Where does your data actually live?
And who can actually read it?
Most people assume their cloud data is private. It isn't — not in the way you'd expect. This is a plain-language guide to who can see what, at every level of hosting, from your personal Google account to a fully encrypted Meanwhile instance.
Five Levels of Data Protection
Each level adds protection against a different kind of threat. Most businesses operate at Level 0 or 1 and don't realise it.
Your data sits on someone else's computer, readable by that company's systems. Google reads your emails to target ads. Microsoft scans your OneDrive files for content policy violations. iCloud photos are scanned client-side before upload.
These companies comply with government data requests routinely. In 2024, Google received over 200,000 government requests for user data globally and complied with roughly 75% of them.
Your emails: readable in plaintext
Your database: readable — they run it
Your passwords: hashed (usually)
Your usage patterns: tracked and monetised
This is where most small businesses operate today. The provider is both the landlord and the locksmith — and they have a copy of every key.
A step up. You rent a virtual machine and install your own software. The cloud provider doesn't routinely read your data — they have no business reason to. But they can, because they control the physical hardware your VM runs on.
The provider can: snapshot your VM's disk, image it, hand it to law enforcement, or access it for "maintenance." Most providers offer "encryption at rest," but they hold the keys — it protects against stolen physical drives, not against the provider themselves.
Your RAM: accessible via hypervisor
Your network traffic: visible at the network layer
Your application data: readable if they mount your disk
If the provider is US-headquartered (Azure, AWS, Google Cloud), the US CLOUD Act allows US authorities to compel access to your data regardless of which country the server is physically in. A European company's data on an Azure server in Frankfurt is still subject to US legal jurisdiction.
This is where most managed hosting and "cloud ERP" providers operate. Better than Level 0, but the provider still has the keys to your house.
This is where things fundamentally change. Your data volumes are encrypted with LUKS2 — a standard Linux encryption system — using keys that Meanwhile and you hold. Not the cloud provider.
The database has its own encryption layer (MariaDB TDE). Your uploaded files are encrypted at the application layer with your own key. Three independent layers of encryption, none of which the cloud provider can unlock.
Your RAM: still accessible via hypervisor (this is the one remaining gap)
Your network traffic: encrypted via WireGuard mesh
Your database: double-encrypted (LUKS2 + MariaDB TDE)
Your files: triple-encrypted (LUKS2 + app-layer + per-file key)
The RAM gap matters: a sophisticated attacker with hypervisor access could theoretically read data that's currently in memory. This is why Level 3 exists. For most businesses, Level 2 provides protection far beyond what any standard hosting offers — the attack requires nation-state capability and physical access to the specific server your VM runs on.
This is where Meanwhile operates by default. Every instance gets LUKS2, MariaDB TDE, per-file encryption, and WireGuard. It's not a premium tier — it's standard.
This closes the RAM gap. Confidential computing uses hardware-level encryption (AMD SEV, Intel TDX) to encrypt your VM's memory so that even the hypervisor — and therefore the cloud provider — cannot read it. Bare-metal servers eliminate the hypervisor entirely.
At this level, the cloud provider has physical custody of the hardware but cannot access anything useful. Your disk is encrypted (LUKS2), your database has its own encryption (MariaDB TDE), your files have per-customer encryption, your RAM is encrypted in hardware, and your network traffic travels through encrypted tunnels.
Your RAM: hardware-encrypted (SEV/TDX) or isolated (bare metal)
Your network traffic: encrypted mesh tunnel
Your database: encrypted at volume + engine level
Available from Meanwhile as a high-security tier for customers with elevated compliance requirements. Higher cost, limited region availability. The architecture is identical — only the VM type changes.
The ultimate level: your data runs on hardware you physically control. No cloud provider in the picture. No hypervisor. No shared infrastructure. Your data never leaves your premises unless you choose to send it somewhere.
Meanwhile's portable instance is a complete, runnable copy of your system that you download and run on your own hardware. It connects back to Meanwhile's network through an encrypted tunnel for public access — but the data lives on your machine, encrypted with your key.
Your RAM: it's your hardware — only you have physical access
Your network traffic: encrypted tunnel to Meanwhile's relay
Meanwhile sees: encrypted tunnel traffic only — no data access
Any Meanwhile customer can do this at any time. Download your backup, enter your key, run it. No permission needed, no exit fee, no lock-in. Your data is yours.
Who Can Read Your Data?
A comparison across security levels and threat actors. "Can read" means they could access your data in plaintext without your cooperation.
| Threat Actor | Level 0 Consumer Cloud |
Level 1 Standard VM |
Level 2 Meanwhile Encrypted |
Level 3 Confidential / Bare Metal |
Level 4 Your Hardware |
|---|---|---|---|---|---|
| Provider employeeRoutine access, curiosity, insider threat | YesHas tooling access | YesCan mount disk | NoDisk is ciphertext | NoDisk + RAM encrypted | NoNot their hardware |
| Provider (compelled)Lawful order, warrant, CLOUD Act | YesRoutine compliance | YesHands over disk image | PartialRAM only, if targeted | NoCan't decrypt anything | NoOrder goes to you, not a provider |
| Foreign governmentIntelligence services, state actors | YesVia provider's government | YesVia provider's government | PartialRAM only, sophisticated | NoHardware-level protection | NoMust come to you directly |
| Hacker / data breachExternal attacker compromises provider | YesPlaintext available | YesProvider keys accessible | UnlikelyNeeds key from separate system | NoHardware encryption holds | NoYour security perimeter |
| Burglar with your backupStolen laptop, copied USB drive | N/A — no local backup | N/A — no local backup | NoEncrypted with your key | NoEncrypted with your key | NoEncrypted with your key |
| MeanwhileYour hosting operator (that's us) | N/A | N/A | LimitedApp admin access — revocable by you | LimitedApp admin access — revocable by you | NoYou run it, we have no access |
Reading the "Meanwhile" row: At Levels 2–3, Meanwhile has application-level admin access to your instance for maintenance and support. This access is transparent (you can see what we have), audited (every action is logged), and revocable (you can remove it, with the understanding that we can't provide support without it). We do not have routine access to your raw data files or database contents. At Level 4, we have no access at all — you run the whole thing.
Your Portable Instance: What It Looks Like
Every Meanwhile customer can download a complete, encrypted, runnable copy of their system. Here's what happens when you start it on your own laptop.
# ── Startup ──────────────────────────────────────────
[meanwhile] Loading portable instance...
[meanwhile] Instance: realign.opr.how
[meanwhile] Backup from: 2026-02-14 02:00 UTC
# ── Encrypted volumes detected ───────────────────────
[crypto] Found 3 LUKS2 encrypted volumes
[crypto] db-data 48.2 GB LUKS2/aes-xts-plain64
[crypto] redis 0.3 GB LUKS2/aes-xts-plain64
[crypto] sites 12.7 GB LUKS2/aes-xts-plain64
[crypto] Enter your decryption key:
[crypto] Decrypting volumes... ✓ verified
[crypto] Key fingerprint matches instance record
[meanwhile] How would you like to start?
[1] BECOME AUTHORITATIVE — Take over from failed cloud server
[2] TEST / LOCAL ONLY — Verify backup, no network, disposable
[3] MIGRATE — Planned move from cloud to here
[4] DEV CLONE — Persistent copy for testing
[meanwhile] Select mode [1-4]:
[meanwhile] Starting in local-only mode...
[network] Mesh registration: skipped
[network] Outbound connections: disabled
[frappe] Starting MariaDB... ✓
[frappe] Starting Redis... ✓
[frappe] Starting Gunicorn workers... ✓
✓ Instance running at http://localhost:8080
⚠ TEST INSTANCE — changes will not be preserved
That's your entire business system, running on your laptop, from an encrypted backup. The cloud provider never had the key. Meanwhile doesn't need to be online. If you chose Mode 1 instead, your laptop would register on the encrypted mesh network, and your public URL would start routing traffic here — through an encrypted tunnel, without opening any ports on your router.
What Meanwhile Can and Cannot Access
Transparency about our own access is part of the security model.
Every action we take on your instance is logged in an audit trail that you can inspect. If you want to verify that we're being honest about our access, you can — the encryption uses standard tools (LUKS2, WireGuard, MariaDB TDE) that you or any security auditor can verify independently.
How the Layers Work Together
Your data passes through multiple protection boundaries. Each layer is independent — compromising one does not compromise the others.
Each coloured boundary represents an independent encryption layer. The cloud provider boundary (dashed grey) contains everything physically, but can only access what's outside the coloured boxes — which is nothing useful.
The Bottom Line
Most businesses trust their cloud provider with everything because they don't know there's an alternative. There is.
Your data is encrypted with keys that only you and Meanwhile hold. Not your cloud provider. Not their government. Not ours, if you choose to manage your own keys. And you can take it all home whenever you want.
We don't think that's unreasonable. We think that's how it should have been all along.