Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.
- FROM
- €4/Mt.
- CLOUD ACT
- NONE
Zusammenfassung aus Eigentümerschaft und CLOUD-Act-Risiko.
Estonian-incorporated zero-knowledge encrypted photos / notes / docs PWA (Cryptee, 2018, John Ozbay), bootstrapped, open source.
Cryptee aus der Kategorie Dateifreigabe bietet EU-Hosting mit Estonia als Hosting-Standort, doch ein US-Mutterkonzern oder Unterauftragsverarbeiter hinterlässt ein materielles CLOUD-Act-Risiko.
Cryptee (Tallinn, Estonia; founded June 2018 by John Ozbay) is a 100% bootstrapped Progressive-Web-App for zero-knowledge encrypted notes, documents, journals, photos, and files: AES-256 client-side encryption before data leaves the device, fully open source for public audit, Estonia is outside the 14-Eyes intelligence-sharing arrangement, and no VC/PE involvement on the cap table; however the verified sub-processor list (2026-06) shows the primary host is Google Cloud (a US-owned hyperscaler), with Cloudflare, Stripe and Sentry also US, so CLOUD Act exposure is material on a structural reading, though client-side AES-256 encryption means Google stores only ciphertext and Cryptee holds no keys; EU-owned with open-source clients, but no public DPA (the /help/privacy and /help/terms paths return 404; no DPA document exists on the public site), the key documentation gap for procurement buyers.
Wie stark Kundendaten US-Behörden nach dem CLOUD Act (Clarifying Lawful Overseas Use of Data Act) ausgesetzt sind.
Wo die letztliche Kontrolle über das Betreiberunternehmen liegt.
Cryptee is an Estonian-incorporated privacy-first Progressive Web App for encrypted photos, documents, notes, journal entries, files, and personal media, founded on 1 June 2018 by John Ozbay (a cybersecurity researcher, designer, and privacy activist based in Tallinn) and 100% bootstrapped with no outside investment. The product is engineered as a Google Photos / Google Docs / iCloud Photos / Evernote replacement for users who specifically want their cloud data to be unreadable to anyone except themselves: every document, note, photo, and file is encrypted client-side with AES-256 before it leaves the device, and Cryptee mathematically cannot read the content. The source code is open and publicly available for independent audit. Cryptee positions itself as particularly relevant for victims and survivors of domestic abuse, journalists and reporters, and activists: users whose threat model assumes the cloud provider could be coerced.
For an EU-sovereignty audit Cryptee is structurally exemplary. Estonia is an EU member with a long-standing reputation for digital infrastructure and e-Residency, and crucially Estonia is outside the Five-Eyes / Nine-Eyes / Fourteen-Eyes intelligence-sharing arrangements, a positioning argument the vendor makes explicitly. Combined with zero-knowledge encryption, AGPL-style code openness, and a bootstrapped cap table with no US capital, Cryptee delivers an exceptionally clean EU-owned, EU-hosted, no CLOUD Act exposure posture. Privacy advocacy partnerships include the Electronic Frontier Foundation (EFF) and Privacy International. As a small solo-led operation, Cryptee does not pursue formal ISO 27001 / SOC 2 attestations.
Pricing in EUR: Free tier (limited storage); €3/month (Plus); €9/month (Pro); €27/month (Studio); annual discounts available. No SSO, audit log, or on-prem options at this scale. Best fit: individual privacy-conscious users, journalists, activists, NGOs, and small teams whose threat model demands true zero-knowledge encryption and minimal regulatory surface area. Procurement-grade enterprise buyers with SSO/audit/compliance documentation needs should choose Proton Drive or Tresorit instead.
CDN and security services
Cloud infrastructure / data storage and hosting (primary host)
Error collection and reporting
Payment processing (subscriptions after 2021-02-21)
Payment processing (subscriptions before 2021-02-21)
| Vendor | Country | Purpose | Owner |
|---|---|---|---|
| Cloudflare Portugal, Unipessoal Lda. | Portugal | CDN and security services | US |
| Google Ireland Ltd. (Google Cloud Platform) | Ireland | Cloud infrastructure / data storage and hosting (primary host) | US |
| Sentry Software Netherlands B.V. (Sentry.io) | Netherlands | Error collection and reporting | US |
| Stripe.com | United States | Payment processing (subscriptions after 2021-02-21) | US |
| Paddle.com Market Ltd | United Kingdom | Payment processing (subscriptions before 2021-02-21) | non-US |
Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.
Swiss-Post-owned (state-anchored) E2E encrypted enterprise cloud storage (Tresorit AG, Zurich), Swiss + EU DC options, ISO 27001.
Swiss kDrive cloud (Infomaniak, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, district-heating heat recycling.