Why We Built FoundryDB on European Infrastructure
When we started building FoundryDB, one of the first decisions was where to run the infrastructure. The answer shaped everything that followed: we chose to build exclusively on European cloud providers, starting with UpCloud, a Finnish infrastructure company operating under EU law.
This was not a marketing decision. It was a legal and architectural one. If you store customer data in databases, the jurisdiction of the infrastructure underneath those databases determines what legal regime governs access to that data. For many organizations in Europe, this distinction is no longer optional.
The Problem with US Cloud Providers
The US CLOUD Act (Clarifying Lawful Overseas Use of Data Act), passed in 2018, requires US-based cloud providers to comply with US government data requests regardless of where the data is physically stored. If your PostgreSQL database runs on AWS in Frankfurt, the data is physically in Germany, but Amazon is a US company. A US federal court can compel Amazon to hand over that data without going through European judicial channels.
This is not theoretical. Between 2019 and 2025, the number of disclosed CLOUD Act requests to major US providers grew steadily. The European Court of Justice invalidated the EU-US Privacy Shield in 2020 (Schrems II), and while the EU-US Data Privacy Framework was adopted in 2023, legal challenges continue. The fundamental tension remains: US surveillance law and EU privacy law have different priorities.
For companies subject to GDPR, DORA (Digital Operational Resilience Act for financial services), NIS2 (Network and Information Security Directive), or sector-specific regulations, this creates real compliance risk. Using a US cloud provider requires additional safeguards, legal analysis, and ongoing monitoring that many organizations would rather avoid entirely.
Why UpCloud
UpCloud is a Finnish company, headquartered in Helsinki, incorporated under Finnish law, with no US parent company or US legal obligations. This matters for one simple reason: a US court has no jurisdiction over UpCloud.
Here is what UpCloud brings to the table:
- EU jurisdiction only: UpCloud operates under Finnish and EU law. Data stored on their infrastructure is subject to GDPR and Finnish data protection law. There is no legal mechanism for a US agency to compel UpCloud to produce data without going through EU legal processes (MLAT treaties), which include judicial review.
- ISO 27001 certified: information security management across all operations.
- SOC 2 Type II audited: independent verification of security controls.
- Data centers in 13 locations: 5 EU zones (Helsinki, Amsterdam, Frankfurt, Madrid, Warsaw) plus London, Singapore, Sydney, and others.
- 100% SSD infrastructure: MaxIOPS storage delivers consistent low-latency performance for database workloads.
We evaluated several European providers. UpCloud stood out for the combination of API maturity (a complete REST API for programmatic infrastructure management), performance (their MaxIOPS storage tier is genuinely fast), and geographic coverage within the EU.
How FoundryDB Handles Data Residency
Choosing a European cloud provider is necessary but not sufficient. The platform itself must enforce data residency guarantees. Here is how FoundryDB handles it.
Data never leaves your chosen zone. When you create a service in eu-helsinki, your database, backups, replication traffic, and monitoring data all stay in the Helsinki data center. We do not replicate across zones unless you explicitly configure cross-zone replicas, and even then, both zones must be in the EU.
Backups stay in-region. Automated backups and point-in-time recovery archives are stored in object storage within the same geographic region as your database. A PostgreSQL service in Frankfurt has its WAL archives and base backups in EU-based storage.
No transatlantic telemetry. FoundryDB's monitoring, alerting, and metrics infrastructure runs within the EU. Your query statistics, performance metrics, and alert history do not cross the Atlantic.
TLS everywhere. All connections (client to database, database to database, agent to controller) are encrypted with TLS. Certificates are provisioned automatically via Let's Encrypt.
Compliance Alignment
FoundryDB's architecture on European infrastructure aligns with several regulatory frameworks.
GDPR (General Data Protection Regulation): Article 44 restricts transfers of personal data to countries without adequate protection. By keeping all data within the EU on a provider with no US legal obligations, FoundryDB eliminates the need for Standard Contractual Clauses or Transfer Impact Assessments related to US cloud providers.
DORA (Digital Operational Resilience Act): Effective January 2025, DORA requires financial entities to manage ICT third-party risk, including ensuring that critical infrastructure providers do not introduce concentration risk or jurisdictional concerns. Using a European provider removes one layer of that risk.
NIS2 (Network and Information Security Directive 2): NIS2 broadens cybersecurity obligations across essential and important entities. The directive emphasizes supply chain security and the need to assess the legal environment of third-party providers.
Schrems II implications: The Schrems II ruling did not just invalidate Privacy Shield. It also raised the bar for Standard Contractual Clauses by requiring organizations to assess whether the legal framework in the recipient country provides adequate protection. For US transfers, this assessment is difficult to pass. With FoundryDB, the assessment is straightforward: data stays in the EU, provider is EU-based, EU law applies.
What Happens When an Agency Requests Your Data
Consider two scenarios.
Scenario A: Your database is on AWS Frankfurt. A US federal agency serves a warrant to Amazon under the CLOUD Act. Amazon is required to comply. Your data is produced without EU judicial oversight. You may not even be notified, depending on the type of order.
Scenario B: Your database is on FoundryDB (UpCloud Helsinki). A US federal agency wants your data. They have no jurisdiction over UpCloud. They must go through the Finnish legal system via MLAT (Mutual Legal Assistance Treaty). This requires a request to Finnish authorities, who evaluate it under Finnish law, including EU fundamental rights. The process includes judicial review, and your organization may be notified.
The difference is not about whether law enforcement can ever access data. It is about whether the process includes proper legal safeguards and EU judicial oversight.
The Business Case
European data sovereignty is not just about compliance. It is increasingly a competitive differentiator.
Enterprise procurement teams in the EU now regularly include data residency and jurisdictional requirements in RFPs. We have seen organizations willing to pay a 15-30% premium for services that guarantee EU-only infrastructure, because the alternative (the legal overhead of managing US cloud provider compliance, ongoing monitoring of adequacy decisions, Transfer Impact Assessments, supplementary measures) costs more in legal fees and organizational effort.
For SaaS companies selling to European enterprises, being able to say "your data is stored on EU infrastructure with no US jurisdictional exposure" simplifies sales cycles. It removes a procurement blocker that can add weeks or months to deal closure.
Available Zones
FoundryDB currently offers services in the following EU zones:
| Zone | Location | Identifier |
|---|---|---|
| Helsinki | Finland | eu-helsinki |
| Amsterdam | Netherlands | eu-amsterdam |
| Frankfurt | Germany | eu-frankfurt |
| Madrid | Spain | eu-madrid |
| Warsaw | Poland | eu-warsaw |
All zones support all database engines (PostgreSQL, MySQL, MongoDB, Valkey, Kafka) with the same feature set. Cross-zone read replicas are available for PostgreSQL and MySQL within EU zones.
Our Commitment
European infrastructure is not a feature we bolt on. It is the foundation of FoundryDB. Every architecture decision, from backup storage locations to monitoring infrastructure to DNS resolution, is designed around the principle that your data stays in Europe under European law.
We believe that managed database services should not force you to choose between operational convenience and regulatory compliance. You should get both.
To learn more about FoundryDB's security and compliance posture, visit our Security overview. To deploy your first database on European infrastructure, follow the quick start guide.