Short answer: Nobody.

Long answer: The private portion of the user's key is encrypted with user's pass-code and stored on the local computer or sent to the server at user's discretion. When the encrypted private key resides on the server, user benefits from ability to access his account from anywhere in the world through the Internet.

The transformation algorithm applied to encrypt the private key is Rijndael. The user's pass-code is the entropy source for the 256 bit symmetric key which, together with the algorithm, transforms the private portion of the asymmetric key into a cypher text. The strength of the encryption depends on the strength of the user's pass-code. It is believed that all of the energy in the universe is not sufficient to successfully complete a brute-force attack on a cipher text generated with an AES symmetric cipher with 256 bit long symmetric encryption keys.

The user-name and passphrase with additional salt together create a unique user pass-code. This pass-code is only known to the user and never shared, stored, or send anywhere. When user forgets his user-name or passphrase, all of his data stored on the server becomes inaccessible forever, we have no ability to recover any portion of the data or the lost pass-code.