We did write something very similar: “Mighty does three things to protect your data: your data lives on our secure servers that are audited by 3rd party security firms, it has tight control in terms of who can access it, access is heavily audited and logged, and your most sensitive data is also encrypted.”
Can we do better? Sure and we will. I am really committed to that as a security conscious person.
I can't help but ask: As a security conscious person, how can you justify creating the service? You'll have the data and access of everything your customer does online, which for your target audience is everything your customer does on a computer. For the individual customer this is worse than Google, Facebook, Twitter combined. Also, you'll have an effective backdoor into every two-factor authentication, be it online banking, valuable Twitter accounts or AWS admins. There are massive monetary and political incentives to hack or infiltrate your service. Given your scale, you can't have comparable security measures to the big players. And given your location (US) you'll eventually receive national security letters forcing you to secretly sip off anything secret services or law enforcement wants you to.
Can we do better? Sure and we will. I am really committed to that as a security conscious person.