What the hell do the paranoids expect? 'In the case of a merger, acquisition, etc, we will delete everything and start over, or ask personally to each of our customers' ?
And as noted, Personal Information is the stuff you give them at registration.
Furthermore, please don't put extremely sensitive data somewhere on the cloud with little to no protection. Common sense.
In short, yes. A little less extreme though would be to guarantee privacy and security to all stored files, and should any changes occur to the current policy, users should be notified and given the option to completely wipe all of their data or continue using the service. That to me is common sense. Under no circumstances should an acquisition impact the user's privacy and security.
As for encrypting data before it's uploaded. Sure, I mean if you believe their target demographic is tech-savy enough. Which probably means a small fraction of their current users.
I think security in the cloud has to be a shared a responsibility between users and providers, for all cloud apps. Telling your users that it's their sole responsibility is ridiculous and not very competitive... unless you're releasing an open source offering to sysadmins. Technology has gotten so confusing for the typical end user that of course they're not going to invest the time to understand what cloud security even is, whether or not you believe they should.
And as noted, Personal Information is the stuff you give them at registration.
Furthermore, please don't put extremely sensitive data somewhere on the cloud with little to no protection. Common sense.