Oh, great to hear that you have that process as well.

For the easier process where the plain text private keys are sent via email, would it make sense to somehow make it clear to the person via email reminders and reminders on the app that they haven't changed their private keys so the email provider and any third parties they work with has access to their account and all funds on it?