Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Filen

VERIFIED
File sharing · Germany
Founded 2021 · filen.io ↗

German zero-knowledge E2E cloud (Filen Cloud Dienste UG, Recklinghausen, 2021), Tier IV ISO 27001 DCs, no US data, open source apps.

In short

Filen, in the File sharing category, is a European service with Germany as its hosting location and at most minor, transient US exposure under the CLOUD Act.

Assessment notes

Filen Cloud Dienste UG (Recklinghausen, Germany; founded mid-2021 by Jan Lenczyk, Jan Kulartz, and Phil Hedrich) runs an explicit ''next-generation zero-knowledge end-to-end encrypted cloud'' from Tier IV ISO 27001-certified German data centres with no data stored in the United States, AES-256 client-side encryption, open-source applications on GitHub, and a founder-led cap table with no external venture capital; sub-processors are disclosed on the /privacy page (Stripe IE, PayPal US, Cloudflare US, Sentry US); EU-owned and EU-hosted with only minor CLOUD Act exposure: the US-jurisdiction sub-processors are all transient (payments, error telemetry, bot protection) and, because storage is zero-knowledge end-to-end encrypted, none of them can read file content; zero-knowledge E2E encryption, open-source clients, and disclosed sub-processors; the key documentation gap is no standalone public DPA URL.

CLOUD ACT
OWNERSHIP
SUB-PROCS
7 · 5 US
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Filen

Filen is a German-headquartered zero-knowledge end-to-end encrypted cloud-storage product operated by Filen Cloud Dienste UG (haftungsbeschränkt), founded in mid-2021 in Recklinghausen, Germany by Jan Lenczyk (CEO + CTO), Jan Kulartz (COO + CMO), and Phil Hedrich (CDO + Customer Care). The product is structurally similar to Mega and Internxt (every file is encrypted on the user's device with AES-256 before it leaves the client, the encryption keys never reach Filen's servers, and the company mathematically cannot read uploaded content) and ships as Filen Drive, Filen Notes, Filen Chats, Filen Sync, and a network-drive client across Windows, macOS, Linux, iOS, Android, and the web. The applications are open source on GitHub for independent audit.

For an EU-sovereignty audit Filen is among the cleanest listings in the file-sharing category. All servers are located in Germany in Tier IV ISO 27001-certified high-security data centres across multiple regions for disaster-recovery redundancy. The vendor states explicitly that no data is stored in the United States, an unusually strong commitment for a product at this price point. German data-protection law (Bundesdatenschutzgesetz) applies on top of GDPR, and the UG legal structure is a German limited-liability format. The ownership chain is clean: founder-led with no VC/PE investors on record. Customer keys, file content, file names, and metadata are all encrypted client-side: zero-knowledge end-to-end. Among the strong EU-owned file-sharing alternatives (Proton Drive, Tresorit, Internxt, Filen, Cryptee), Filen wins on price-to-performance for users who want German jurisdiction specifically.

Pricing is the most aggressive in the directory's encrypted-cloud category: free tier available with limited storage; Pro I starts at €1.99/month for 200 GiB; Pro II / III / IV scale up with more storage and higher upload caps; unlimited bandwidth, uploads, client-side encryption, syncing, and file sharing across all paid tiers. No lifetime plans (vendor explicitly opts out). Best fit: privacy-conscious individuals and small teams who want German jurisdiction, zero-knowledge encryption by default, open-source apps, and aggressive pricing; particularly relevant for journalists, NGOs, and SMBs in DACH.

SUB-PROCESSORS

Sub-processor map · 7

Source ↗
  • Cloudflare, Inc. US
    United States

    Bot protection via Turnstile (Standard Contractual Clauses)

  • Coinbase Inc. US
    United States

    Cryptocurrency payment processing (Standard Contractual Clauses)

  • PayPal Inc. US
    United States

    Payment processing (Standard Contractual Clauses)

  • Sentry Inc. US
    United States

    Error management / telemetry (Standard Contractual Clauses)

  • Stripe Payments Europe Ltd. US
    Ireland

    Payment processing

  • Fider EU
    Germany

    Feature-suggestion tool (open source, self-hosted by Filen on its German infrastructure)

  • Plausible Analytics EU
    Estonia

    Web analytics (self-hosted by Filen in Germany)

5 of 7 sub-processors are US-incorporated. Limited CLOUD Act exposure via these ancillary sub-processors.
CERTIFICATIONS

Frameworks & certifications · none listed

We checked the vendor's website and standard certification body registries. No active certifications found at the time of last audit (2026-05-18).
FEATURES

Capability matrix

Free storage 10 GB
Paid storage (from) 200 GB
Photo sync Yes
File versioning Yes
Link sharing Yes
Platforms iOS macOS Windows Android Linux Web
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

FREEMIUM
from €2/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    filen.io/privacy…
    Open ↗
  • Terms of Service
    filen.io/terms…
    Open ↗
ALTERNATIVES

Alternatives in this category

Proton Drive
Switzerland · Founded 2014
EU-SOVEREIGN

Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE
Tresorit
Switzerland · Founded 2011
EU-HOSTED

Swiss-Post-owned (state-anchored) E2E encrypted enterprise cloud storage (Tresorit AG, Zurich), Swiss + EU DC options, ISO 27001.

Public DPA Sub-processors Open source
FROM
€10/mo
CLOUD ACT
MATERIAL
kDrive (Infomaniak)
Switzerland · Founded 1994
EU-SOVEREIGN

Swiss kDrive cloud (Infomaniak, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, district-heating heat recycling.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE