So let me get this straight. We have a business that includes an app that lets businesses exchange messages and documents securely. these are all encrypted with aes 256 and we don't hold or store the keys.
What are we supposed to do? Just not allow the service in the first place? Force our users to hand over their keys?