Curl Budget
Privacy & Security

Bank Connection Security

Bank Connection Security

When you connect your bank to Curl Budget, security is paramount. We use Plaid, a trusted financial technology company, to securely connect to your accounts. This page explains how that security works.

How Plaid Works

The Connection Flow

When you connect a bank:

  1. You enter credentials directly into Plaid's secure interface
  2. Plaid authenticates with your bank
  3. Plaid securely transmits transaction data to Curl Budget
  4. Your credentials stay with Plaidβ€”never shared with us

Credential Handling

Your bank login is protected:

  • Entered in Plaid - Not in Curl Budget's interface
  • Stored by Plaid - Using bank-grade encryption
  • Never shared - Curl Budget never sees your password
  • Never stored by us - We can't access your credentials

Read-Only Access

Plaid connections are read-only:

What Plaid CAN DoWhat Plaid CANNOT Do
View transactionsTransfer money
View balancesMake payments
View account infoChange account settings
Identify accountsAccess other bank features

Even if our systems were compromised, attackers couldn't move your money.

Plaid's Security

Industry Trust

Plaid is trusted by:

  • Major banks (Chase, Bank of America, Wells Fargo, etc.)
  • Financial apps (Venmo, Coinbase, Robinhood, etc.)
  • Millions of users worldwide

Security Certifications

Plaid maintains:

  • SOC 2 Type II - Third-party security audit
  • ISO 27001 - Information security management
  • PCI DSS - Payment card industry compliance

Encryption

Plaid protects data with:

  • AES-256 encryption - Data at rest
  • TLS 1.2+ - Data in transit
  • Hardware Security Modules - Key protection

OAuth Banks

Many banks now use OAuth, an even more secure method:

How OAuth Works

  1. You're redirected to your bank's official app/website
  2. You log in directly with your bank
  3. You authorize Curl Budget specifically
  4. You return to Curl Budget connected

OAuth Benefits

  • Never share credentials - You log in directly with your bank
  • Bank-controlled - Your bank manages the authentication
  • Revocable - Cancel access anytime via your bank
  • More stable - Fewer connection issues

OAuth Banks

Major banks supporting OAuth include:

  • Chase
  • Bank of America
  • Wells Fargo
  • Capital One
  • Discover
  • And many more

Check if your bank uses OAuth during connection.

What Data Is Shared

With Curl Budget

We receive from Plaid:

  • Transaction history (date, amount, merchant, description)
  • Account balances (current, available)
  • Account info (name, type, last 4 digits)
  • Institution name

What We Don't Receive

We never get:

  • Your login credentials
  • Full account numbers
  • Routing numbers
  • Social Security number
  • Other personal banking info

Your Control

Viewing Connections

See what's connected:

  1. Go to Settings β†’ Accounts
  2. View all connected accounts
  3. See connection status

Disconnecting

Remove a connection anytime:

  1. Find the account
  2. Tap "Disconnect"
  3. Access is immediately revoked

Disconnecting:

  • Removes Plaid's access
  • Stops data sync
  • Doesn't delete history (you choose)

Managing via Plaid

You can also manage at my.plaid.com:

  • See all apps connected via Plaid
  • Revoke access from any app
  • View your Plaid data

Bank Notifications

You May See Alerts

Some banks notify you of connections:

  • "New application connected" email
  • In-app security notification
  • This is normal and expected

Verifying It's Legitimate

If concerned about a notification:

  1. Verify you just connected via Curl Budget
  2. Check the connected app name (should be Curl Budget or Plaid)
  3. If unfamiliar, revoke and contact us

Common Concerns

"Is it safe to enter my bank password?"

Yes, because:

  • You enter it in Plaid's secure interface, not ours
  • Plaid uses bank-grade security
  • Your password is encrypted immediately
  • We never see or store it

"Can Curl Budget access my money?"

No:

  • Read-only access only
  • No transfer or payment capability
  • Even Plaid's access is read-only
  • Your money is protected

"What if Plaid is hacked?"

Plaid has extensive security:

  • Multiple security certifications
  • Continuous monitoring
  • Dedicated security teams
  • If breached, they would notify affected users

Even in a breach, attackers couldn't move money (read-only access).

"Can I trust Plaid?"

Plaid is trusted by:

  • Thousands of financial apps
  • Major banks as a partner
  • Regulatory bodies
  • Millions of users

Their business depends on maintaining security.

Alternatives to Plaid

Apple Accounts

For Apple financial products:

Manual Accounts

If you prefer not to connect:

  • Create manual accounts
  • Enter transactions yourself
  • Full functionality, more effort

Troubleshooting Security Concerns

Unrecognized Connection

If you see an unfamiliar connection:

  1. Check if it's a legitimate Curl Budget connection
  2. Review the connection date
  3. Disconnect if unauthorized
  4. Change your bank password
  5. Contact us if concerned

Failed Security Verification

If your bank blocks the connection:

  • Your bank may have extra security
  • Try during business hours
  • Contact your bank about third-party access
  • Some banks require opt-in

Data Protection

How Curl Budget encrypts and protects your financial data.

Deleting Your Data

How to remove your data and delete your Curl Budget account.

On this page

Bank Connection SecurityHow Plaid WorksThe Connection FlowCredential HandlingRead-Only AccessPlaid's SecurityIndustry TrustSecurity CertificationsEncryptionOAuth BanksHow OAuth WorksOAuth BenefitsOAuth BanksWhat Data Is SharedWith Curl BudgetWhat We Don't ReceiveYour ControlViewing ConnectionsDisconnectingManaging via PlaidBank NotificationsYou May See AlertsVerifying It's LegitimateCommon Concerns"Is it safe to enter my bank password?""Can Curl Budget access my money?""What if Plaid is hacked?""Can I trust Plaid?"Alternatives to PlaidApple AccountsManual AccountsTroubleshooting Security ConcernsUnrecognized ConnectionFailed Security VerificationRelated Features