall.
- You can review and revoke Plaid connections at my.plaid.com.
Want to see the intent-based linking flow in practice?
When you link an account in UseKYN, you'll see exactly which Plaid product is being requested and why. No surprise permissions.