There is always a tradeoff between convenience and security concern. I mean security concern, not security itself.
We don’t keep the private keys but it depends if you trust us. When using Cloud the cloud can always generate key again and replace those in the router even it does not keep the keys. But this is alway other Wireguard VPN providers are doing. If you are using OpenVpn protocols you face the same problems as well: Keys are generated from the server side.
But we do let a user to configure by him/herself. Just a little complicated.