Yes, that is accurate as far as I understand. Unfortunately as a US company, we can probably be required to provide decrypt-able data uploaded via satellite managed encryption to the authorities. From a technical perspective, it would be extremely annoying and inconvenient if we ever had to do this, because we don’t currently have any tooling to support this (to my knowledge), but I don’t think “we don’t have the tooling to support this” is a legally valid excuse to not hand over the requested data 
If you care enough about data sovereignty/privacy and want to ensure that it is not possible for Storj to share your privately uploaded data without your consent, you should be using user managed encryption. Just be aware that user managed encryption is only as secure as your encryption passphrase, and that there are quality of life/user experience things that are only available with satellite managed encryption.
This is also true. With our whitelabeled satellite solutions, we can support a wide variety of configuration options, including any of [user managed encryption only, satellite managed encryption only, satellite and user managed encryption]. If the whitelabeled satellite (or a satellite in general) has only satellite managed encryption enabled, then that data is all theoretically decryptable by Storj, who controls the master key. Ultimately this is a decision that comes down to our discussions and agreements with specific whitelabel customers.
To finish up my comment, I wanted to clarify that this is not an issue with Storj specifically, but rather an issue with US-based cloud companies generally. The same absence of true data sovereignty exists with Storj’s competitors, with the main difference being that Storj does offer the option for the user to fully manage their own encryption keys, and that with user managed encryption, Storj truly cannot decrypt your data.
I also wanted to make sure to point out that satellite managed encryption did have a lot of thought put into it from a security perspective. While it is true that the one who holds the keys can unlock the door, that doesn’t mean that the door is inherently insecure. Please see my comment here on Github for some arguments about why satellite managed encryption can actually be more secure for a lot of users.