>> We encrypt data with 256-bit SSL in transit and AES-256 encryption before it hits disk.
> For us crypto-ignoramuses, what's wrong with what you quoted?
First off, it is very easy to get cryptography wrong. I wouldn't trust most people with being able to implement cryptography software correctly.
Buzzwords like AES and SSL are used to convey a sense of security. Their 256-bit SSL uses AES-256 to encrypt data in transit. While using AES-256 to encrypt a file doesn't mean it is secure. The mode of operation is very important. The following wikipedia page has a picture that was probably encrypted with something like AES-256. I will let you guess what the original picture was.
Another issue not discussed is key management. To encrypt the files with AES-256 they need to have the key. If someone breaks into their server, the server will have the key and the files. It becomes easy to break the security.
Your website copy does not inspire confidence in your ability to properly implement cryptography software.