From a communication perspective, it is understandable, however keep it mind it won’t pass the GDPR compliancy requirements.
Moreover and given the data type you are processing, you have to know Xano is a US legal entity, therefore falling right under the Patriot Act which allows under certains conditions data access by some US government services (the ones with the big ears).
In this scenario it will fail compliancy as well, unless the data can be encrypted/decrypted by a EU legal entity with encryption keys owned stored by a EU legal entity also.
If you can find a backend operated by a EU legal entity, that would already cover most of the cases.