What was the Plaid class-action lawsuit about?

In 2020, a class-action lawsuit alleged that Plaid collected years of bank transaction history beyond what users consented to when linking their accounts through apps like Venmo. Plaid settled a related case for $58 million in 2022.

Is Plaid safe to use in 2026?

Plaid uses encryption and bank-grade security, so the risk is not hacking. The concern is scope of data access — Plaid typically accesses full transaction history beyond what many apps need, and maintains ongoing access to your account until you manually revoke it.

Can I track my spending without Plaid or bank login?

Yes. You can download your bank statement as a PDF from your online banking portal and upload it to a statement analyzer. This gives you the same spending breakdowns and category tracking without sharing any bank credentials with a third party.

What data does Plaid actually access from your bank?

Plaid typically accesses full transaction history (often years, not just recent months), account balances, and sometimes identity information such as name and address. The exact scope depends on the permissions the app requests through Plaid's API.

Privacy & Security

8 min read·March 2026

I Don't Trust Plaid — How I Track My Spending Without Bank Login

When Venmo was sued in 2020 for sharing bank credentials with Plaid without clear consent, I stopped trusting every app that asked for my bank login. Here's what I do instead — and why it works just as well without the privacy risk.

The Lawsuit That Changed How I Think About Fintech

In 2020, users filed a class-action lawsuit against Venmo alleging that when you linked your bank account, Venmo quietly handed your credentials to Plaid — which then accessed years of your bank history without explicit permission to do so. The lawsuit was not about Plaid being hacked. It was about scope: users consented to linking a bank for payments, not to a third party vacuuming up years of transaction history.

Plaid settled a similar class-action in 2022 for $58 million, with allegations that their login screens were deliberately designed to look like bank login pages — misleading users into thinking they were authenticating directly with their bank rather than sharing credentials with a middleman. You can read the full breakdown in our deep dive on Plaid safety.

These are not fringe concerns. They are documented legal cases. And they revealed something that should give any privacy-conscious person pause: when you "connect your bank" to a budgeting app, you are often handing your credentials to a company you have never heard of, under terms that are not always transparent about what data gets collected and for how long.

What Plaid Actually Does With Your Credentials

Plaid is a data aggregator. When you enter your bank username and password into an app that uses Plaid, those credentials go to Plaid's servers. Plaid then uses them to access your bank account on your behalf — pulling transaction history, balances, account details, and sometimes identity information.

The connection is not a one-time event. It is ongoing. Every day (or every few hours), Plaid re-accesses your account to pull fresh data. That means a third-party company you did not explicitly choose has persistent, read-level access to your bank account indefinitely, until you manually revoke it.

And here is the part that bothers me most: revoking is not straightforward. To fully disconnect Plaid from your bank, you generally need to go to the Plaid Portal, go through your bank's security settings, or in some cases change your banking password entirely. We have a step-by-step guide on revoking Plaid access for every major bank if you want to go that route.

The Problem With "Just Trust Us"

Every fintech company says their security is bank-grade and your data is safe. These are marketing statements, not technical guarantees. What they cannot say — and this is the honest truth — is that a credential they hold can never be misused, never be exposed in a breach, and will never be used beyond what you originally intended.

The credential is the key. Once a third party holds it, you have permanently expanded your attack surface. Every person who has access to that company's systems — engineers, contractors, acquired companies, and any future acquirer — theoretically has access to your bank account. That is not paranoia. That is how credential-based security works.

The only way to truly eliminate this risk is to never share the credential in the first place. And it turns out, for budgeting purposes, you do not need to.

If you'd rather not hand over your bank login

You can try the PDF approach here. Upload a statement, AI sorts your transactions, and nobody gets your credentials.

Upload a statementNo bank login · Free to start

The PDF Approach: What You Give Up, What You Gain

PDF-based budgeting works like this: download your monthly bank statement (a PDF your bank already generates for you), upload it to a tool like Spend & Invest, and AI reads and categorizes every transaction. The process takes under a minute for a typical monthly statement.

Here is what you give up compared to Plaid-connected apps:

Real-time sync. Your dashboard updates once a month when you upload, not daily. You do not get live balance notifications.
Automatic import. You have to remember to download and upload each month. It takes 2 minutes but is not automatic.

Here is what you gain:

No credential risk. Your bank username and password never leave your browser. No third party holds them.
No ongoing access. The PDF is a point-in-time snapshot. Once processed, there is no connection to your live bank account.
Works with any bank worldwide. Plaid supports primarily US and Canadian banks. PDF upload works with any bank that generates a statement — including ADCB, HSBC, Emirates NBD, Barclays, and every other institution globally.
You control exactly what the app sees. Upload one month. Upload six months. Upload only the accounts you choose. The access scope is defined by what you upload, nothing more.

What You Can Do With the Analysis

The analysis you get from PDF upload is the same data you would get from a Plaid-connected app, just delivered differently. Once your statement is processed, you get:

Category breakdown. Every transaction sorted into categories: Groceries, Dining, Subscriptions, Transportation, and any custom categories you set up.
Month-over-month comparisons. Upload multiple months and see how your spending changes over time.
Natural language queries. Ask questions like "how much did I spend on dining last month?" or "what subscriptions am I paying for?" and get instant answers.
Recurring charge detection. AI automatically identifies subscriptions and recurring charges across your statement history.
AI that learns from corrections. Correct a category once for a vendor and the system remembers it for every future statement.

How to Get Your PDF From Major Banks

Every major bank makes PDF statements available through online banking. Here is a quick reference for the most common banks:

Chase: chase.com → Account → Statements & Documents → Select month → Download PDF
Bank of America: bankofamerica.com → Accounts → Statements & Documents → PDF
Capital One: capitalone.com → Account → Statements → Download PDF
Wells Fargo: wellsfargo.com → Accounts → Statements & Documents → View Statement
Any other bank: Look for "Statements," "Documents," or "e-Statements" in your online banking portal.

We also have detailed download guides for Chase, Bank of America, Capital One, and Wells Fargo.

You Do Not Have to Choose Between Tracking and Privacy

The narrative in fintech has been that convenience requires credential sharing. That automatic sync is the price of financial visibility. That if you want to understand your spending, you have to hand over your bank login.

That is not true. The 2-minute monthly upload is a small trade for meaningful privacy gain. You get the same spending analysis — the same category breakdowns, the same trends, the same AI queries — with zero ongoing credential exposure.

If you want to understand more about why we built this way, read why we do not require a bank login. If you want to clean up any existing Plaid connections, our Plaid revocation guide walks you through every major bank.