The frontend and the peerjs-server are open source and selfhostable independently. This should address any third party concerns. Perhaps the app can only be considered secure if it’s self hosted?

How can I describe the chain of trust in a self hosted system? I’m sure auditing will help inspire confidence but this isn’t something I can do for the app. Open sourcing is the next best thing to open it up to public review.