Is Cybee backup data subject to the US CLOUD Act or FISA?

No. Cybee is a French vendor, backups are hosted with European providers in the EU, and data is encrypted client-side with keys only you hold. There is no US entity in the chain that could be compelled to hand over your data — and even the storage itself is unreadable without your keys.

No. The US CLOUD Act and FISA 702 allow American authorities to compel US companies to hand over data they control, wherever it is physically stored — including in European data centers. The exposure comes from the vendor’s nationality, not the server’s location.

 

Cybee’s chain is European end to end: a French software vendor, backups hosted on S3 object storage operated by European providers, no US parent company. There is no entity in the chain that US legislation can compel.

 

And even in a worst-case scenario, there would be nothing readable to hand over: data is encrypted on your machines before transfer, and the keys never leave your control.

 

Jurisdiction protects you legally; client-side encryption protects you cryptographically.