I did something similar with Cashu and #nostr #safebox - it looks like a regular Lightning wallet, but under the hood, the ‘state’ for each user is stored as proofs encrypted on relays. The mint, and Lightning node are used to clear payments out of the system. Other Lightning wallet providers use an accounting database, or in the case of Spark, some sort of state chain, which I don’t fully understand yet. But in all cases (including mine), the operator is responsible for maintaining a state for the user. The operator might not be able to access the specifics of that state, but they can lock out the user and keep their funds. I’ve been trying as hard as I can to minimize the trust for users to only availability, but it’s hard.