You can review the cloud function from there. The password and keys are generated on a secure google cloud server and send back to the client with https encryption.
Right now the following information are stored in the backend (Link):
Account Name
IP Address
Timestamp
Voted (did the account receive his "welcome" vote")
Since there isn't a technical path (that I know) where discounted accounts can be created without an on-chain transaction from the account creator, there has to be a minimum level of trust.
The most interesting part would be:
How are password and keys handled?
In case a user clicks on "Create Account" a https endpoint is called which will trigger this cloud function:
https://github.com/christianfuerst/hiveonboard/blob/c52861b19df937a68bfd44c3cd62e6927a0ebf16/functions/index.js#L19
You can review the cloud function from there. The password and keys are generated on a secure google cloud server and send back to the client with https encryption.
Right now the following information are stored in the backend (Link):
Since there isn't a technical path (that I know) where discounted accounts can be created without an on-chain transaction from the account creator, there has to be a minimum level of trust.
I'am free for further reviews or audits.
thanks for the thorough answer.