Why Steady Wealth Never Asks for Your Bank Login

The industry standard is broken

Open any net worth tracking app today: Mint, Empower (formerly Personal Capital), Monarch, Copilot, YNAB. The first thing every single one asks you to do is connect your bank account.

They make it sound harmless. "Securely connect your accounts." "Bank-level encryption." "Read-only access."

But what's actually happening is more complicated and a lot less comfortable when you look closely.

What Plaid actually does

Nearly all of these apps use a service called Plaid to connect to your bank. Here's how it works:

1. You enter your bank username and password into Plaid's interface
2. Plaid logs into your bank on your behalf
3. Plaid scrapes your account data (balances, transactions, sometimes more)
4. Plaid sends that data to the app you're using
5. Plaid also keeps a copy

That last part is the one nobody talks about: Plaid maintains its own database of your financial information and uses it to build profiles, sell analytics, and power other products.

In 2022, Plaid paid $58 million to settle a class action lawsuit alleging they collected more data than users agreed to share, stored it longer than necessary, and used it for purposes beyond what was disclosed.

"Read-only" doesn't mean "private"

Apps love to say they only have "read-only" access to your accounts. That's true in the sense that they can't move money. But read-only access to your financial accounts still means a third party can see:

• Every account balance
• Every transaction
• Your account numbers
• Your spending patterns
• Where you bank
• How much you earn

All of that data flows through Plaid's servers, gets stored in their database, and then lands in the app's database. That's at least two additional copies of your most sensitive financial data sitting on servers you don't control.

Data breaches are not hypothetical

This isn't theoretical; financial data breaches happen regularly:

• Empower (Personal Capital) experienced a data breach in 2024
• Plaid settled its data harvesting lawsuit for $58M
• Mint was shut down in 2024 after years of security concerns
• Credit Karma monetizes user financial data for over $2.3 billion per year

When you link your accounts through an aggregator, you're expanding your attack surface. Instead of just protecting your bank login, you now have to trust that Plaid is secure, that the app is secure, and that neither company will misuse your data, which is a lot of trust.

Why Steady Wealth works differently

I started with a simple question: what do you actually need to track your net worth?

The answer is simple: account names and balances.

You don't need transaction history, you don't need to route credentials through a third party, and you don't need an aggregator sitting between you and your bank.

So I built a tool where you enter your balances yourself. It takes about five minutes once a month. Your bank credentials never leave your bank. Steady Wealth never sees them, never stores them, and never routes them through anyone else.

What happens in a worst-case breach

Let's say the worst happens and someone breaches Steady Wealth's database. What do they get?

• A name you chose (it's never verified)
• An email address
• Encrypted account balances

No bank credentials, no transaction history, no SSN, no account numbers. Nothing that could be used for identity theft or connected to your actual bank accounts.

Compare that to a breach of a Plaid-connected service, where an attacker might get access to your bank credentials, full transaction history, and real identity information.

Privacy as architecture

This isn't a toggle you can switch on — it's how the product is built. Steady Wealth couldn't access your bank accounts even if it tried, because it never asks for the credentials in the first place.

This same approach extends to investment portfolio analysis, where you can get a full sector breakdown without linking your brokerage.

A few minutes a month is the entire cost of keeping your financial data private.