Engineering note
How Plaid Works: Why Connecting Your Bank to Clarity Is Safe
Clarity uses Plaid to link your bank accounts with read-only access, bank-level encryption, and zero ability to move money. Here's exactly how the connection works and why it's secure.
Connecting a bank account to a third-party app can feel like handing someone the keys to your house. It shouldn't. Clarity uses Plaid to link your financial accounts with read-only access, bank-level encryption, and zero ability to move your money. Here's exactly how it works and why it's safe.
The short version
Clarity never sees your bank password. You log in through Plaid's secure widget, your bank authenticates you directly, and Clarity receives a read-only token that can view balances and transactions but can never move money. That token is encrypted with AES-256-GCM before it ever touches our database.
What Is Plaid?
Plaid is the infrastructure layer between your bank and the apps you use. When you connect a bank account through Clarity, you're authenticating directly with your bank inside Plaid's secure widget — Clarity never sees your bank username or password. Plaid is used by over 8,000 apps including Venmo, Robinhood, Coinbase, and Betterment. It connects to over 12,000 financial institutions in the US, Canada, and Europe.
Plaid is regulated as a data processor, undergoes annual SOC 2 Type II audits, and is regularly reviewed by federal financial regulators. It's the same pipeline that Fortune 500 fintechs trust with millions of connections.
How the Connection Flow Works
When you tap "Connect" in Clarity, here's what happens step by step:
- Clarity requests a Link token from Plaid. This token is short-lived and scoped to your session. It tells Plaid which permissions Clarity is requesting (read-only balances, transactions, and holdings).
- Plaid Link opens in a secure iframe.You see your bank's login screen rendered by Plaid, not by Clarity. Your credentials go directly to your bank through Plaid's encrypted channel. Clarity cannot intercept, read, or store them.
- Your bank authenticates you.This includes any multi-factor authentication your bank requires — SMS codes, authenticator apps, security questions. Plaid passes these challenges through without Clarity ever seeing them.
- Plaid returns an access token to Clarity.This token grants Clarity read-only access to the account data you authorized. Clarity encrypts this token with AES-256-GCM before storing it, so even a database breach wouldn't expose it in plaintext.
- Clarity syncs your data. Balances, transactions, and holdings flow in automatically. Plaid sends webhooks when new data is available, so Clarity stays current without polling.
At no point in this process does Clarity have access to your bank login credentials. The entire authentication happens inside Plaid's infrastructure.
Read-Only Access: What Clarity Can and Cannot Do
Clarity requests the minimum set of Plaid products needed to build your financial picture. Here's the breakdown:
| Clarity can | Clarity cannot |
|---|---|
| View account balances (checking, savings, credit, investment) | Move, transfer, or withdraw funds |
| Read transaction history (merchant, amount, date, category) | Initiate payments, ACH, or direct debits |
| Read investment holdings and positions | Place trades or modify investment positions |
| Detect recurring charges and subscriptions | Change account settings or open new accounts |
| Sync automatically when your bank reports new data | See or store your bank username or password |
The connection is structurally read-only. Even if Clarity's servers were compromised, the Plaid access token does not carry write permissions. Your bank would reject any attempt to move money through it.
How Your Data Is Protected
Security isn't a single feature — it's layers. Here's how each layer works in the Plaid integration:
Encryption in transit
All communication between Clarity, Plaid, and your bank uses TLS. Data cannot be intercepted or read while moving between systems.
Encryption at rest
Plaid access tokens are encrypted with AES-256-GCM before storage. Clarity supports key rotation with up to 10 encryption keys for zero-downtime re-encryption.
Webhook verification
Every Plaid webhook is cryptographically verified before processing. Attackers cannot inject fake data by impersonating Plaid's servers.
No credential storage
Clarity never stores your bank username, password, or MFA codes. Only the encrypted access token Plaid provides after authentication is retained.
For full details on Clarity's security posture, encryption standards, and incident response process, see the security practices page.
Plaid's Own Security Standards
Plaid operates its own rigorous security program independent of the apps that use it:
- SOC 2 Type II certified.Annual third-party audits verify that Plaid's security controls are designed correctly and operating effectively over time.
- Regular penetration testing.External security firms test Plaid's systems for vulnerabilities on an ongoing basis.
- Data minimization. Plaid only accesses the data your bank exposes through its API and only shares what the connecting app requests.
- Consumer controls. You can view and manage all your Plaid connections at my.plaid.com, including disconnecting any app at any time.
Plaid documentation
Want the technical details? Plaid publishes comprehensive documentation covering their Link integration, API reference, token exchange flow, and security practices.
You Stay in Control
You can disconnect any institution from Clarity at any time through Settings> Connections. When you disconnect:
- Clarity deletes the encrypted access token immediately.
- Plaid revokes the connection on their end, so no further data flows to Clarity.
- Your historical data in Clarity is retained unless you explicitly request deletion.
If you delete your Clarity account entirely, all stored credentials and financial data are permanently removed. You can also visit my.plaid.com to independently verify or revoke any Plaid connection regardless of what happens on Clarity's side.
Why Plaid Instead of Screen Scraping
Before Plaid and similar infrastructure providers existed, most finance apps used screen scraping: they'd log into your bank with your actual username and password, pretend to be you, and copy the HTML. This was fragile, slow, and required you to hand your real bank credentials to a third party.
Plaid replaced that model with direct API connections to banks. Your credentials stay with your bank. The connection is tokenized and scoped. The data is structured and reliable. And if a bank changes its website design, your connection doesn't break &mdash because Plaid isn't scraping a webpage.
Common Questions
Can Clarity see my bank password?
No. Your bank credentials are entered directly into Plaid's secure widget and sent to your bank. Clarity never receives, processes, or stores them.
What if Plaid gets hacked?
Plaid maintains enterprise-grade security with multiple layers of defense. In the unlikely event of a breach, Plaid's access tokens can be revoked institution-wide, and Clarity's stored tokens are independently encrypted. No single point of failure exposes your bank login credentials because Plaid doesn't store them in a way that's reversible.
What if I want to stop sharing data?
Disconnect the institution in Clarity's settings, or go directly to my.plaid.com to revoke access. Either method cuts off data flow immediately.
Is my data sold to third parties?
Clarity does not sell your financial data. Your data is used exclusively to power your personal financial workspace. Plaid's data practices are governed by their own privacy policy and consumer data rights regulations.
Core Clarity paths
If this page solved part of the problem, these are the main category pages that connect the rest of the product and knowledge system.
Money tracking
Start here if the reader needs one place for spending, net worth, investing, and crypto.
For investors
Use this when the real job is portfolio visibility, tax workflow, and all-account context.
Track everything
Best fit when the pain is scattered accounts across banks, brokerages, exchanges, and wallets.
Net worth tracker
Route readers here when they care most about net worth, allocation, and portfolio visibility.
Spending tracker
Route readers here when they need transaction visibility, recurring charges, and cash-flow control.
Security and trust
Review how Clarity protects your data
Architecture controls, incident response, and technical implementation details.
Next best pages
Graph: 0 outgoing / 2 incoming
blog · implemented-by · 92%
57 Tools in One Chat: Everything Clarity's AI Can Do
Clarity's AI assistant has 57 tools — from spending breakdowns and market quotes to ML forecasting and PDF exports. Here's every category of tool, what it does, and real prompts to try.
blog · implemented-by · 92%
AI Financial Assistant: How Clarity's Chat Works
How Clarity's AI assistant uses GPT-4o (called directly via the OpenAI API) and 13 specialized tools to answer questions about your real financial data — with the privacy posture spelled out end-to-end.
engineering · implemented-by · 87%
How AI Chat Routes to OpenAI in Clarity
Every Clarity AI chat is sent directly to OpenAI — no intermediate gateway. Here is what that means for latency, the data path, and your privacy posture.
learn · explains · 75%
Automated Budgeting vs Manual Categorization
Manual budgeting apps force you to categorize every transaction. In 2026, AI can do it better, faster, and more consistently.
learn · explains · 75%
Best Crypto Portfolio Tracker in 2026
Compare crypto portfolio tracking tools and learn how to monitor exchanges, wallets, and DeFi positions in one workflow.