CK is also soft-pulling monthly my LexisNexis report.
3 Likes
It says right at the top of their page that they’re “part of the Mastercard family.” This is also mentioned in the very first response on your bogheleads link.
They have a Privacy Policy page which under CCPA says " We do not sell or “share” your Personal Information." The definition of “sell or share” is very broad under CCPA and it’s rare to see this, so this is pretty good privacy I’d say. Even though I agree with you generally and detest services like this or Plaid.
By the way, do they literally ask you to give the user name / password of your other account, or does it take you to a special API page of your financial insitution which then enables the linking? For example, last time I used Plaid to link my Chase account (to Wealthfront, I think), I was not providing my username or password to Plaid directly, I was logging in to a special subdomain on chase.com, which then asked me which accounts I wanted to share with Wealthfront via Plaid. After the link was successful, I was able to “remove 3rd party access” in my Chase account, but it remained usable on Wealthfront.
Residents of a few states that care more about their residents’ privacy, like CA, can stop them from selling or sharing. Residents of other states need to pester their state legislators or move 
.
This may or may not be accurate. I will provide an example but TBH I’m only about 90% sure it was Wealthfront and Chase, so just assume the two names are used as an example. Wealthfront uses Plaid to accomplish two seemingly separate actions at once: (1) enable optionally displaying my Chase account(s) (selected using checkboxes at the time of linkage) next to my Wealthfront accounts, and (2) to create the ACH link by obtaining the account number that I want to link (so I must select at least that one). I can disable the first feature in Wealthfront settings. Once disabled, it no longer accessed any info from Chase – Chase shows when the third party link (token?) was last used. Once I noticed that it wasn’t actually being used, I disabled the “third party sharing” from Chase. It didn’t affect the ACH link. So how it works and what effect it has depends on how Fidelity implemented it. I.e., when they say “your account link will be removed” maybe they mean you’ll no longer be able to see the balances in that account in your Net Worth view or whatever, but you might still be able to use ACH for transfers.
Have you seen your EWS report? It has all of this from all your major bank accounts and they never asked for your permission 
.
According to Finicity’s Privacy Policy I already mentioned, they don’t sell it. But you can probably also partially work around this if they allow you to select specific accounts for linking (as opposed to linking everything). You could compartmentalize by opening a brand new bank account just for this, and they’ll only see the money moved to or from Fidelity, not your paychecks or debit card transactions. Side note: I hope you don’t use debit cards!
Also this is Mastercard, so they know how much you spent on your credit cards and where you went on vacation already if you use a MC. Mastercard itself has multiple privacy and opt-out pages I gathered on my own privacy quest: https://www.mastercard.us/public/my-data/dgr-public/personal-data-request.html, https://www.mastercard.com/us/en/data-analytics-opt-out.html.
I’m just trying to help, I don’t know how I offended you. None was intended. As I said I don’t know how it works since I didn’t try this myself, just providing examples of how it works at other places.
I’m gonna repost what slappycakes deleted, since it might indeed be useful:
This is now the case for 80% of institutions you link. Plaid or others like it do not get your credentials, just a token provided by the Chase API. But for 20% of links, they’re still screen scraping your credentials and saving them encrypted (in transit and at rest). As far as I’ve read, it’s the mid-size regional banks that you should be concerned about for this.
But at least for Plaid, they do temporary store transaction data for fraud and to manage request loads (to basically only download new transactions instead of redownloading all your transactions from way back). Personally, I’ve created a Plaid portal account (Plaid portal account control) to view and delete account data when I no longer use an app using Plaid to link accounts.
I’m not sure whether Finicity has the same ability to view and control your data and connectivity. If they don’t that’s definitely would be a concern and a good reason to avoid them as aggregator IMO.
3 Likes