As someone who is developing a privacy-minded product like this myself, I've been mulling over how to establish trust with my users in this situation. Surely there must be a way to offer the convenience of hosting whilst still offering privacy peace of mind?

Having an open source version of the hosted product is not enough, because it is not verifiable that the open source version is what's being hosted. Privacy policies and terms of service don't appear to be enough either, because as we've seen, they are easily violated or vaguely worded.

What I've been considering is something that acts similarly to how service-level agreements function, where if the SLA is violated, the customer receives a refund. This "privacy-level agreement" should somehow guarantee that if the established privacy policy is violated, the customer is entitled to some form of monetary compensation or can otherwise take legal action.

Unfortunately, I'm not a lawyer, so I don't know exactly to what extent of the law such an agreement can be enforceable, so my questions to the HN community are: how feasible is such an agreement, and what are some alternative solutions to this trust problem?