It's not excellent. Nothing about data security, encryption at rest, and a whole load of things that would be covered by GDPR (yes the service is registered in Canada, but GDPR standards should be the benchmark now for what is considered acceptable for anything).
This is an intriguing idea as a concept but feels like it isn't a sufficient focus. The privacy page hasn't been updated in 18 months either, yet the release notes mention encryption at rest (with very little detail) being added in October 16.
If you have users in the EU/EEA then you _will_ have to comply, or risk a fine of up to €20,000,000 or 4% of your _global_ turnover (whichever is larger).
This is an intriguing idea as a concept but feels like it isn't a sufficient focus. The privacy page hasn't been updated in 18 months either, yet the release notes mention encryption at rest (with very little detail) being added in October 16.