We deploy private Splitgraph instances to dedicated infrastructure on a cloud vendor and region of your choice. There is no data sharding with other Splitgraph users.
By default, all private deployments require authentication and disallow signups with passwords or OAuth. You can optionally relax these settings (if you're running Splitgraph as a public-facing data portal). In addition, you can configure an OAuth provider for your organization so that only members can log into your Splitgraph instance. See the OAuth documentation for an example of setting up Okta OAuth with Splitgraph.
You can give users the same permissions and roles as on splitgraph.com, with a single difference: if your instance requires authentication, a dataset being "public" means that only people logged into your instance can see it.