Rekeying use case

Hello, we are developing an application that will be used by hundreds or potentially thousands of users that have low technical literacy.

Wallets need to be non-custodial but we need the option to help users recover their wallets if they lose their private keys, which inevitably will happen.

Rekeying seems like a good option. However…

  1. If rekeying requires the storage of a master key that can rekey other private keys would this then classify as a form of custodianship of funds?

  2. Does rekeying present a security concern since the master key can rekey other private keys? How is that security concern mitigated?

I’m not a developer so apologies if these questions are easily answered via the dev portal, which I don’t fully understand!

Advanced thanks to any feedback