That would be true if the private key was kept on the server but we would only keep the public key on the server to encrypt the data to and any messages or data which needs reviewing will be later manually decrypted by staff since they will hold the private key not the server.