On the security front, they need to clarify one large point: who has the keys to that encrypted data on the server?
It's great that they protect the data in transit and store it encrypted on their servers, but if the data is being encrypted by the server, and can be decrypted by the server, it's not really protected. Unfortunately, doing encryption at the server would allow them to make use of single instance storage and compression, which greatly reduces their data footprint and I'm guessing if the data was protected by the a client-owned key, they would have made mention of that along with their other security specifications since it is a big plus and would easily be a feature worth calling out.
It's great that they protect the data in transit and store it encrypted on their servers, but if the data is being encrypted by the server, and can be decrypted by the server, it's not really protected. Unfortunately, doing encryption at the server would allow them to make use of single instance storage and compression, which greatly reduces their data footprint and I'm guessing if the data was protected by the a client-owned key, they would have made mention of that along with their other security specifications since it is a big plus and would easily be a feature worth calling out.