Many innovative financial platforms and apps use financial data aggregators like Plaid and Envestnet | Yodlee to connect customers to their banking data. These providers maintain secure connections to thousands of US-based banks so that companies like Stessa can focus on building powerful services to help you manage and understand your data. When you connect your financial accounts to Stessa, it's Yodlee and Plaid that do the heavy lifting in the background.
This fact sheet addresses common questions investors have about how Stessa establishes and maintains data connections to banks, credit card issuers, and lenders.
Plaid & Yodlee are Industry Leaders
Familiar names like Intuit, Acorns, Betterment, Expensify, Wave, and Venmo, along with most of the top US banks, lenders, and investment advisors have relationships with Plaid and/or Yodlee. Millions of consumers across thousands of tech platforms, including Stessa, now trust these two data aggregators to access their financial data safely and securely.
All Connections are Read-Only
Secure banking connections made through the Stessa platform are always a one-way street. No one (including you) has the ability to create an actual transaction, move funds, or otherwise alter your banking settings through the Stessa platform. Once connected, Stessa will only import transactions, which can then be edited and changed in the Stessa transactions ledger. Stessa will also report the current account balance for reference.
Any changes or edits made in Stessa will of course not be reflected in your actual bank accounts. This is a critical safety and security feature that largely eliminates the incentive for someone to try to gain access to your banking data through Stessa.
Login Credentials Not Accessible
For enhanced safety and security, your login credentials are never stored on Stessa's servers. No one at Stessa can see your password. Instead, Yodlee and Plaid make the secure connection on your behalf and then deliver ongoing data feeds for as long as your credentials remain valid.
Sometimes the connections break, passwords, expire, and/or security questions change on the bank end of things. This can result in a broken connection and a requirement to update your login credentials in order to refresh transactions data. When this happens, we'll notify you via email and provide a link to restore your connection.
Plaid and Yodlee only allow data to be transmitted using strong TLS protocols and ciphers. Stessa communicates with these providers over encrypted tunnels and all connections require API key authentication, cryptographically hashed headers, and timestamps to verify authenticity. Both Plaid and Yodlee have extensive track records developing and maintaining industry-leading security protocols.
Third Party Reviews & Audits
Both Plaid and Yodlee subject themselves to frequent network penetration testing and third-party code reviews by independent auditors. These regular audits are conducted by financial institutions and federal regulators, and are an integral part of how both services maintain their security infrastructures with the highest integrity.
Compliance with Banking Standards
Finally, Plaid and Yodlee are in full compliance with the Bank Services Company Act and other relevant industry standards and federal regulations. This helps ensure that Stessa's bank linking process and real-time data imports keep up with best practices in data transmittal and security infrastructure.
Once you've connected your accounts, you may notice that new transactions won't always appear in your Stessa account immediately. This is because Stessa waits for transactions to officially "post" before importing them, which eliminates the need to reconcile previously imported data. This is consistent with Stessa's "one-way street" approach in which data is imported exactly once and then fully available for editing in Stessa.
You can expect your data to refresh multiple times per day and new transactions to appear within 6-12 hours once "posted" on the bank side.