Stay Away!!!
Stay away, stay away (is that getting repetitive?)! I just uncovered four EXTREMELY large problems with this service.
Excerpt From Privacy Policy (1):
Personal Information
We obtain and retain personal information that you give to us and certain related transactional information that we collect based on your use of any password-protected areas of our site or from the use of our Services. The following is a list of the primary methods by which we collection personal information.
Registration Information. To use the password protected areas of our site or our Services, you must establish an account with us. During registration, you are required to provide certain contact information (such as name and email address).
Transaction Information. When you make a purchase, we may collect various kinds of billing information about you including your name, email address, credit card number, third party account number (such as PayPal), bank account number, home and business addresses, and home and business phone numbers. We also may collect purchasing information such as the order information, date, and transaction amount.
Another Excerpt From Privacy Policy (2):
SECURITY
The public portions of our site are not encrypted or password-protected. We do use commercially reasonable security measures to protect the loss, misuse, and alteration of the information under our control. You should be aware that we have no control over the security of other sites on the Internet you might visit, interact with, or from which you buy products or services. We cannot guarantee the protection of information against interception, misappropriation, misuse, or alteration or that your information may be not be disclosed or accessed by accidental circumstances or by the unauthorized acts of others.
Excerpt From AUP (3):
Your Responsibility
You are solely liable for any content you disclose or post to our site or sell using the Service. You agree to indemnify and hold us harmless from any claim, action, demand, loss, or damage (including attorneys' fees) made or incurred by any third-party arising out of or relating to your violation of this Policy.
And Reason Number Four (4):
WHOIS Information
Registrant:
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
What does this all mean?
1. The collect very personal and very sensitive information from you during your purchase. This information (although defined in Privacy Policy, is not STRICTLY compliant) could be shared to other parties with consent (consent, could be easily defined as "You consented by signing up" since "consent" is only defined by verbal, written, electronic, or through agreement with XROST).
2. Security of this information
IS NOT encrypted or secured. This means that any information obtained by them is NOT certified to be secure and they DO NOT provide assurance that your information is kept secure once on their system.
3. Ultimately, YOU (not Xrost) are responsible for anything given to Xrost and that you can "not" hold them liable if this information is intercepted (this is LEGALLY not true since US law states that confidential information obtained by a legal entity must protect that information).
4. The WHOIS information on their domain is registered to Domains by Proxy (Private Registration service provided by Godaddy). This, usually is not alarming since a lot of people do not want WHOIS information for their domains given out. However, for a "financial" company/service, this information should be made public.
Now that I think about it, there is a number five. As we all know, funds stored in Paypal (at least in the US) are FDIC insured (NON-US contries have different insurance agencies). Why would I want to send money from an FDIC insured transferring agency to a service (Xrost, Inc) who can't even tell me where they are incorporated or list a contact number if there are problems. Email is great and all, but not when it comes to someone's finances.