Skip to content
Independently verified · Quarterly re-audit
EU VETTED

leitzcloud

VERIFIED
File sharing · Germany

German-operated (LC by vBoxx GmbH, Frankfurt) Leitz-branded business cloud on its own German data centres (Frankfurt + Mannheim), ISO 27001 (TÜV Nord), AVV available on request.

In short

leitzcloud, in the File sharing category, is an EU-owned service with Germany as its hosting location and no identified CLOUD Act exposure.

Assessment notes

leitzcloud is operated by LC by vBoxx GmbH (Friedrich-Ebert-Anlage 36, 60325 Frankfurt am Main; Registergericht Frankfurt am Main HRB 117087, USt DE326895475), a German operating entity within the Dutch vBoxx group, running business file storage exclusively from two georedundant German data centres (maincubes FRA01 in Frankfurt and PFALZKOM DATACENTER Rhein-Neckar II near Mannheim) on its own infrastructure, powered by 100% renewable electricity, with ISO/IEC 27001 (TÜV Nord) certification and TÜV audits; EU-owned, EU-hosted in Germany, no CLOUD Act exposure. The vendor supplied an AVV (DPA + sub-processor list + data-residency statement) on request; it is not published at a public URL, which remains the one documentation gap.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About leitzcloud

leitzcloud is a business cloud-storage and file-collaboration product operated by LC by vBoxx GmbH, a German company registered in Frankfurt am Main (HRB 117087), part of the Dutch vBoxx group and marketed under licence from the Leitz office-supplies brand as "leitzcloud by vBoxx". It targets SMB, mid-market, enterprise, freelance, non-profit, public-sector, and startup customers across DACH and Benelux, pairing secure storage, sync, and sharing with real-time online document editing (Word, Excel, presentations), role-based corporate-governance controls, and guest access. The product UI is available in five languages: German, English, French, Dutch, and Brazilian Portuguese.

Compliance posture is enterprise-grade and German-centric. Customer data is stored exclusively in Germany, georedundant across two high-security data centres (maincubes FRA01 in Frankfurt and PFALZKOM DATACENTER Rhein-Neckar II (DCRN II) near Mannheim) on leitzcloud's own infrastructure rather than rented hyperscaler capacity, powered by 100% renewable electricity. The platform holds ISO/IEC 27001 certification (TÜV Nord) and undergoes TÜV audits; the vendor also cites ISO 9001 and ISAE 3402 controls. Combined with the German operating entity and EU-only data residency, this gives an EU-owned, EU-hosted, no-CLOUD-Act-exposure posture suited to procurement-grade and public-sector-adjacent buyers.

On documentation: leitzcloud supplied an AVV on request (June 2026) covering its Data Processing Agreement, sub-processor list, and hosting / data-residency details; it is not published at a stable public URL, which is the remaining transparency gap relative to vendors that post their DPA openly. Best fit: German and DACH SMBs and public-sector adjacencies that want German-only data residency on the operator's own infrastructure plus a multilingual UI, and Dutch / Benelux businesses via the vBoxx group. leitzcloud is the file-storage component of a broader suite that also includes LC-Connect (mail / calendar / meetings) and LC-Pass (password manager).

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Capability matrix

Free storage 0 GB
Paid storage (from) 250 GB
Photo sync No
File versioning Yes
Link sharing Yes
Platforms iOS macOS Windows Web
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
from €8.8/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

DPA provided on request. The vendor provides its Data Processing Addendum to customers on request (by email or inside the account portal) rather than publishing it at a public URL, so it is not counted as a public DPA (see How we assess).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — on request
    on request
  • Sub-processors list
    — missing
    missing
ALTERNATIVES

Alternatives in this category

Proton Drive
Switzerland · Founded 2014
EU-SOVEREIGN

Swiss zero-knowledge encrypted cloud (Proton AG, non-profit-foundation-controlled), 11,496 owned servers, ISO 27001 + SOC 2, 5 GB free.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE
Tresorit
Switzerland · Founded 2011
EU-HOSTED

Swiss-Post-owned (state-anchored) E2E encrypted enterprise cloud storage (Tresorit AG, Zurich), Swiss + EU DC options, ISO 27001.

Public DPA Sub-processors Open source
FROM
€10/mo
CLOUD ACT
MATERIAL
kDrive (Infomaniak)
Switzerland · Founded 1994
EU-SOVEREIGN

Swiss kDrive cloud (Infomaniak, Geneva, since 1994), own Swiss DCs, ISO 27001 + B Corp 2025, district-heating heat recycling.

Public DPA Sub-processors Open source
FROM
€4/mo
CLOUD ACT
NONE