For the Crypteron managed security platform, Crypteron uses multiple layers of encryption so that no one at Crypteron has direct access to any data encryption keys (DEKs) or key encryption keys (KEKs). To balance business continuity reasons with limited distribution, only the CEO and CTO have access to the master elliptic curve encryption key and only the CEO has access to the master elliptic curve signing key.
For enterprise, self-hosted plans, the customer organization controls key access – typically the CTO or security manager. Crypteron has no access to any keys.