A multisig address can only send out coins if the transaction gets signed by 2 out of 3 involved addresses.
A partner needs a server to run the daemon of the coin(s) and a script we will provide.
When someone requests a withdrawal, the script checks the transaction and signs it (if valid).
This way no one has access to the funds. If one of 3 disappears the remaining 2 can agree to move the funds somewhere else and find a replacement. And if a hacker breaks into one of the servers, he'll still have to break another one to possess 2 keys