Enabling two-factor authentication
TOTP apps, backup codes, and recovery if you lose your device.
Security
Security
Two-factor auth, encryption, what we store, what we don't, and responsible disclosure.
01
02
How we encrypt your data
At rest, in transit, and key management.
03
What we store, what we don't
Read-only Plaid scopes, hashed credentials, no transaction-level data sold.
04
How Plaid security works
Bank-level OAuth — your bank credentials never touch our servers.
05
Reviewing active sessions
Sign out everywhere if a device is lost or stolen.
06
Reporting a security issue
Responsible disclosure, scope, and our response timeline.
07
SOC 2 status
Where we are in the audit process and what's available.
08
GDPR & data subject rights
How EU users request, export, or delete data.
09
Privacy by default
What's enabled out of the box and what's optional.
Didn't find your answer?
Email a human.
We answer every message — usually within four hours. No tier-gating, no AI-only triage.