[Bjartr]

First, I don't think this is usually what is meant when someone is claiming an entity is selling data. My normal interpretation would be that if a company is "selling my data" then they are selling that data to parties I have zero contact or reason to think they would have my data.

I understand what you're saying, but I think it would be less confusing to keep the idea I described above and what Plaid is doing (AFAIU) distinct.

More specifically I understand it as: If I engage with some entity/company/developer and give them the permission and secrets necessary to access my account, they can pay Plaid to make use of them on my behalf in the process of doing whatever it is I gave them that access for.

This activity is, and always has been to me, completely distinct from the activity of "selling my data", although it could result in the one I authorized to access my data through Plaid turning around and selling my data.