> Classifying accounts as child accounts (moderated by a parent)

Notice also that even if you do this, you still don't need the service to be able to decrypt the content, only the parent.

This could even be generically useful, e.g. you have a messenger used by business and then the messages can be read by the client company's administrator/manager but not the messaging company's.