Most engagements
Hosted
A multi-tenant Swiss-sovereign service running on Phoeniqs sovereign cloud infrastructure in Switzerland. Data is encrypted in transit (TLS to edge, platform private network internal) and at rest with platform-managed keys held by Phoeniqs. A small team of ANA Wealth operators holds audited application and database access, exercised only for support and incident response; Phoeniqs operators have storage-layer access within the platform. Phoeniqs is the sole sub-processor; no analytics vendors, no third-party model providers. This tier is not no-knowledge custody — ANA Wealth and Phoeniqs are operators with audited access, not zero-knowledge custodians. For the full disclosure of who can technically access your data on this tier, see our data-handling note.
Typical: a single closed group — board, committee, deal team, or matter. Per-seat with a tenant base; numbers from a scoping conversation.
Where posture requires it
Dedicated
Single-tenant Swiss-sovereign infrastructure with customer-controlled HSM keys — neither ANA Wealth nor Phoeniqs holds a copy of the decryption keys. Confidential computing runs in production: hardware-attested memory encryption (AMD SEV-SNP, Intel TDX, NVIDIA Confidential H100) means that encrypted data remains encrypted even while being processed, and the hardware will only release it to attested code. That makes operator-inaccessibility a property of the silicon, not a promise of policy. Suitable for organisations whose posture or contracts require no-knowledge custody.
Scoped per engagement.