Who's Exchanging Information

Three parties take part in every discovery request, and each one has a different concern to resolve before financial information changes hands.

The Attorney Needs a Complete Record

In lieu of a formal Subpoena Duces Tecum, the attorney sends a secure, one-time invite link asking the client to share their financial account statements and transaction history. The attorney's real concern isn't the request itself - it's completeness. It's easy to overlook an account the client rarely mentions, or to end up with a gap of a month or two in the statements. A discovery record is only as good as what it includes.

AttorneyEvery account. Every month.Checking — Bank ABrokerage — Bank BAnother account? Easy to overlook.A month or two of statements missing?A complete request removes the guesswork.
The attorney's worry: an overlooked account, or a missing month or two of statements.

The Client Stays in Control

When the client receives that request, they need a straightforward way to respond - grant access to the requesting attorney, and just as easily revoke it later. Nothing about the grant is permanent or one-directional.

Attorneyrequests financial recordsClientGrant AccessRevoke AccessThe client can switch between these at any time.Either choice applies immediately to the attorney's access.
The client's answer: grant access, or revoke it - either way, at any time.

The Institution Verifies Before It Shares

The financial institution wants to honor its client's wishes, but it can't take a request at face value. Before any data moves, the institution confirms that the party asking for it is the one the client actually authorized - not merely someone who claims to be.

AttorneyHas the client'saccess tokenAnyone elseNo valid tokenVerifies the token matchesthe client's authorizationauthorizedFinancial InstitutionWants to honor the client's wishesData only moves once the institution confirms the requester is who theclient actually authorized — not just someone who asked.
The institution's condition: only a verified, client-authorized token unlocks the data.

Put together, these three concerns are what the access-token system resolves: the attorney gets a request built for completeness, the client keeps a revocable grant, and the institution never releases records without verifying the client's authorization first.

Plaid is the financial data network that makes this possible - it connects banks, brokerages, and fintech apps under a shared set of agreements and APIs. See who uses Plaid on Plaid's own site.