[harrisonmgordon]

Thanks!

We use Plaid as our bank connection API. We actually never see your bank account, so we can't store it.

We also use Stripe for cc processing, and similarly do not store credentials, instead opting for Stripe to do it for us.

[slg]

I may be overly critical here, but I don't think it is completely right to say in your FAQ that you don't store credentials "which means your sensitive information is safe and secure!" Sure, you don't store them. However you still ask for them and then have someone else store them on your behalf. That still leaves end users vulnerable to the exact same problems. The user could still experience issues specifically because they used your service. They wouldn't really care who is actually responsible if that were to happen, only that it was caused by using Give A Dime.

You are responsible for your partners. Saying you won't do something isn't completely honest if you turn around and outsource that exact same activity to a partner.

[deegles]

How would you phrase it?

[slg]

I'm not sure on the exact phrasing. It can either mention Plaid by name or some complementary descriptor about "banking level security". It just shouldn't say credentials aren't being stored when they are being stored by a partner.

[harrisonmgordon]

That's really great feedback - I will update our FAQ to clearly state where the data is going and some basic information on the security protocol.

[balls187]

I would think how you message this. What others and I picked up on is appropriate for this level of discourse (HN), but something that is likely not going to make sense to your core customers.

Are customers that buy from companies that integrate with Stripe aware that it is Stripe that stores credit card information when prompted? I don't know if the average person can make that abstraction.

[slg]

Good to hear. Clarity is really the most important part.

[balls187]

Gotcha, so the bank credentials are passed through to Plaid, which issues an access token, which can be used to re-authenticate and obtain new data.

[harrisonmgordon]

Exactly!

[toomuchtodo]

Very nicely done. The only thing you might want to do is get on Stripe's ACH beta, and use an ACH for the transaction (saving the CC fees).

[harrisonmgordon]

I emailed stripe 2 days ago for access :)