What if the company owner could split his key that he generated on the phone into 3 shards and give each shard to a different cloud service providers and they would collectively perform musig2 and sign stuff on his behalf using NIP-46 without ever being able to recover their key unless they all collude?

And they also offer fine-grained access control for interns and employees and so on.

nostr:npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7 is this ok?