English

Dutch

navlogo_blue

English

Dutch

European · ISO-certified · CLOUD-Act-free

Google runs your cloud. We run the copy Google can't reach.

Mindtime keeps immutable, sovereign copies of your Google Cloud workloads in European, ISO 27001-certified facilities — fully independent of Google Cloud's control plane, pricing model and jurisdiction. Your recovery is not a Google product.

Book a consultation call See how we differ from Google Backup & DR
EU-owned, EU-operated ISO 27001, 27017, 27018 Not subject to the US CLOUD Act
Mindtime dashboard preview
For GCP-native teams that need a second, independent line of defence
GDPR-native ISO 27001 ISO 27017 ISO 27018 EU data residency
The Google Cloud blind spot

Backup & DR Service is excellent — and it still lives inside Google.

Backup Vaults, snapshots and cross-region replication are all operated by Google, billed by Google, and governed by the same US legal framework that governs Google itself.

01

One identity plane, one blast radius

Your backup vault, your production project and your admins share the same IAM perimeter. A single compromised service account or Org Admin is enough to reach both.

02

Google is a US company

Storing data in europe-west3 doesn't move Google out of US jurisdiction. The CLOUD Act still applies, regardless of where the bytes physically live.

03

New SKUs, evolving billing

Backup & DR pricing has changed materially since late 2024. Protected-instance, vault-storage and cross-region SKUs stack up quickly — and the bill that matters is the restore bill.

Mindtime vs Google Cloud Backup & DR

Independent, European, and designed to survive Google itself.

Google Backup & DR is a strong first copy. Mindtime is the second — held outside Google, outside US jurisdiction, under a separate control plane.

Capability Google Cloud Backup & DR Mindtime Sovereign Backup
Legal jurisdiction US (CLOUD Act applies) EU only — contract, operator and storage
Storage location GCP-managed Backup Vaults EU-owned data centres, outside GCP
Identity plane Google Cloud IAM Independent identity, decoupled from GCP
Immutability Vault retention & backup locks WORM-enforced, air-gapped by default
Encryption keys Google-managed or CMEK in Cloud KMS Customer-held or EU-HSM keys
Restore cost model Protected-instance + storage + inter-region SKUs Flat, pre-agreed restore envelopes
Compliance posture ISO, SOC, FedRAMP (Google) ISO 27001 / 27017 / 27018 + GDPR-native
Works with Google Backup Yes — we complement it, we don't replace it
Workload coverage

Every Google Cloud service your auditors care about.

Compute, data, containers and the VMware estate on top of GCVE — covered.

GCE

Compute & storage

Compute Engine instances and persistent disks, Filestore, Cloud Storage buckets (all classes), and Google Cloud VMware Engine.

DB

Managed databases

Cloud SQL (PostgreSQL, MySQL, SQL Server), AlloyDB, Spanner, Firestore, Bigtable and BigQuery — with point-in-time recovery.

K8s

Kubernetes & apps

GKE persistent volumes, stateful workloads, Anthos clusters and SAP on GCP — including application-consistent snapshots.

How it works

Three steps to a sovereign recovery plane.

No generic tenant, no self-service rabbit hole. Every deployment is scoped to your RPO, RTO and regulator.

1

Consultation & scoping

A 45-minute call covering your GCP Organization, critical workloads, RTO/RPO targets and the regulators you answer to (DORA, NIS2, BaFin, AFM, etc.).

2

Architecture & deployment

We design the sovereign vault, define immutable retention, and deploy using least-privilege service accounts and Workload Identity Federation.

3

Verified recoveries

Quarterly restore drills, signed reports for your auditors, and a named European engineer on your account — not a ticket queue.

Compliance & sovereignty

Built for European regulators. Answerable to European law.

Every layer of the service — contract, operator, data centre, encryption key — is inside the EU and outside US jurisdiction.

ISO/IEC 27001

Information security management system, audited annually.

ISO/IEC 27017

Cloud-specific security controls for multi-tenant environments.

ISO/IEC 27018

Protection of personally identifiable information in public cloud.

GDPR & EU Data Act

Lawful basis, DPA, transfer-impact assessments — handled.

DORA-ready

Operational-resilience evidence for financial entities under DORA.

NIS2-ready

Incident response and supply-chain obligations for essential entities.

EU-only operations

EU legal entity, EU staff, EU sub-processors. No US parent.

Customer-held keys

BYOK or EU-HSM. Your data is cryptographically yours.

FAQ

The questions your CISO will ask first.

No. Mindtime complements it. Keep Backup & DR for fast, in-GCP rollbacks; Mindtime is the sovereign, immutable copy held outside Google's control plane and jurisdiction.
No. A second region is still Google — same company, same US jurisdiction, same IAM plane. Regional redundancy protects against datacentre failure, not against identity compromise, account takedown or legal compulsion.
Partner-operated sovereign clouds reduce operational exposure and are genuinely valuable, but they do not eliminate US-parent obligations everywhere. For a truly independent copy of record you need an operator that is European end-to-end.
We architect to your RTO. For tier-1 workloads we commit to recovery windows measured in minutes to hours, with quarterly tested drills producing signed evidence for auditors.
Every engagement is custom — no protected-instance or cross-region surprises. After the consultation call we deliver a fixed-fee proposal covering storage, operations and committed restore envelopes.

Talk to a European backup architect.

A 45-minute consultation call. We'll map your GCP estate, your obligations and your realistic recovery posture — and tell you honestly whether sovereign backup is right for you.

Book a consultation call
Scroll to Top