Maybe the best way to ensure you don't do anything sneaky with the data is not having the data in the first place (at least unencrypted). Do you know the Mylar project [1]? They are doing pretty interesting stuff with zero-trust (even compromised) servers.

[1] https://css.csail.mit.edu/mylar/