We're totally aware that we need to be a lot more explicit and include more information on our site about the product / processes / security stuff. We've been working on this for a while now, but kind of rushed the launch due to the recent press over the NSA stuff -- we figured it was better to launch early than delay.
We're actively working on answering all those questions, and will be including a page which covers all the security aspects fully in the next week-ish.
We're 100% dedicated to making this work for our users (and ourselves), and providing real security for people.
While it's probably good to answer these questions eventually for your clientèle, don't worry about an early or rushed launch. As Reid Hoffman said, "If you're not embarrassed by the first version of your product, you've launched too late."
How are you planning on proving that no records are kept? I'm currently engaged in a project that takes privacy very seriously and that also makes that very promise (amongst others). I would be very interested in hearing about your approach.
A huge pile of escrowed cash, held against any release of records (inadvertent or otherwise), does seem to be a way of moving some of that trust around.
The only way I could think to do it would be to have it process the transaction in memory and never store the data at all. Make the running code open source, and make it hashable in some way so that when you visit the site, you could tell if the current running version is the same as the one in the code repository.
We're totally aware that we need to be a lot more explicit and include more information on our site about the product / processes / security stuff. We've been working on this for a while now, but kind of rushed the launch due to the recent press over the NSA stuff -- we figured it was better to launch early than delay.
We're actively working on answering all those questions, and will be including a page which covers all the security aspects fully in the next week-ish.
We're 100% dedicated to making this work for our users (and ourselves), and providing real security for people.