If an organization or person is selling a product focused on privacy and there is a TOS that focuses on the org or person avoiding liability but lacks documentation or links to resources to help users to lower their liability and increase privacy, its a red flag to me.
Their servers are located in the Netherlands. Its good that they list that. It would be better to hoist information into something that is less policy/legal oriented and perhaps provide an overview of the laws of that region.
Other things that should be listed is how is the data stored, transferred, how is it protected, are there any steps to anonymize the data, hash the data, or provide a way to bring your on key for data encryption.
Is there any telemetry gathered or stored by the server? Is the code in the github project the same that is deployed in production or is there a private repo that augments the code?
As far as I understand bitcoin is mostly useless for actual payment these days.