This paper describes a security problem involving an online data repository, which acts as a proxy for mul- tiple companies allowing their customers to perform online services (e.g., pay invoices). The repository’s host is trusted to honestly fulfil its duties in main- taining the data in a manner consistent with each companies’ required services. However, the informa- tion stored by the repository remains private in that the repository’s host cannot openly read any compa- nies’ operational data, nor does it learn the identities of any companies’ customers. We contrast several ap- proaches describing their viability for web deployment using existing technologies. This is a fundamentally new security problem with no established literature or clearly defined cryptographic solution. The project originated from a commercial attempt to design a se- cure online data archive. A sample implementation of the system is presented that allows a customer to pay and view invoices online via the data repository using a popular and widely available small business accountancy application.