Where does it say they don't have the keys? It literally says they store the keys in their own datacenters. Which is obvious anyway, otherwise the API wouldn't be able to return the unencrypted data.