Civil Rule 26 .Com does not warehouse invitees' financial data. The records themselves stay
with the financial institutions that issued them, and only move as far as a signed
authorization allows.
Financial institutions hold the data. Every account statement and transaction lives with
the bank, credit union, or brokerage that issued it, wherever in the world that institution is
located.
Plaid aggregates it under formal agreements. The data broker Plaid has formal agreements
with financial institutions worldwide and pulls authorized records into one place on the invitee's
behalf.
Financial institutions are the only party with login credentials. The invitee's username
and password are entered only at their institution's own login page. Plaid, the attorney, and
Civil Rule 26 .Com never see them.
Invitees create the token; Plaid manages it. When an invitee grants access, they create
an access token that Plaid holds and manages, scoped to a specific attorney.
The attorney gets data from Plaid, and only from Plaid. The attorney uses that token to
retrieve the authorized records directly from Plaid, and does not share that data with anyone
else.
All financial data resides at the financial institution that issued it.The invitee's credentials and approval flow from the financial institution to Plaid, which
issues the attorney an access token.The attorney uses that token to view financial information Plaid aggregates and holds.
Plaid is the financial data network that makes this possible - it connects banks, brokerages,
and fintech apps under a shared set of agreements and APIs. See who uses Plaid on Plaid's own site.