Absolutely true. That is why I started the thread about 3rd party certification.
For EU users and Germany in particular, and even more for public administration, GDPR compliance is indeed a thing. (However we do see a lot of usage of Whatsapp, AWS and Microsoft tools 
).
Let’s say it would be easier (especially for a new start-up) if there was some sort of certification already that confirms all compliance and security stuff for Tardigrade.