alphalist Blog

The Weakest Link in the Chain - Privacy Engineering


Jean-Denis Greze is the CTO at Plaid; a U.S.-based financial services company considered a unicorn in the FinTech space. He is a computer science graduate who worked in the tech-world during the first internet bubble before deciding to change career paths and study law. How did he end up in the fintech industry?

Table of Contents

In this podcast, Jean-Denis, the former director of engineering at Dropbox, talks to Tobias about his career journey, including working at Dropbox and later joining Plaid. 

They also discuss why privacy engineering is important, how Plaid handles thousands of connections to banking institutions, his take on Defi and blockchain, among other things.

Jean-Denis Greze has a computer science background, though he did switch careers in his mid-twenties, choosing instead to study law. He practiced law for a year before quitting, only to end up going to the very thing he had left in the first place.

After his law rendezvous, Jean-Denis found his way into the hedge fund and banking space, working as a software engineer. He would later move to Silicon Valley, where he worked at Dropbox.

Initially, Jean-Denis was just an individual contributor in the tech space. However, he says that over time, something changed, and he found himself falling in love with management as he gravitated towards becoming head of engineering and the CTO.

After leaving Dropbox, he joined the banking space, becoming the head of engineering at Plaid.

Plaid’s Secret Sauce

Plaid provides the tools and access needed for the development of a fully modern, digitally-enabled financial system. It makes it easier for developers to build innovative financial apps and services. The technology platform connects with over 10,000 financial institutions across Europe, the U.S., and Canada. 

What’s Plaid’s secret sauce? Jean-Denis lists two things: The first thing is to have the necessary tools to integrate with an API and easily connect with banks.

“So if you integrate with an API, you get data back, you've got to parse it (and) clean it,” Jean-Denis tells Tobi. “So we just made the job of doing that really, really fast so that we can do it over and over again.”

The second thing is how well the company has designed its API. As Jean-Denis puts it, “It's not about engineering in terms of scalability or what language you use. I think it's just about taste, and it's about caring about API design.”

Jean-Denis is quick to point out that Plaid is not a bank.

“We're not a bank. We don't actually touch the money. We just allow you to share the data. So, if you're a lender, you need to then make a loan on top of the data that we send. If you're going to move money around, we give you information that says the bank account number, the routing number, balance info, fraud signal that tells you we think it's a legit connection, and then you as the end app, you'll use someone else—sometimes Stripe, or sometimes another banking partner—to actually move the money around.” 

“We're really about the free exchange of the data on behalf of the consumer. The consumer allows us on their behalf to share data.”

Jean-Denis goes into great detail about the workings of Plaid and how the platform works with banks, including small community banks, to create secure and efficient experiences for bank customers. 

The Weakest Link in the Chain

In the podcast, Tobi also engages Jean-Denis on privacy engineering, a conversation that Jean-Denis is delighted to have. He compares it to how bridges were being built before the 21st century. Unlike today, there were very few professionals back in the day to build bridges, and humans didn’t let many bridges get destroyed before finding new professionals who could repair them.

Today, civil engineers build bridges following standards and practices that ensure the bridges are safe. Today’s fast bridge-building technologies borrow from the knowledge accrued over thousands of years. Jean-Denis feels that in the field of privacy engineering, such knowledge and data that would form the basis of norms and standards does not exist; we’re at the very initial stages of figuring out what privacy means.

From a consumer’s perspective, Jean-Denis thinks that there should be principles that govern our data privacy.

“For me, the important thing is: You've got transparency, you've got control, (and) you gotta have some way to make sure the privacy lives in the entire ecosystem.”

To him, the question of privacy is not just about what you do with data. 

“It's (also) about the chain. It's about what everybody does on the chain. Because privacy is only as strong as the weakest link in the chain.”

“If you have, if you're an ad tech sharing data and there's someone in the middle of that chain that decides to willingly share the data with anybody who wants it for a dollar, then you (have) no privacy.”

According to Jean-Denis, the traditional approach to privacy—where companies have no privacy enforcement internally and only think about it when they’re about to release a product—is falling short in today’s business setup. He recommends a “full privacy” approach where all internal systems take a privacy-first posture even when there’s no product being launched. But Jean-Denis admits that when it comes to internal privacy best practices, “we're still a little bit in the dark ages.”

Leave Your Phone at Home and Go for a Walk

Tobi also asks Jean-Denis Greze about his learning method and how he remains up to date. 

“I have some weird philosophies that I don't think are true, but I believe them (because it’s what) works for me,” Jean-Denis responds, following a long pause. 

“The way I learn about what's important for my job in tech actually is to talk to other CTOs and VPs of engineering about what they're doing, what technologies they're using, and what problems they're solving.” This, he says, is a very effective way of getting useful information. 

His recommendations for developing great ideas for both work and personal life?

“(If) you really want to make a difference in your life, this is what you do: You take your phone, and you leave it on your desk, and then you get up, and you take a piece of paper, and you take a pen, and you go walk outside for one hour, and you just walk, and you think about things. And then as you think about things, you write them on the piece of paper.”

Tobias Schlottke

Tobias Schlottke


Tobias Schlottke is the founder of alphalist, a community dedicated to CTOs, and the host of the alphalist CTO podcast. Currently serving as the CTO of, he brings extensive experience in technology leadership. Previously, Tobias was the Founding CTO of OMR, notable for hosting Germany's largest marketing conference. He also founded the adtech lab (acquired by Zalando) and the performance marketing company adyard, which was sold to Ligatus/Gruner + Jahr in 2010.