So, I do not think they store private key or anything related on database, that is why the seed phrase or the wallet file is important/needed during recovery.
They have always stored the private keys in their database but only encrypted.
Basically when you create a wallet, your keys are generated in your browser then they are encrypted in your browser then sent to their servers to be stored there. Each time you login you then fetch the encrypted keys, decrypt them in your browser and use them there.
This way they won't have access or control over your keys (hence non-custodial) but still you are storing the keys remotely in a server that could be hacked and maybe there could be some vulnerabilities in the way they encrypt the keys which could be exploited to steal your coins!