We will explain it once more now. In our test phase we sent the private key to the backend to check it (through web3.js) if is valid or not. And because we had no encryption at the time, this event occurred. We presented everything transparently and above all we changed all what you wanted.
Exactly. You were sending it to your backend. Like I said, if you were only checking if its valid or saving them, it's not up for me to say. A DEX would not need any of these to reach the backend after all.
But your answer was:
The fact is that you could see your own private key but only in your own browser - in your session. You were just faster than we were. Now we implemented encryption.
The accusations that the privatekey is read by users completely invented. This screenshot only shows that the user can see his own private key in his own browser session!
The bolded part is a lie. If it reached your backend, you could supposedly have seen it all and saved them. If you admitted it was sent to the backend, then how is it only on the browser session? Again, if you saved or not, we can't know. But you COULD have been saving them. That's the point of OP's thread.
We would not say "lie" but "not true". Yes, that was the first reaction (of social media manager) we thought is right, we should have examine it at first.