Access to systems and data is restricted to authorized accounts under least privilege. No account beyond those required is permitted to reach the application or its data.
Multi-factor authentication is required on every account that can access the application or its data, and must be satisfied before access is granted.
API keys and access tokens are confined to a dedicated secret store and are excluded from source code, data files, and logs.
Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent managed encryption). Production runs only on a managed platform kept patched by its provider; administering devices require automatic updates, full-disk encryption, screen-lock, and anti-malware.
In-scope data is limited to account and transaction data obtained through Plaid, used solely to present users a view of their own finances. It is not sold and is disclosed to no party other than the data source and the hosting platform. Consent is a precondition for collection, processing, and storage.
Data is retained only while needed and is deletable on request. Ending a connection requires removing the Plaid Item and deleting its access token, revoking further access.
Plaid and the hosting platform are the only external parties with data access; reliance is limited to their published security and compliance controls.
A qualifying response to a suspected incident requires rotating affected credentials, invalidating affected access tokens, reviewing logs for unauthorized access, and restoring to a known-good state.