The key is stored on the local device Keychain. All the data stays on the app. There’s no backend nor calls to anywhere except when posting.

The code is not open (at least not yet).

The app uses Mastodon’s oAuth and Bluesky accepts app passwords. Happy to implement something better for Nostr but I’m not convinced the solutions are ready yet given how many difficulties I have seen people having with those two platforms' logins in the last days 😂