If I have to get a sales pitch to hear about their security audit, and they won't even publicly say who performed it, I can't help but see a red flag.

Lotta people are jumping in with both feet, and it's for darn sure understandable. But betting the farm...your private and sensitive data...on clusters of servers "somewhere" just crosses a lot of comfort zones.

How about stop calling people who ask about the security and privacy policies paranoid and tell the public how you've handled it. If you've seriously committed to it....you're not stealing their data and you are taking serious measures...I'll be you'll sell a lot more.

My 2 cents.