All policy data is stored in your own GitHub/Azure Repo so you retain control at all times. The app will only access the repo when you click the buttons
Any connections to your customer tenants are via your own app reg, there are no connections from anywhere else
Your application secret and repo token are encrypted before being stored in the database using a 50-digit, randomly created encryption key
The Azure Runbook is hosted in the UK South Microsoft region and the website is hosted in Germany
At this point, no. For one thing, in my opinion your settings shouldn't be changing that regularly. You should backup prior to making a change and then again straight afterwards
If you automated it and someone reported an issue, you don't know when the issue started and will be digging through days of backups to see what has changed.
Secondly, scheduling those on the server would be a timezone nightmare for me!
If you want to go down this route, I can provide instructions on using webhooks within Azure Automation to trigger regular backups
Unfortunately not as there is some commercial code in the login system which would not be fair to the author if I shared freely.
The underlying PowerShell script is of course free and open source so there is no reason you couldn't replicate the system itself
I'm always happy to assist if you would like to try this yourself, it uses webhooks for Azure Automation as well as the respective Git API