Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Koofr

VERIFIED
File sharing · Slovenia
Founded 2013 · koofr.eu ↗

Slovenian cloud storage (Koofr d.o.o., est. 2013), German ISO 27001 data centres, optional client-side encryption via the open-source Koofr Vault, 10 GB free.

In short

Koofr, in the File sharing category, is an EU-owned service with Germany as its hosting location and no identified CLOUD Act exposure.

Assessment notes

Koofr is operated by Koofr d.o.o. (Stegne 23A, Ljubljana, Slovenia; founded 2013, based in Technology Park Ljubljana), a fully EU-incorporated, EU-owned company that stores all data in ISO 27001-certified data centres in Germany, is GDPR-compliant by default, runs no file scanning or tracking, and offers optional client-side encryption via the Koofr Vault product; EU-owned and Germany-hosted with no CLOUD Act exposure and optional zero-knowledge encryption via Koofr Vault; the key documentation gaps are no public DPA and no sub-processors list surfaced at audit.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Koofr

Koofr is a Slovenian cloud storage service operated by Koofr d.o.o., based at Stegne 23A in Ljubljana and a long-time member of Technology Park Ljubljana. Founded in 2013, it celebrated its tenth year of service in 2023 and is one of the cleaner small-vendor EU storage listings in this directory, fully Slovenian-incorporated, EU-owned, with no US parent, no US VC, and no PE on record.

The infrastructure story is solid: Koofr stores all customer data in ISO 27001-certified data centres in Germany, markets itself as "GDPR compliant by default," and explicitly commits to not scanning, indexing or tracking customer files. Standard transport encryption and encrypted storage apply to all accounts. For users who want true zero-knowledge encryption, Koofr offers Koofr Vault, a client-side-encrypted layer where files are encrypted in the browser/app before upload, so Koofr cannot read them. Koofr Vault is fully open-source, so its encryption can be independently audited. The apps and web UI are localised into more than 20 languages, including most major EU languages (German, French, Italian, Spanish, Dutch, Polish, Portuguese, Swedish, and others) alongside Slovenian and several global languages. A distinctive feature is that Koofr can connect and unify external clouds (Dropbox, Google Drive, OneDrive, Amazon) into a single interface, which is useful for migration but should be understood by privacy-focused buyers as an opt-in bridge to non-EU services.

For an EU-sovereignty audit the open question is documentation, not infrastructure. At audit no public DPA and no sub-processors list could be surfaced on koofr.eu. The underlying signal mix is otherwise strong (Slovenian entity, German ISO 27001 hosting, no file scanning, optional client-side encryption via Koofr Vault, no CLOUD Act exposure); the missing documentation is the gap to resolve on the next pass rather than a structural weakness.

Pricing is freemium and unusually granular: 10 GB free forever; "Briefcase" tiers from €0.50/month (25 GB) and €1/month (100 GB); "Suitcase" tiers €4-10/month (250 GB to 1 TB); "Crate" tiers €20-35/month (2.5-5 TB) plus custom 10 TB+. Note that subscriptions are currently billed yearly and prices include 22% Slovenian VAT. Long-term subscribers can also join a Loyalty Program offering subscription discounts of up to 50%. The former free-storage referral scheme has been discontinued; there is no monetary affiliate programme. Best fit: privacy-conscious EU individuals and small teams who want German-hosted storage from an independent Slovenian vendor, especially those who will use Koofr Vault for sensitive files.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications · none listed

We checked the vendor's website and standard certification body registries. No active certifications found at the time of last audit (2026-05-14).
FEATURES

Capability matrix

Free storage 10 GB
Paid storage (from) 25 GB
Max file size Unlimited
Photo sync Yes
File versioning Yes
Link sharing Yes
Platforms iOS macOS Windows Android Linux Web
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

FREEMIUM
from €1/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
  • Terms of Service
    koofr.eu/tos…
    Open ↗
ALTERNATIVES

Alternatives in this category

Proton Drive
Switzerland · Founded 2014
EU-SOVEREIGN

Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE
Tresorit
Switzerland · Founded 2011
EU-HOSTED

Swiss-Post-owned (state-anchored) E2E encrypted enterprise cloud storage (Tresorit AG, Zurich), Swiss + EU DC options, ISO 27001.

Public DPA Sub-processors Open source
FROM
€10/mo
CLOUD ACT
MATERIAL
kDrive (Infomaniak)
Switzerland · Founded 1994
EU-SOVEREIGN

Swiss kDrive cloud (Infomaniak, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, district-heating heat recycling.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE