Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Icedrive

VERIFIED
File sharing · United Kingdom
Founded 2019 · icedrive.net ↗

UK/Gibraltar cloud storage (ID Cloud Services Ltd), opt-in Twofish client-side encryption, lifetime plans; UK/DE/US data centres, no region pinning.

In short

Icedrive, in the File sharing category, offers EU hosting with United Kingdom as its hosting location, but a US parent or sub-processor leaves material CLOUD Act exposure.

Assessment notes

Icedrive is operated by ID Cloud Services Ltd, a UK micro-company (HQ Unit 12 J-Shed, Kings Road, Swansea, Wales; one source also cites a Gibraltar registration) founded in 2019 and effectively a one-person operation led by James Bressington; the product offers genuine client-side Twofish encryption but only on an opt-in dedicated encrypted folder, not the whole account, and runs a distributed storage architecture across data centres in the UK, Germany AND the USA with no customer region selection, meaning EU buyers cannot keep data out of US infrastructure; combined with UK-post-Brexit ownership, material CLOUD Act exposure, no public DPA or sub-processors list, and no certifications, the signal mix is the weakest in this category.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Icedrive

Icedrive is a consumer-and-prosumer cloud storage service operated by ID Cloud Services Ltd, a UK micro-company based in Swansea, Wales (one secondary source additionally cites a Gibraltar company registration; the discrepancy is unresolved and flagged below). Founded in 2019, it is effectively a one-person operation led by CEO James Bressington, which is unusual for a directory of procurement-grade vendors and is itself a risk signal: there is no team depth, no funding disclosed, and no public corporate filings surfaced at audit.

The product's headline differentiator is encryption. Icedrive is the only mainstream cloud storage service to use the Twofish algorithm, and it offers true zero-knowledge client-side encryption: files and even file/folder names are encrypted on the device with a 256-bit key that never reaches Icedrive's servers. The important caveat for buyers: this applies only to files placed in a dedicated encrypted folder, not to the whole account. Anything stored outside that folder is not zero-knowledge.

For an EU-sovereignty audit Icedrive is weak. Storage is distributed across data centres in the UK, Germany and the United States with N+2 redundancy, and customers cannot choose their storage region, so EU data can and does land on US infrastructure, which is material CLOUD Act exposure regardless of the client-side encryption available on the opt-in folder. There is no public DPA, no sub-processors list, and no certifications. The vendor's own site (icedrive.net) returned HTTP 403 to automated fetching at audit, so several fields rely on secondary sources.

Pricing is competitive and lifetime-friendly: a 10 GB free tier, Pro plans from ~$5.99/month for 2 TB, and one-time lifetime plans starting around $389 for 2 TB with $199/1 TB and $449/5 TB add-on "stacks"; the lifetime model is the main reason Icedrive appears on best-of lists. Best fit: privacy-curious individuals who will discipline themselves to use the encrypted folder and who value lifetime pricing over EU data residency. Procurement-grade EU buyers should prefer Koofr (SI/DE), Internxt (ES), Tresorit (CH/HU) or Proton Drive (CH), all covered elsewhere on this directory.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications · none listed

We checked the vendor's website and standard certification body registries. No active certifications found at the time of last audit (2026-05-18).
FEATURES

Capability matrix

Free storage 10 GB
Paid storage (from) 150 GB
Max file size Unlimited
Photo sync Yes
File versioning Yes
Link sharing Yes
Platforms iOS macOS Windows Android Linux Web
INTEGRATION & ACCESS
REST API No
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

FREEMIUM
from €6/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
ALTERNATIVES

Alternatives in this category

Proton Drive
Switzerland · Founded 2014
EU-SOVEREIGN

Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE
Tresorit
Switzerland · Founded 2011
EU-HOSTED

Swiss-Post-owned (state-anchored) E2E encrypted enterprise cloud storage (Tresorit AG, Zurich), Swiss + EU DC options, ISO 27001.

Public DPA Sub-processors Open source
FROM
€10/mo
CLOUD ACT
MATERIAL
kDrive (Infomaniak)
Switzerland · Founded 1994
EU-SOVEREIGN

Swiss kDrive cloud (Infomaniak, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, district-heating heat recycling.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE