"We will never sell, rent or share your personal information with a 3rd party, especially your email addresses and phone numbers, without your express permission, unless required by law. Never ever!"
The lesson? Long, hard-to-read privacy policies are usually bad privacy policies. If a company plans to protect your privacy, it won't need lots of weasel words, CYA language, ambiguous constructions and excess verbiage. If, like BillMonk, it has no intention of ever sharing your data except when presented with a valid subpoeana or search warrant, it can just say what BillMonk says: "Never ever!"
(Bonus privacy points: BillMonk apparently uses SSL to encrypt all interactions with its site.)