Longaccess offered exactly that: users would pay in advance for 30 years of storage and upload any file they wanted to archive. Archives were client-side encrypted and immutable (once uploaded, no one can add, delete or update files).
And each archive corresponded to a "certificate": a simple text file containing the archive ID and the random encryption key that had been used to encrypt the archive. We recommended that our users printed the archive certificate, to make sure technological obsolescence doesn’t make it unusable in the future (because if the certificate is lost, there is no way to recover the specific archive).
Very close to what I was thinking the other day related to digital preservation. Documented failures are invaluable. Thank you so much!
Discovered via Simon Willison (cache).