It's encrypted in the DB, and it's over TLS.

You could use the service w/o giving away who you are.

Have had nostr in mind while building it, but for the moment I will stick to the well-known web development processes and best practices for such a service. There is no room for experimentation and making mistakes. It could be upgraded and use nostr in the future!