We all let certain things slide. I still use gmail. What can I say. But it’s important to remind oneself that their are better standards to have and to move closer to them.
For example some of mine include
- It is 3rd party audited, or auditable?
- They publish their source code.
- They clearly define how data is secured
- in transit
- at rest
- during use
- They take only what they explicitly ask to take
- They keep that information only as long as is needful to serve my purposes.