Security for SmartLinks

I use TaxCaddy with my tax preparer and I would like to use SmartLinks to pull in outside financial information.  However, there is not sufficient information on the security of this service.  I'm presuming you are using a financial aggregator such as Plaid, MX, Finicity, Yodlee, etc.  Can you please share the aggregator you are using and the safeguards taken?

Also - unless the underlying financial institution specifically has separate credentials that is read-only, I don't understand what you mean by your SmartLinks being read-only. If TaxCaddy (or your aggregation provider) has login credentials that match mine, then you will be able to write or cause actions (transfers, trades, etc.) using my login credentials.... just saying you've coded your system not to do that doesn't mean it's read only.

Lastly, I read the security assessment from Symosis and it doesn't actually say what you've done to secure the system and information, so unfortunately that isn't helpful either (and there is almost no info on Symosis on the web... and you cite C-Level Security as an assessor, but they have an outdated certificate on their site so that is not comforting either).

Please let us know the exactly how my info will be secured (and if you use an outside aggregator, please let us know who that is because our data passes through them too).  Thank you kindly