Your Finance App Is Selling Your Data. Here's What It Costs You.

A $58 million secret

In the summer of 2022, a company most Americans had never heard of quietly agreed to pay $58 million to settle a class-action lawsuit. The company was Plaid. The allegation was straightforward: Plaid had collected bank login credentials from approximately 98 million consumer accounts, stored them in its own systems, and used the data in ways those consumers never agreed to.

If you've ever used Venmo, Robinhood, Coinbase, Betterment, or virtually any fintech app that "connects" to your bank, you've used Plaid. Their login screen -- the one that looks like your bank's interface but isn't -- sat between you and your money. And while you thought you were logging into your bank, you were handing your credentials to a data intermediary that kept a copy.

Ninety-eight million accounts. That's not a rounding error. That's roughly one in three American adults.

The settlement got a few days of headlines, then disappeared. Most people never filed a claim. Most people still don't know it happened. And Plaid is still the default infrastructure powering the finance apps you use today.

The business model behind "free"

There's an old line in tech: if you're not paying for the product, you are the product. In personal finance, that axiom has teeth.

Consider the trajectory of Mint, once the most popular personal finance app in the United States. For over fifteen years, Mint offered free budgeting and net worth tracking to millions of users. It felt like a public service. In January 2024, Intuit shut Mint down, displacing an estimated 3.6 million active users. Their data -- a decade or more of transaction history, spending patterns, account balances, and financial goals -- was migrated to Credit Karma.

Credit Karma is not a financial planning tool. It's an advertising platform. It makes money by using your financial profile to serve you targeted offers for credit cards, loans, and insurance products. The more it knows about your spending, your debts, your income, and your credit score, the better it can match you with offers -- and the more it charges advertisers for the placement.

Mint's users weren't customers. They were inventory.

Even your bank is selling you

If third-party apps monetizing your data feels like a startup problem, here's a reminder that the institutions you trust most are doing the same thing.

In 2024, JPMorgan Chase launched Chase Media Solutions, a platform that lets advertisers target Chase customers based on their real purchase history. A retailer can now pay Chase to show ads specifically to people who have recently spent money at competing stores. Chase framed it as "personalized offers" for customers. What it actually is: your bank selling your spending behavior to the highest bidder.

Chase has roughly 80 million consumer accounts. That's 80 million people whose purchase data -- where they shop, what they buy, how much they spend -- is now a monetizable asset on their bank's balance sheet.

And Chase isn't alone. Capital One, American Express, and other major card issuers have built or are building similar advertising businesses. Your transaction history has become a revenue stream that doesn't require your explicit consent, because somewhere in the 80-page terms of service you agreed to when you opened your account, there's a clause that makes it legal.

What your financial data is actually worth

Data brokers -- companies whose entire business is buying, aggregating, and reselling personal information -- place a premium on financial data. Industry estimates peg the value of a single consumer's financial profile at $250 to over $1,000, depending on the completeness of the data.

That number might seem abstract. Here's what makes it concrete: Credit Karma generated $1.7 billion in revenue in 2023. Their product is free. Their 130 million members are the raw material. Do the math and each member's financial profile generated roughly $13 in annual advertising revenue -- and that's just one company, just from the ads they serve. The underlying data, when sold and resold across the broker ecosystem, is worth far more.

When you link your bank account to a finance app through Plaid or a similar aggregator, here's the data footprint you're creating:

A 2024 Duke University study found that data brokers openly advertise and sell sensitive financial data -- including information on people experiencing financial distress -- with minimal verification of who's buying it. The researchers were able to purchase detailed financial data on millions of Americans for as little as $0.12 per record.

Twelve cents. That's what your financial life is worth on the open market.

The Plaid problem

Plaid deserves its own section because it sits at the center of almost everything.

If you've ever connected a bank account to a finance app, you've probably used Plaid -- even if you didn't realize it. Plaid acts as the middleware between your bank and the app. They handle the connection and, in the process, get access to your raw financial data.

Here's the catch: Plaid doesn't just pass data through. They store it. They process it. And their business model depends on making that data useful beyond the original app you connected to.

Plaid's own privacy policy (updated 2024) states they may collect "account and routing numbers, transaction history, account balances, and identity information." They also note they may share data with service providers, business partners, and in connection with corporate transactions.

In January 2024, the CFPB proposed a rule under Section 1033 of the Dodd-Frank Act that would give consumers more control over their financial data and limit how aggregators like Plaid can retain and resell it. The rule is still being finalized, but the fact that federal regulators felt the need to step in tells you how far things had drifted.

I wrote a deeper piece on exactly why Steady Wealth doesn't use Plaid or any bank connections: Why Steady Wealth Never Asks for Your Bank Login. It's not a technical limitation -- it's a deliberate choice.

The Empower play

Empower, formerly Personal Capital, takes a different but equally revealing approach. The app is free and genuinely useful -- clean dashboards, investment tracking, retirement projections. But Empower's real business is wealth management. They use the financial data you provide through the app to identify potential clients for their advisory services.

Once you cross a certain net worth threshold, the outreach begins. Empower's advisors will call you, email you, and follow up persistently, because they know exactly how much money you have and where it's invested. Your "free" finance app has become a lead generation funnel, and you are the lead.

This isn't a secret. Empower is transparent about offering advisory services. But the dynamic is worth naming clearly: the reason the app is free is because your financial data is the qualifying information they need to sell you a paid service.

What a data breach actually costs you

The abstract risk of data exposure becomes very concrete when a breach happens. The average cost of identity theft to an individual victim is $1,551 in direct losses, according to the FTC, with many cases involving months of recovery time -- freezing credit, disputing fraudulent accounts, filing police reports, rebuilding your financial identity.

Financial data breaches are not hypothetical:

• First American Financial exposed 885 million records of bank account numbers, mortgage details, and Social Security numbers
• Equifax compromised the personal financial data of 147 million people
• Capital One lost data on over 100 million credit card applications

Every additional system that stores your financial data is another potential point of failure. When you link your bank account through an aggregator, you go from trusting one institution (your bank) to trusting three: your bank, the aggregator, and the app. Each has its own security practices, its own employees with data access, its own risk of breach.

There's a simpler model

The entire premise of automated bank connections rests on an assumption that rarely gets examined: that the convenience of auto-syncing is worth the privacy trade-off.

But what if you step back and ask what you actually need?

To track your net worth, you need to know your account balances. That's it. You don't need a third party to scrape your transaction history. You don't need an aggregator storing your credentials. You don't need your spending patterns feeding an advertising engine.

You can look at your bank balance, your brokerage balance, your mortgage balance -- information you already have -- and enter those numbers yourself. The entire process takes about five minutes. Once a month, once a week, whenever you want.

This is the approach I took with Steady Wealth. No bank connections. No Plaid. No aggregators. You enter your own numbers, or upload a screenshot that gets processed and discarded. Your bank credentials never leave your bank. Steady Wealth never sees them, never stores them, never routes them through anyone.

The five minutes it takes to enter your own numbers is the price of keeping your financial data out of the aggregator-broker-advertiser pipeline. It's a price that buys you something no terms-of-service update can take away: control over who knows what about your money.

Budgeting apps are the worst offenders

Budgeting apps require the most granular data. To categorize your spending, they need every single transaction. That means they know more about your daily life than almost any other app on your phone.

There's also a deeper question about whether transaction-level budgeting even works for most people. I made the case that net worth tracking is more effective than budgeting for long-term wealth building -- and it happens to require dramatically less personal data.

When you focus on net worth, you're tracking the signal (did my wealth go up or down?) instead of the noise (did I spend $4.50 or $5.00 on coffee on Tuesday?). The tracking effect -- the behavioral change that comes from simply observing your numbers -- doesn't require transaction-level surveillance to work.

What a privacy-first approach actually looks like

Not all finance tools are equal. Here's what to look for:

Green flags:

• No bank account connections required
• Clear, readable privacy policy
• Revenue comes from subscriptions (you pay with money, not data)
• Data stored is minimal (balances, not transactions)
• No third-party data sharing for advertising
• You can export and delete your data anytime

Red flags:

• "Free" with no clear revenue model
• Requires bank login credentials
• Uses Plaid or similar aggregators
• Shows "personalized" financial product recommendations
• Privacy policy mentions sharing with "partners" or "affiliates"
• Makes it hard to delete your account or data

The bottom line

Every time you connect a bank account to a free app, you're making a trade. You get convenience. They get a detailed map of your financial life -- one they can monetize for years, across companies you've never heard of, in ways their privacy policy technically allows but practically obscures.

Manual net worth tracking isn't just a different method. It's a different philosophy. You own your data because you never gave it away in the first place.

The ten minutes it takes to update your balances each month isn't a limitation. It's the feature that keeps your financial life yours.

Your data is worth more than twelve cents. Start treating it that way.