# Us against them as a spectator from the sidelines

> fortrabbit uses AWS, about EU data sovereignty and privacy trends.

- US people: No EU companies please.
- EU people: No US tech please.

## European alternatives

Websites such as [european-alternatives.eu](https://european-alternatives.eu/) and [eutechmap.com](https://eutechmap.com/) are having a moment. I would like to submit fortrabbit, but:

> For infrastructure/hosting providers, "European" should not simply mean "a European brand on top of a US hyperscaler." If the core service is essentially reselling AWS/Azure/GCP, we may exclude it or label it clearly.

So, we are just a "brand on top of a US hyperscaler"?

*NOTE: The EU alternatives websites mentioned above are not a grass root inititaves, but commercial offerings. You can buy to get reviewed and ads there. This one is: www.eucloud.tech.*

## Sales perspective

> As an online agency based in Germany we want to offer our clients 99,9% security and data sovereignty.

That line was from a sales chat (Kirby CMS prospect). I doubt that there is a strict relation of security and data sovereignty. How to measure 99.9% security? But the point is the missing trust - not in us particularly, but in our partners.

## Global economic tension affects us

The European Commission has recently opened investigations into Amazon Web Services (AWS) regarding its cloud computing practices, focusing on potential anticompetitive behavior and whether AWS should be designated as a gatekeeper under the Digital Markets Act.

We got a "Request for Information" for case: "DMA.100033 - Amazon - cloud computing services" too. It looked more phishy than legit. I filled that long and cryptic form, mostly explaining why none of it applies to us.

At about the same time Amazon launches the AWS European Sovereign Cloud, with a [website](https://aws.eu/en/). Would it convince my sales prospect? I doubt it.

From my point of view, this echoes GDPR's launch (see [blog post](/fortrabbit-is-gdpr-ready)): good intentions, bad execution. Now everyone claims GDPR/CCPA compliance. I doubt it.

## Global by design

Our niche PHP target audiences are spread across the globe. So, fortrabbit is global by design. 50% of our customers are from the US, with also a big customer base in the UK. The rest is mostly EU, Asia emerging.

## US tech is often better and hard to avoid

We explored IaaS alternatives - specifically Hetzner - (see [blog post](/infra-research-2024)), but settled with AWS for the new platform as well. It's more expensive, but it has the tech we want. It also looks the most compelling in terms of environmental impact to me. We did not take that lightly.

We still have an eye on UpCloud as a potential infra provider, as it is positioned as an [European alternative](https://european-alternatives.eu/product/upcloud). But their data centers are mostly operated by Equinix and Digital Realty, both US companies. Is it really an Eurpoean alternative then?

## It's not only infra

Even if we switched the bare metal layer, we'd still rely on other US services:

- Customer chat: Intercom (hm)
- Billing: Stripe (tech is really good)
- Deployment: via GitHub (we plan to add more services)
- The list goes on

We are planning a CDN integration. Of course Cloudflare is the most obvious choice. Beside the tech aspects, we also consider overall trust. And in that regard, for me, even with some bad press, Cloudflare may look more compelling than Bunny CDN.

## What we do

Here we are, trying to implement good privacy standards on top of badly regulated businesses.

- Collect only essential customer data, kept as briefly as possible, see <content-link href="/legal/data-collection" prefix="www" text="data collection and retention">



</content-link>

.
- Take security seriously. Where possible, personal data is locked and encrypted.
- Don't do shady marketing, sharing customer data with hundreds of business partners.
- Carefully select and re-evaluate services we share customer data with. See our <content-link href="/legal/sub-processors" prefix="www" text="sub-processors list">



</content-link>

.
- Try to be as transparent as possible about our customer relation. See our large <content-link href="/legal" prefix="www" text="legal section">



</content-link>

, including policies for data processing.

## Requirements matter

Most of our customers are using fortrabbit to host websites that are fully public anyhow.

Some of our customers run web apps that collect their own user data. We try to educate developers about the risks and technical measures to protect that data as much as possible (encryption for example). We don't suggest to store sensitive data with our services, specifically health related data.

I don't want to vote for "nothing to hide, nothing to fear", it's just that different projects have different requirements.

## Closing lines

I enjoy living in the EU with strong consumer rights. Does it protect me against [unsolicited business proposals](/cold-outreach) or robotic sales calls? No! I believe global cooperation is better than fragmentation - for humanity and business. We don't need 'US against them' or 'EU against them'.

- We don't want to pick a side.
- We gravitate towards the best tech.
- Our business can only thrive globally.
- We are concerned about big tech too.
- We care about privacy.