We recommend using an extension or nsec.app. If you decide to enter your nsec manually, we store it in your browser’s local storage and require a passphrase to encrypt/unencrypt it, so it’s only exposed in memory when used for signing. nostr:npub15dc33fyg3cpd9r58vlqge2hh8dy6hkkrjxkhluv2xpyfreqkmsesesyv6e doesn’t store it in any way apart from locally on your device; we have no access to it. We are also open source, so you can verify the code yourself!

https://github.com/shopstr-eng/shopstr