Abstract: A system and method for providing verified privacy-preserving attestations of requisite properties of private data stored on a web server is disclosed. An untrusted host mediates secure communication for a secure enclave with a data owner device and the web server. A secure enclave verification server provides an attestation to the data owner device that the secure enclave module is secure and has a valid trusted computing base (TCB). The data owner module provides credentials to access the private data to the secure enclave, which retrieves the data and calculates the requisite properties. The secure enclave produces an attestation envelope, which is verified by an attestation envelope verification module. Combining the certificates and keys generated during a TLS handshake between the secure enclave and the web server enables a proof that the data coming into the enclave was from a standard (unmodified) web server API provided by the web server.