Skip to main content

No US Cloud Act exposure

No US Cloud Act exposure FastAPI Hosting

The US Cloud Act lets US authorities demand data from US companies, anywhere in the world. For a FastAPI service handling EU personal data this is a real legal conflict. Hostim is operated by a German company with no US parent. There is no Cloud Act exposure for application data on Hostim.

Try FastAPI on HostimAll FastAPI docs
# docker-compose.yml
services:
  api:
    image: my-fastapi-app
    command: uvicorn main:app --host 0.0.0.0 --port 8000
  db:
    image: postgres:16
  • 🇪🇺 Hosted in Germany, GDPR by default
  • 🐳 Run Docker apps (Compose supported)
  • 🗄️ Built-in MySQL, Postgres, Redis & volumes
  • 🔐 HTTPS, metrics, and isolation per project
  • 💳 Per-project cost tracking · from €2.5/month

What No US Cloud Act exposure means for FastAPI

A FastAPI app on AWS, GCP or Azure is on US-headquartered infrastructure. Even with EU regions, the Cloud Act gives US authorities a path. Hostim is structurally different: HOSTIM.DEV UG is German, no US parent, no US subsidiary, no US infrastructure. The platform runs on Hetzner bare metal in Germany. Engineering and support are EU-based. Your FastAPI container, your model weights on a persistent volume, your PostgreSQL — all sit on EU disks under EU jurisdiction.

What this means in practice

Definition. The US Cloud Act allows US authorities to demand data held by US companies, regardless of where the data is physically stored. This conflicts with GDPR Article 48 in many cases. EU customers in regulated sectors increasingly require an explicit "no Cloud Act" statement.

Why an EU host matters. A platform owned and operated by an EU company is not subject to the Cloud Act. The data, the operator, and the legal jurisdiction are all inside the EU. There is no US parent that could be served a warrant.

What Hostim provides. Hostim is a German company with no US parent, no US subsidiary, and no US infrastructure. Every server, every database, every log line is in Germany.

What Hostim does not claim. We do not provide a sovereign cloud certification (such as the French SecNumCloud). For most commercial use cases, EU operator + EU residency covers what buyers actually ask for.

How Hostim runs FastAPI

FastAPI hosting means running a Uvicorn or Gunicorn-Uvicorn worker process and exposing it over HTTPS. The framework is async by default, so the host has to support long-lived connections — websockets, server-sent events, streaming responses.

Deploy model

Hostim runs your FastAPI Docker image as a normal container. Long-lived connections work. Managed PostgreSQL is attached at runtime. If you serve an ML model, mount a persistent volume for the weights so they do not redownload on every deploy.

Common pitfalls

Cold starts from serverless platforms are not a fit for ML inference workloads. Hostim runs a permanent container, so model weights stay in memory across requests.

Typical env vars

DATABASE_URL, OPENAI_API_KEY, MODEL_PATH, LOG_LEVEL

FAQ

How is "no Cloud Act" different from "EU region"?

EU region means the disks are in the EU. No Cloud Act means the operator is an EU company with no US parent — so US authorities have no legal path to the data even if they tried.

Is anyone certifying this?

There is no formal "no Cloud Act" certification. The structural facts — German UG, German servers, no US entity — are publicly verifiable in the German commercial register and the Impressum.

Can a German court compel access?

Yes — under German law, like any German company. That is the trade-off of EU sovereignty: EU legal access, not foreign legal access.

Does this affect FastAPI streaming responses?

No. Hostim runs the container as a long-lived process; SSE and websockets work the same as on any host.

Related pages

Ready to deploy FastAPI?

Spin up an app in minutes. Managed database on the free tier, custom domain included.

Deploy your FastAPI appSee pricing