While I'm not opposing the idea of an nsec vault, I don't see how it can be done safely and securely, without requiring a lot of trust. On the other hand, for a paid service like yours, an optional account dissociated from the npub/nsec pair is OK. If you lose your nsec, you just log in and associate a different one with your account. That doesn't sound problematic at all, especially if it would be optional.