You mention that you use the Plaid API to get the transaction data. You might delete _your_ copy of the user's transactions, but won't the user's transactions still exist somewhere at Plaid?
It feels very dishonest to say that you delete the user's data, while handing it over to a third-party ...
Plaid is really just a centralized API layer for all the different bank accounts and bank systems which all have different specifications and data formats. Plaid just makes it easy for to get it in a clean JSON response. They don't store the transaction data themselves, they're just a middleman.
I work at a company that is one of Plaid's largest customers and have chatted with their engineers before at a meetup in San Francisco. They were very open that they store the data themselves, and even shared this blog post with me about how they poll for data: https://blog.plaid.com/distributed-duplicate-detective/.
For what it's worth, I actually like Plaid's API compared to Yodlee, but have serious concerns about privacy. There's no way to determine if they are _just_ collecting transactions when you request the user's transactions as a dev. The user is handing over their user/pass/MFA and Plaid could be doing god knows what with that.
