Does YNAB use the "Plaid" service for transaction import? If so, are our transactions being provided to and monetized by Plaid?

Your Security FAQ indicates that you utilize Plaid as one of your transaction import providers.  Part of Plaid's business model is to collect and monetize the transaction information that travels through their service, which is explained in their Privacy Policy.  I am a paying YNAB customer and would never, ever agree to knowingly provide this information to Plaid.  Are my transactions being harvested by this company?

 

From their privacy policy:

The information we receive from the financial product and service providers that maintain your financial accounts varies depending on the specific Plaid services developers use to power their applications, as well as the information made available by those providers. But, in general, we collect the following types of identifiers, commercial information, and other personal information from your financial product and service providers:

  • Account information, including financial institution name, account name, account type, account ownership, branch number, IBAN, BIC, and account and routing number;
  • Information about an account balance, including current and available balance;
  • Information about credit accounts, including due dates, balances owed, payment amounts and dates, transaction history, credit limit, repayment status, and interest rate;
  • Information about loan accounts, including due dates, repayment status, balances, payment amounts and dates, interest rate, guarantor, loan type, payment plan, and terms;
  • Information about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis;
  • Identifiers and information about the account owner(s), including name, email address, phone number, date of birth, and address information;
  • Information about account transactions, including amount, date, payee, type, quantity, price, location, involved securities, and a description of the transaction.

Thank you.

19replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Plaid was also just purchased by Visa.

    Like
  • All of those things make perfect sense to me as things that an aggregator would probably end up having access to in order to import your transactions. Yes, YNAB doesn't use things like credit card limits, but other services do. We have laws that say Plaid has to notify you that they have access to all of that. There is no indication in either YNAB's policies nor this one that they monetize this information; but they do have to notify you that they are going to get it. 

    YNAB is a perfectly functional program without direct import. If you are concerned about the security issues surrounding direct import, and YNAB's privacy policies and those of their aggregators don't mollify those concerns for you, then just don't hook up any accounts to direct import. 

    Like 5
  • Hi Violet Motherboard !

    That is correct. We partner with FinicityMXQuovo and Plaid as our providers of Direct Import financial data aggregation, the specifics related to their security policies and practices are on their websites.

    Your YNAB account connections are handled by MX

    The particular section you've highlighted of Plaid's policy seems to refer to general information they can pull in on an integration, like the account and transaction data you want to import into YNAB. To be clear, that is my interpretation. The specific service we use from Plaid is their Transactions product, if that helps.

    Further down in their policy they mention: "We (Plaid) do not sell or rent personal information that we collect." At YNAB, we do not sell users' data. (And we never have!) 

    If you are uncomfortable connecting your banks to YNAB, it's completely optional. We have a few other features to help make entering transactions easy and fast—file-based importing, scheduled transactions, and mobile apps.

    Can you let me know a little more about where monetization is mentioned? I'd be happy to have our team look into this for you, if you have additional concerns.

    Like
  • PLAID is the absolute WORST import service. Other than the privacy issues, they are the ONLY API importer that can't import Capital One. I also just got an email from YNAB saying that everything is switching to PLAID? That is the worst news ever. It's a garbage service. Please find something else.

    Like
    • Cadet Blue Mask Capital One recently made changes to prevent third-party data aggregators from connecting. We've worked with four import partners, and it's been an issue across the board. Plaid is our primary provider moving forward, but if you'd like to explore other options—please report a Bank Importing Issue and our team will be happy to go over the alternatives.

      Like
    • Nicole I did receive an email from the YNAB team that there are other importer options, which is great news! Thank you for the help.

      Like
    • Cadet Blue Mask You're welcome! I hope the other option works for you. 😄

      Like
  • While I like YNAB as a service overall, I'm disappointed by this as well. I was switched to Plaid after they acquired my last import provider and have had nothing but trouble since being forced to move. After contacting support, I was then switched to another import provider (MX). Turns out, the MX Privacy Policy is also concerning (especially when you couple it with the products they offer). For instance, MX's policy states:

    "Data sourced from third-party service providers is shared with our clients and also used by us on behalf of our clients in the aggregate to customize promotional offers for financial products."

    Interestingly, YNAB's privacy policy still claims:

    "YNAB has not and does not transfer information to third parties for direct marketing purposes."

    I'm not sure if that claim holds because it's not "direct marketing", the info isn't technically passed by YNAB as the import provider collects it directly (albeit on YNAB's behalf), and/or if it's because YNAB defers to the import provider's privacy policy.

    As a paying YNAB customer, I'm very disappointed by these arrangements. I would be more apt to understand if this was a free service (because free often means you are the product).  

    With all the recent import provider switching I've been through recently, I'd like to know how to retroactively opt out, withdraw consent, and request my information be forgotten by all import providers. I like YNAB as a service, but really question the privacy model and my willingness to renew my subscription.

    Like
      • Herman
      • herman
      • 4 mths ago
      • Reported - view

      Coral Battery Your best bet is probably to remove your account connections and cancel your ynab subscription.

      Like
    • Herman thank you. I think that's a good start (deleting rather than canceling would be better).

      I'm also curious how to request all the import providers delete information previously obtained.

      The other step I would recommend people take is to change all their banking passwords after deleting the account. That should prevent the import providers from trying to still collect info surreptitiously.

      Like
    • Hi Coral Battery !

      The snippet above from MX's website doesn't apply to YNAB. It says that data sourced from third-party service providers is used by them, but we don't provide information to third parties (so we don't fall into that category). 

      That being said, direct import is completely optional. If you remove your bank connections from your budget, that will disconnect your direct import link. You can also use our Bank Importing Issue form to share your concerns with our Direct Import team and they can better direct you on next steps. 

      We'd hate to see you go, but we understand if you decide YNAB isn't for you.

      Like
      • Herman
      • herman
      • 4 mths ago
      • Reported - view

      Coral Battery For the record, I'm not recommending this for anyone else,  only you since you are so concerned about this connection. Me, I'm happy to connect all my accounts and if the import providers want to know I eat fast food way too many times each week, they are welcome to that information.  I have zero concerns about ynabs direct import privacy. 

      Like
    • Herman thanks for taking the time to reply and share your perspective.  We have different perspectives on privacy and that's okay.

      To share another viewpoint, much more can be done with the data. Beyond knowing we eat out too many times a week, timelines of geographically where someone been could be pieced together. More concerningly, the information could lead discrimination. You might get one ad, offer, or discount based on a profile they've built about you while someone else gets a different one. You could be placed in an information "filter bubble" in an attempt to personalize results.

      Like
    • Faness thanks for letting me know the other form may help with next steps. I could be wrong, but think that snippet from MX does apply. If read in wider context, it seems to fit YNAB: 

      "When the software feature to aggregate external accounts is activated, we share personal data with Data Aggregator Service Providers, who share with us the financial transactions of the external account. These processing activities are key to our business value. We source this information on behalf of our clients, as authorized by our clients’ customers, in order to perform our contractual obligations under our service agreements. This service is an integrated part of our overall advanced data analysis features available with our personal finance software and related services. Data sourced from third-party service providers is shared with our clients and also used by us on behalf of our clients in the aggregate to customize promotional offers for financial products. We do not separately sell personal data."

      I could very well be wrong. Either way, MX clearly has Targeted Marketing and Analytics products they sell and may have incentive to misuse info gathered via paying YNAB customers.

      Like
      • Herman
      • herman
      • 4 mths ago
      • Reported - view

      Coral Battery Thanks, I don't see anything harmful from those two examples either.  I agree that it is ok that we have different perspectives.  I hope you are able to remove yourself from the databases and get the privacy you desire. 

      Like
  • I was also just switched to Plaid and all my Capital One transactions imported without a hitch so it sounds like at least one import provider has figured out the Capital One debacle.

    Like
      • LoaferDude
      • furious_falcon
      • 3 mths ago
      • Reported - view

      sgarelick I don't think that is true. The same thing happened to me when they moved to Plaid and I assumed everything was working well. Plaid seemed to maintain the connections well enough, but imports were not taking place. I finally decided to unlink CapOne and delete the connection before recreating it, and voila, Plaid does not support CapOne at all. 

      Are imports working for you or is it just showing a tick saying connection is good and such?

      Like
      • sgarelick
      • sgarelick
      • 3 mths ago
      • 1
      • Reported - view

      LoaferDude My bad, I meant to write "I was also just switched to MX" (not Plaid). All my Capital One transactions imported correctly this morning with MX. Thanks for catching my typo.

      Like 1
      • David
      • pookas24
      • 3 mths ago
      • 1
      • Reported - view

      sgarelick Ditto.  I was stuck in Plaid limbo for a few weeks until combing the forum and requested YNAB move me to MX.  Bingo!  Problem solved.  At some point would love to hear Jesse Mecham's post-mortem on how all this went sideways.

      Like 1
Like1 Follow
  • 1 Likes
  • 3 mths agoLast active
  • 19Replies
  • 846Views
  • 14 Following