BECTRAN, INC.

Plaid Terms of Use

Last Updated: February 18, 2025
1. Restrictions. Unless Plaid specifically agrees otherwise in writing, End Client will not, and will not enable or assist any third-party to: (i) attempt to reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Plaid services described at https://www.plaid.com (“Plaid Services”); (ii) modify, translate, or create derivative works based on the Plaid Services; (iii) make the Plaid Services or information and data of End Client’s end users (“End Users”) provided to End Client via the Plaid Services (such information and data, the “Plaid-Provided Data”) or any derivative work thereof available to, or use the Plaid Services or Plaid-Provided Data (or any derivative work thereof) for the benefit of, anyone other than End Client or End Users; (iv) sell, resell, license, sublicense, distribute, rent, or lease any Plaid Services or Plaid-Provided Data (or any derivative work thereof) to any third-party, or include any Plaid Services or Plaid-Provided Data (or any derivative work thereof) in a service bureau, time-sharing, or equivalent offering; (v) publicly disseminate information from any source regarding the performance of the Plaid Services or Plaid-Provided Data; or (vi) attempt to create a substitute or similar service through use of, or access to, the Plaid Services or Plaid- Provided Data. End Client will use the Plaid Services and Plaid-Provided Data only in compliance with: (a) the End Client application, use case, and other restrictions agreed between Plaid and Partner; (b) the Plaid developer policies (available at https://www.plaid.com/legal); (c) Plaid’s applicable technical user documentation (available at https://www.plaid.com/docs); and (d) any agreements between End Client and End Users (for clarity, including any privacy policy or statement). Notwithstanding anything to the contrary, as between Plaid and End Client, End Client accepts and assumes all responsibility for complying with all applicable laws and regulations in connection with End Client’s activities involving any Plaid Services, Plaid-Provided Data, or End User data. End Client acknowledges and agrees that: (I) Plaid is neither a “consumer reporting agency” nor a “furnisher” of information to consumer reporting agencies under the Fair Credit Reporting Act (“FCRA”); and (II) the Plaid-Provided Data is not a “consumer report” under the FCRA. End Client represents and warrants that it will not, and will not permit or enable any third party to, use the Plaid Services (including Plaid-Provided Data) as a or as part of a “consumer report” as that term is defined in the FCRA, or otherwise use the Plaid Services (including Plaid-Provided Data) such that the Plaid Services (including Plaid-Provided Data) would be deemed “consumer reports” under the FCRA. Notwithstanding anything to the contrary, End Client will be bound by, and will only use the Plaid Services and Plaid-Provided Data in compliance with, the terms and conditions set forth in this agreement.
2. Secondary Investors. Subject to this Section 2 (Secondary Investors), End Client may request that Plaid or Partner disclose Plaid-Provided Data or a Partner product or service including or incorporating Plaid-Provided Data (collectively, the “Shared Data”) to End Client’s Secondary Investors. “Secondary Investor” means a third-party investor or purchaser of a financial product originated by End Client and provided to an End User (e.g., a loan), with which investor or purchaser Plaid maintains a separate technical integration.
(i) End Client represents and warrants to Plaid that, before disclosure of Shared Data to any Secondary Investor, End Client will provide and obtain all required (including under applicable law)notices and consents from the applicable End User with respect to disclosure of Shared Data to such Secondary Investor by Plaid or Partner.

(ii) Notwithstanding anything to the contrary: (a) as between Plaid and End Client, solely End Client is responsible for its relationships with Secondary Investors and with Partner, including any related billing matters, technical support, or disputes; (b) End Client will enter into legally binding written agreements with each Secondary Investor that are consistent with this Section 2 (Secondary Investors) and all applicable terms and conditions of this Exhibit A (End Client Flow Down Terms), including Section 1 (Restrictions); and (c) as between Plaid and End Client, End Client will remain responsible for the Secondary Investors’ compliance with all of the terms and conditions of this Exhibit A (End Client Flow Down Terms) (including terms relating to use of Plaid-Provided Data or Shared Data).

(iii) As between Plaid and End Client, End Client will be fully liable for: (a) any breach by End Client of this Section 2 (Secondary Investors); (b) any acts or omissions of Secondary Investors; and (c) any dispute arising among End Client, Partner, Secondary Investors, and/or End Users relating to the disclosure or use of Shared Data as contemplated in this Section 2 (Secondary Investors).
3. Privacy and Authorizations. Before any End User engages with Partner products or services which include, are derived from, or incorporate the Plaid Services, End Client warrants and will ensure that it provides all notices and obtains all consents required under applicable law to enable Plaid to process End User data in accordance with Plaid’s privacy policy (currently available at https://www.plaid.com/privacy). End Client will not: (i) make representations or other statements with respect to End User data that are contrary to or otherwise inconsistent with Plaid’s privacy policy; or (ii) interfere with any independent efforts by Plaid to provide End User notice or obtain End User consent.

4. DISCLAIMER; ENFORCEMENT. THE PLAID SERVICES, PLAID-PROVIDED DATA, AND ANY OTHER INFORMATION, SOFTWARE, PRODUCTS, SERVICES AND MATERIALS PROVIDED BY PLAID IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS IS.” TO THE FULLEST EXTENT PERMITTED BY LAW, NEITHER PLAID NOR ITS AFFILIATES, SUPPLIERS, LICENSORS, OR DISTRIBUTORS MAKE ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR ANY WARRANTY THAT THE SERVICES ARE FREE FROM DEFECTS. WITHOUT LIMITING THE FOREGOING IN THIS SECTION 4 (DISCLAIMER; ENFORCEMENT), NEITHER PLAID NOR ITS AFFILIATES, SUPPLIERS, LICENSORS, OR DISTRIBUTORS MAKE ANY REPRESENTATION OR WARRANTY AS TO THE PLAID-PROVIDED DATA THAT MAY BE OBTAINED FROM USE OF THE PLAID SERVICES OR THAT ANY PLAID SERVICES WILL BE UNINTERRUPTED, OR THAT ANY DATA PROVIDED BY OR THROUGH ANY PLAID SERVICES WILL BE TIMELY, ACCURATE, OR COMPLETE. PLAID WILL BE AN INTENDED THIRD-PARTY BENEFICIARY OF THE AGREEMENT BETWEEN PARTNER AND END CLIENT AND MAY DIRECTLY ENFORCE SUCH AGREEMENT AGAINST END CLIENT, WITHOUT PARTNER’S CONSENT OR PARTICIPATION, BUT SOLELY RELATING TO THE PLAID-PROVIDED DATA (INCLUDING FI DATA) AND PLAID SERVICES THAT ARE PROVIDED BY PLAID TO PARTNER OR END CLIENT.
5. FI Data. Through the Partner Services or Plaid Services, End Client may have access to information about or of End Users provided to Plaid by a bank, financial institution, or other data source (each, as designated by Plaid, “FI”, and such information, the “FI Data”).
(i) End Client Obligations.
a. End User Consents. End Client will provide all notices to, and obtain all express consents from, each End User as required under applicable laws in connection with End Client’s use, storage, and other processing of any FI Data (such notices and consents, the “ExpressConsents”). Express Consents will: (A) be clear and conspicuous; (B) generally specify the categories of FI Data that End Client will receive and how End Client will use, store, and otherwise process FI Data; (C) be valid, enforceable, and expressly accepted by each EndUser; (D) identify any and all third parties or categories of third parties to whom End Client may provide FI Data for processing; (E) specify how End Users may exercise their right to revoke their Express Consent; and (F) include any other required disclosures under applicable laws.End Client will maintain records (which may include technical logs, screenshots, versions ofExpress Consents obtained) sufficient to demonstrate End Client’s compliance with thisSection 5(i)(a) (End User Consents) and will promptly provide such records to Plaid upon request.

b. Scope of Access. End Client will only access FI Data for which it has obtained ExpressConsents from the End User for the use case reviewed and permitted by Plaid in writing and consented to by the applicable End User (such use case, the “Permitted Use Case”). For clarity, key factors Plaid will consider during its review of a potential Permitted Use Case include whether the use case is appropriate and useful to provide the End User with the End Client application that the End User has enrolled in, whether the End Client application provides a direct benefit to the End User, whether the use case directly supports the development of new or improved product features for the benefit of End Users, and the jurisdiction(s) in which theEnd Client operates and/or stores FI Data. If End Client possesses FI Data that exceeds the scope of the End User’s Express Consents, End Client will use industry-standard means to permanently and securely delete (“Delete”) such FI Data; provided that End Client may retain such FI Data to the extent required by applicable laws. If End Client becomes aware that any data it receives from Plaid does not relate to the End User that End Client originally requestedFI Data for, End Client will promptly notify Plaid and will Delete such data.

c. Data Use. End Client will use, store and otherwise process FI Data solely in accordance with the End User’s Express Consents and applicable laws.

d. Data Disclosure. End Client will not disclose, transfer, syndicate or distribute FI Data to any third party (including its Permitted Service Providers) (“Data Sharing”) except in each case with the End User’s Express Consent and in accordance with applicable laws. Notwithstanding anything to the contrary, End Client will not sell FI Data.

e. Data Deletion. End Client will promptly Delete any FI Data upon request by the applicable EndUser; provided that End Client may retain copies of FI Data solely to the extent required by applicable laws.

f. No Attribution. End Client will not charge End Users any fees attributable to an FI for (a)access to its FI Data or (b) use of End User’s account with an FI in connection with the EndClient application. In addition, End Client will not suggest or imply a partnership, sponsorship, or other relationship with an FI based on End Client’s receipt of FI Data under the Partner-Client Agreement or this Section 5 (FI Data).

g. No Other Access. During the term of the Agreement, End Client will only access FI Data through the Plaid Services or another manner that uses the FI’s authorized APIs. End Client will not “screen scrape” data from FIs or collect an End User’s log-on credentials for FI accounts, and will not otherwise knowingly obtain from a third party FI Data that was originally sourced through screen scraping an FI. End Client will immediately Delete any such End User log-on credentials in its possession. End Client will maintain records to demonstrate compliance with this Section 5(i)(g) (No Other Access). For the avoidance of doubt, nothing in this Section 5(i)(g) (No Other Access) will prohibit End Client from engaging any third party to obtain services similar to the Plaid Services, provided that such third-party services enable EndClient's access to FI Data solely via the FI’s authorized APIs.

h. Compliance with Laws. End Client will comply with all applicable privacy, security, and other laws pertaining to FI Data. End Client will not use, store, disclose, or otherwise process any FIData for any purpose not permitted under applicable laws. For the avoidance of doubt, EndClient acknowledges that Section 1033 of the Dodd-Frank Act may include obligations on EndClient relating to processing, handling, and protecting FI Data. End Client will maintain a program designed to ensure compliance with applicable laws, including appropriately trainingEnd Client personnel.

i. Information Security Program. End Client will maintain a comprehensive written information security program approved by its senior management (“Infosec Program”). The Infosec Program will include administrative, technical and physical measures designed to: (a) ensure the security of FI Data, (b) protect against unauthorized access to or use of FI Data and anticipated threats and hazards to FI Data and (c) ensure the proper disposal of FI Data. The Infosec Program will be appropriate to End Client’s risk profile and activities, the nature of theEnd Client application, and the nature of the FI Data received by End Client. In any event, the Infosec Program will meet or exceed applicable control objectives captured in industry standards and best practices, such as AICPA Trust Service Criteria for Security, NIST 800-53, or ISO 27002, and will comply with applicable laws. End Client will use up-to-date antivirus software and anti-malware tools designed to prevent viruses, malware, and other malicious code in the End Client application or on End Client’s systems.

j. Security Breach Obligations. End Client will notify Plaid promptly (and in any event within twelve (12) hours) via an email to security@plaid.com, following End Client becoming aware of any Security Breach, providing a description of all known facts, the types of End Users affected, and any other information related to such Security Breach that Plaid may reasonably request. End Client will reasonably cooperate with Plaid in investigating and remediating Security Breaches. End Client will be responsible for the costs of investigating, mitigating, and remediating the Security Breach. “Security Breach” means any event that compromises theEnd Client application or End Client’s systems or that does or reasonably could compromise the security, integrity or confidentiality of FI Data or result in the unauthorized use, disclosure, or loss of FI Data.

k. FI Confidential Information. If Plaid discloses to End Client any confidential or proprietary materials of an FI pertaining to the provision of FI Data hereunder (such materials, “FIConfidential Information”), such materials will be subject to the same obligations that apply toPartner’s Confidential Information under the Partner-Client Agreement, which will in no event be less protective of such information than a reasonable standard of care. FI ConfidentialInformation will also be subject to the same obligations as FI Data under this Section 5(i) (EndClient Obligations). End Client will promptly Delete FI Confidential Information in its possession upon Plaid’s request and will provide a written certification regarding such Deletion.

l. Oversight and Cooperation. Toward assessing End Client’s material compliance with this Section 5 (FI Data), End Client will promptly provide all reasonably necessary information and cooperation requested by Plaid, an FI, or any entity with examination, supervision, or other legal or regulatory authority over Plaid or an FI. In the event that Plaid has a good faith reason to believe that End Client is not in material compliance with this Section 5 (FI Data), Plaid will notify End Client and, upon Plaid’s request, End Client will promptly provide sufficient documentation to demonstrate such material compliance. If the documentation provided byEnd Client in accordance with the immediately prior sentence is insufficient (in Plaid’s reasonable discretion) to demonstrate such material compliance, End Client will submit to a third-party audit by a firm selected by End Client from a list of audit firms reasonably approved by Plaid to verify such compliance. Plaid and FIs may also conduct technical or operational assessments of End Client, which will be subject to advance notice and will not occur more than once per year unless legally required and materially different in scope from a preceding audit.

m. Information Sharing. Where required by an FI or relevant to an End Client’s access or use of FI Data from that FI, Plaid may share with such FI certain information related to End Client’s compliance with this Section 5 (FI Data), including with respect to End Client’s Infosec Program.Plaid will use commercially reasonable efforts to require that such FI treat any such information in a confidential manner.

n. Insurance. End Client will maintain insurance coverage appropriate to End Client’s risk profile and activities, the nature of the End Client application, and the nature of the FI Data received by End Client; provided that such coverage will be no less than industry standard and will include cybersecurity liability insurance.

o. Access Frequency. The parties acknowledge that as of the effective date of the Partner-ClientAgreement, no guidelines regarding End Client’s frequency of “batch” pulls of FI Data (such guidelines, the “Guidelines”) apply to Plaid end clients. Notwithstanding the foregoing in this paragraph: (1) End Client will comply with any Guidelines provided in writing by Plaid (including via Partner); and (2) Plaid and Partner may enforce such Guidelines to the extent necessary in accordance with Plaid’s standard practices, which may include throttling, suspension or termination of End Client’s access.

p. End Client Marks License. End Client hereby grants to Plaid and each FI (and each of their third-party service providers) the non-exclusive and non-transferable right and license to useEnd Client’s trademarks and service marks solely in connection with consent management activities, including use associated with End User facing consent management portals operated by Plaid or an FI.
(ii) Suspension. Plaid may suspend End Client’s access to the Plaid Services or FI Data, in whole or in part, if Plaid determines or reasonably believes that: (a) End Client has breached this Section 5 (FI Data); (b) End Client’s use of the Plaid Services or FI Data will or has materially violated an agreement between Plaid and an applicable FI; (c) End Client’s use of the Plaid Services or FI Data will or does pose a risk of material harm, including material reputational harm, to End Users, an FI, or the Plaid Services. In addition, an FI may suspend the End Client’s access to FI Data with respect to such FI. Plaid will use commercially reasonable efforts to: (1) notify Partner prior to any suspension described in this paragraph; (2) discuss with Partner in good faith any such suspension; and (3) resume End Client’s access to the Plaid Services and FI Data as promptly as is practicable after the basis for such suspension is cured to Plaid’s (and, as applicable, the relevant FI’s) reasonable satisfaction.

(iii) Indemnity. End Client will indemnify, defend and hold harmless each FI, Plaid, and the affiliates of each of the foregoing from any claims, actions, suits, demands, losses, liabilities, damages (including taxes), costs, and expenses arising from or in connection with: (a) any Security Breach resulting in unauthorized disclosure of FI Data provided to End Client here under; or (b) End Client’s unauthorized or improper use of FI Data provided to End Client hereunder (including any unauthorized Data Sharing, transmission, access, display, storage, or loss). This Section 5(iii)(Indemnity) is not subject to any limitation of liabilities set forth in the Partner-Client Agreement. Each FI is a third-party beneficiary of this Section 5(iii) (Indemnity).

(iv) Modifications. End Client acknowledges that continued access to FI Data provided by certain FIs may necessitate modifications to this Section 5 (FI Data) pertaining to all applicable Plaid end clients. End Client will accept such modifications to continue accessing or using the Plaid Services with respect to such FIs. Plaid will use commercially reasonable efforts to notify Partner of the modifications and the effective date of such modifications. If End Client objects to the modifications, its exclusive remedy is to cease any and all access and use of the Plaid Services as it relates to the applicable FI(s). Continued access to or use of such Plaid Services after the effective date of such modifications to this Section 5 (FI Data) will constitute End Client’s acceptance of such modifications.

(v) Miscellaneous. In the event of a conflict with any other agreement or provision (including other provisions within the Partner-Client Agreement), the terms and conditions of this Section 5 (FI Data) will govern and prevail. Capitalized terms used in this Section 5 (FI Data) and not otherwise defined will have the meanings ascribed to them in the Agreement. All provisions of this Section 5 (FI Data)will remain in force in the event of the termination or expiration of this Section 5 (FI Data), the Agreement, or the Partner-Client Agreement.

Get Started Today.

Request a Demo
INDUSTRIES
  • Building Materials
  • Automotive Manufacturing
  • Food and Beverage
  • Infrastructure and Steel
SOLUTIONS
  • Risk Scoring
  • Fraud Suite
  • Document Management
  • Approval Automation
  • Automated Dunning
  • Claim Monitoring
COMPANY
  • About Us
  • Careers
  • Security
  • Pricing
  • Contact
RESOURCES
  • Events
  • Blogs
  • Podcast
  • News
TRUSTe
Contact Us
Contact Us
© 2010 - 2025 Bectran, Inc. All rights reserved