Hey there, an obvious question that would come up from security experts related to your service. How is the private key for these accounts distributed? How do people know that a 3rd party do not have access to our private keys generated through FlowCrypt?
When generating private keys in FlowCrypt, you can either do simple setup or manual setup.
Manual gives you full control over how your key is handled.
Simple setup will by default protect your key with your pass phrase, then store it in your inbox. The security of your key then depends on the strength of your pass phrase - that is why FlowCrypt requires such a long pass phrase when you are creating a new key.
The code itself is publicly available: github.com/FlowCrypt