That seems really, really shady. I wonder if they sold off their database of customers (I would guess yes; what else are you going to do with all those users if you wanted to try and squeeze more money out of a dead horse?).<p>One thing though:<p>> My information is not stored on a SSL-encrypted PCI-compliant system.<p>Are you sure? Seems unlikely Homejoy would actually store that information versus a PCI-compliant system like Authorize.net in which case perhaps they simply passed the credentials over which could show the last 4 digits of your credit card.