From your whitepaper:
Also, we do not store private keys and passwords on our nodes.
So without storing the private keys and password, how are you able to sends from the address?
I believe that you are storing the private keys, but in the encrypted form using the password as key to decrypt. If not then how does this work?
Also, is it possible to send funds from an address on your site if I know the password, but using a different API key?