English

Dutch

navlogo_blue

English

Dutch

European · ISO-certified · CLOUD-Act-free

Back up your AWS workloads outside the reach of US jurisdiction.

Mindtime keeps immutable copies of your AWS data in European, ISO 27001-certified facilities — fully independent of AWS, Azure and Google. When something goes wrong in your AWS account, your recovery doesn't live inside the same blast radius.

Book a consultation call See how we differ from AWS Backup
EU-owned, EU-operated ISO 27001, 27017, 27018 Not subject to the US CLOUD Act
Mindtime dashboard preview
Built for teams that cannot afford to lose data — or control of it
GDPR-native ISO 27001 ISO 27017 ISO 27018 EU data residency
The AWS Backup blind spot

AWS Backup is convenient. It isn't a second line of defence.

AWS Backup runs inside the same account, under the same credentials, governed by the same jurisdiction as the workloads it's trying to protect. That's fine for operational mistakes — and dangerous for almost everything else.

01

Single blast radius

A compromised IAM role, a rogue admin or a misconfigured policy can delete production data and its AWS Backup vaults in the same breath. Recovery and primary share a perimeter.

02

Subject to the CLOUD Act

Even when your S3 and EBS data sits in eu-west-1 or eu-central-1, AWS remains a US company. Under the CLOUD Act, US authorities can compel access — regardless of where the bits physically live.

03

Egress and restore costs surprise you

Warm, cold, cross-region, cross-account — AWS Backup pricing is honest but complex. Worst of all, the bill for a full restore arrives on the worst day of the year, not the best.

Mindtime vs AWS Backup

An independent, European backup plane for your AWS estate.

AWS Backup is an excellent first copy. Mindtime is the second — stored outside AWS, outside the US, under a different control plane and a different legal regime.

Capability AWS Backup (native) Mindtime Sovereign Backup
Legal jurisdiction US (CLOUD Act applies) EU only — contract, operator and storage
Storage location Your AWS account / region EU-owned data centres, separate from your AWS tenant
Blast-radius isolation Shared IAM & account boundary Fully air-gapped credentials and control plane
Immutability Vault Lock (configurable) Immutable by default, WORM-enforced
Encryption keys AWS KMS (AWS-controlled) Customer-held or EU-HSM keys — you decide
Restore cost predictability Per-GB, per-region, per-tier Flat, pre-agreed restore envelopes
Compliance posture SOC, ISO, PCI (AWS) ISO 27001 / 27017 / 27018 + GDPR-native
Works with AWS Backup Yes — we complement it, we don't replace it
Workload coverage

Every AWS service your auditors ask about.

We protect the services that carry real production data — not just the easy ones.

EC2

Compute & storage

Amazon EC2, EBS snapshots, EFS, FSx, S3 buckets (including Glacier tiers) and AWS Storage Gateway.

DB

Databases

Amazon RDS (all engines), Aurora, DynamoDB, Redshift, DocumentDB and Timestream — with point-in-time recovery.

SaaS

Adjacent workloads

SAP on AWS, VMware Cloud on AWS, containerised workloads on EKS, and on-prem systems feeding through Storage Gateway.

How it works

Three steps to a sovereign recovery plane.

We don't hand you a self-service tenant and wish you luck. Every deployment is scoped to your RPO, RTO and regulator.

1

Consultation & scoping

A 45-minute call covering your AWS topology, workloads, RTO/RPO targets and the regulators you answer to (DORA, NIS2, BaFin, AFM, etc.).

2

Architecture & deployment

We design the sovereign vault, set up immutable policies, and deploy within your AWS organisation using least-privilege cross-account roles.

3

Verified recoveries

Quarterly restore drills, signed reports for your auditors, and a named European engineer on your account — not a ticket queue.

Compliance & sovereignty

Built for European regulators. Answerable to European law.

Every layer of the service — contract, operator, data centre, encryption key — is inside the EU and outside US jurisdiction.

ISO/IEC 27001

Information security management system, audited annually.

ISO/IEC 27017

Cloud-specific security controls for multi-tenant environments.

ISO/IEC 27018

Protection of personally identifiable information in public cloud.

GDPR & EU Data Act

Lawful basis, DPA, transfer-impact assessments — handled.

DORA-ready

Operational-resilience evidence for financial entities under DORA.

NIS2-ready

Incident response and supply-chain obligations for essential entities.

EU-only operations

EU legal entity, EU staff, EU sub-processors. No US parent.

Customer-held keys

BYOK or EU-HSM. Your data is cryptographically yours.

FAQ

The questions your CISO will ask first.

No. Mindtime sits alongside AWS Backup. Keep AWS Backup for fast operational rollbacks; Mindtime is the immutable, sovereign copy you reach for when the first one is compromised or unavailable.
In ISO-certified data centres inside the European Union, operated by EU legal entities. You choose the country; data never leaves the EU without your written instruction.
A second AWS region is still AWS — same company, same US jurisdiction, same identity plane. Mindtime is a genuinely separate control plane, operator and jurisdiction. That's what "second line of defence" actually means.
We architect to your RTO. For tier-1 workloads we commit to recovery windows measured in minutes, not hours, with quarterly drills that produce signed evidence for auditors.
Every engagement is custom — there are no surprise egress bills. After the consultation call we deliver a fixed-fee proposal covering storage, operations and committed restore envelopes.

Talk to a European backup architect.

A 45-minute consultation call. We'll map your AWS estate, your obligations and your realistic recovery posture — and tell you honestly whether sovereign backup is right for you.

Book a consultation call
Scroll to Top