Store Documents Online Without AWS, Azure, or Google Cloud (and Still Use AI)

When teams say they want to store documents "not on AWS, Azure, or Google Cloud," they usually mean one of three things. Some want a simpler alternative to Google Drive or SharePoint that does not feed data into a hyperscaler ecosystem. Others are technical and want S3-compatible object storage from an independent provider they can build on. And a third group is driven by compliance: they need SOC 2 reports, documented redundancy, and clear data region controls before they can proceed.

This guide covers all three paths. One important clarification first: many applications use hyperscalers for something (compute, CDN, logging). The question that matters most is where your document data is stored at rest. That is the layer this article focuses on.

Choose Your Path

Jump to the section that matches your situation:

• Path A: I want a Google Drive alternative (simple document storage + access)
• Path B: I'm technical: I want non-hyperscaler object storage (S3 alternative)
• Path C: I'm compliance-driven: I need SOC 2 + documented redundancy + data region control

Path A: Drive-Style Document Storage (Non-Technical)

What You Actually Need

You want to upload and organize documents, share them safely with your team, find things later, and avoid putting everything on a hyperscaler. You are not looking for buckets and API keys. You want a usable interface.

What to Look For

• Folder-style organization: A workspace or vault concept where you can group documents by project, client, or date without needing to understand object keys or bucket policies.
• Permissions and sharing: Controlled access so you can share specific documents or folders with team members without exposing everything.
• Audit trail: A record of who uploaded, viewed, or downloaded each document. Essential for regulated industries, but useful for any team.
• Retention and deletion behavior: Clear rules about what happens when you delete a file. Is it permanently removed? Is there a retention window? Can you enforce immutability for compliance?

Why "Object Storage" Is Not the Same as "Document Storage"

Object storage is infrastructure. It gives you buckets, keys, and an API. That is useful if you are building an application, but it is not a document management experience. Most teams looking for a Drive alternative want search, previews, and a way to work with their files, not a developer console.

The distinction matters because choosing raw object storage when you need a document layer means you will end up building (or buying) that layer anyway.

How Zedly Fits

Zedly stores documents in a Vault backed by Backblaze B2 cloud storage. From that foundation, you can use Chat and RAG to ask questions across your documents, summarize content, extract fields, and compare files, all without moving your storage to AWS, Azure, or GCP. If you have worked with private AI tools for document analysis, the Vault is the storage layer underneath. Teams evaluating document-grounded AI without Google can also review our NotebookLM private alternative comparison.

Path B: Object Storage / S3 Alternative (Technical)

What You Actually Need

You want buckets, S3-compatible APIs, predictable per-GB pricing, and migration leverage away from a single hyperscaler. You may be building a storage backend, running backups, or architecting a document pipeline.

What Object Storage Is

Object storage organizes data as discrete objects inside flat namespaces called buckets. Each object has a key (its path/name), the data itself, and metadata. Unlike file systems, there is no directory hierarchy enforced by the storage layer, though most tools simulate folders using key prefixes.

Teams choose object storage for storage backends because it scales without provisioning volumes, offers simple HTTP-based APIs, and separates storage durability from compute.

Verification Checklist for Any Storage Vendor

Before committing to a provider, confirm these details:

• S3 compatibility: Does the API support the S3 operations your tools depend on (multipart upload, presigned URLs, lifecycle rules)?
• Data region: Which physical region stores your data, and can you choose it?
• Encryption: Is data encrypted at rest (AES-256 or equivalent) and in transit (TLS)?
• Lifecycle controls: Can you set automatic expiration, transition to cold storage, or Object Lock for immutability?
• Egress pricing: What does it cost to read data back out? This is where many hyperscalers add unexpected costs.

Backblaze B2: Infrastructure Note

Backblaze B2 is an S3-compatible object storage service built on Backblaze's Vaults architecture. It supports the standard operations most teams need: multipart uploads, presigned URLs, bucket-level access controls, lifecycle rules, and Object Lock (WORM). Data is encrypted at rest using AES-256 and in transit using TLS.

B2 is often chosen as an S3 alternative because of its predictable pricing model and the absence of egress fees for data transferred through Backblaze's CDN partnership with Cloudflare.

How Zedly Fits

If you want the benefits of B2 storage without building the document layer yourself, Zedly sits above it. You store documents and immediately get document search, text extraction, and RAG/Chat workflows. Think of it as the application layer that turns object storage into a working document platform. For teams already exploring compliance-grade AI document processing, the storage layer is the foundation.

Path C: Compliance, Risk, and Data Residency

What You Actually Need

You need to answer vendor questionnaires, satisfy auditors, and demonstrate that your document storage meets specific compliance standards. You need SOC 2 reports, clear data region documentation, a strong durability story, and vendor answers you can put in writing.

SOC 2 Type 2

Backblaze has achieved SOC 2 Type 2 compliance at both the company level and the data center level. The examination covers Security and Availability trust service criteria. This is a meaningful distinction: some providers only achieve SOC 2 at the data center level while the company-level operations remain unexamined.

In addition to SOC 2, Backblaze maintains ISO 27001 certification, HIPAA compliance (with Business Associate Agreements available), GDPR and CCPA/CPRA compliance, and GovRAMP authorization.

Data Regions

B2 accounts select a data region during account creation. The four available regions are:

• US West: Sacramento and Phoenix
• US East: Reston, Virginia
• EU Central: Amsterdam, Netherlands
• CA East: Toronto, Ontario

Data stays in the selected region. This matters for teams with data residency requirements tied to GDPR, Canadian PIPEDA, or internal data governance policies.

Redundancy and Durability (Plain English)

Backblaze stores data using its Vaults architecture. Here is what that means in practice:

• Each file is split into 20 shards using Reed-Solomon erasure coding: 17 data shards and 3 parity shards.
• These 20 shards are distributed across 20 separate storage pods.
• Any 17 of the 20 shards can reconstruct the original file. That means the system tolerates up to 3 simultaneous pod failures without data loss.
• This architecture delivers approximately 11 nines (99.999999999%) of annual data durability.

For geographic context: the US West region distributes data across facilities in Sacramento and Phoenix, providing geographic separation against localized outages.

Unlike traditional RAID systems that offer one or two parity blocks, Reed-Solomon encoding allows arbitrary combinations of data and parity shards. Backblaze has open-sourced its Reed-Solomon implementation, which means the durability model is publicly auditable.

How Zedly Fits

Zedly stores your documents in B2-backed Vault storage and adds the controls and usability layer on top: a document workspace with RAG/Chat so teams can analyze documents, extract clauses and fields, and answer questions across their files. The document data stays on independent infrastructure, not on hyperscalers. For a step-by-step setup guide, see our private document vault checklist for small businesses. For teams in regulated industries, our guide to private AI for law firms covers additional security controls and audit considerations.

How Zedly Works

Here is the end-to-end flow from upload to insight:

1. Upload: Documents are uploaded and stored in your Vault, backed by Backblaze B2 object storage. Files never pass through AWS, Azure, or GCP at rest.
2. Text extraction and indexing: Zedly extracts text from PDFs, scanned documents, and office files, then indexes the content for retrieval.
3. Ask questions (Chat/RAG): Query your documents in natural language. Answers are grounded in your actual files, with citations pointing back to the source page and paragraph.
4. Export summaries and tables: Extract structured data, generate summaries, or build comparison tables across multiple documents.
5. Clear your working session: When you are done working, clear your active Desk while keeping Vault storage intact. Documents remain available for future sessions without re-uploading.
6. Retention controls: Choose how long documents persist. Delete on demand or set retention policies that match your compliance requirements.

Vendor Verification Checklist: 10 Questions to Ask Any Document Platform

Before choosing a document storage or analysis platform, get clear answers to these questions. They apply whether you are evaluating Zedly or any other provider.

1. Is document data stored at rest on AWS, Azure, or GCP? Ask specifically about data at rest, not compute or CDN. Many vendors use hyperscalers for processing but independent storage for files.
2. Which region(s) store my data? Get the physical location, not just "US" or "EU." Know the city-level data center locations.
3. What compliance reports are available? SOC 2 Type 2 is the baseline. Ask whether the report covers the company or only the data center, and request the most recent report date.
4. How is redundancy implemented? Erasure coding (like 17+3) is stronger than simple replication. Ask how many simultaneous failures the system tolerates.
5. Is data encrypted at rest and in transit? At rest should be AES-256 or equivalent. In transit should be TLS 1.2 or higher.
6. What are the retention and deletion semantics? When you delete a file, is it permanently removed? How quickly? Is there an Object Lock or immutability option?
7. Are audit logs available? Can you see who accessed what, when, and from where? Can you export logs for your own SIEM?
8. What key management options exist? Does the vendor manage encryption keys, or can you bring your own (BYOK)?
9. What are the export and migration options? Can you bulk-export your data in standard formats? Is there an S3-compatible API for programmatic access?
10. Where is the subprocessor list? Every vendor has downstream dependencies. Ask for the full list and check whether any subprocessors use hyperscalers for data at rest.

Frequently Asked Questions

What does 'not on AWS, Azure, or GCP' actually mean?

It means that document data at rest is stored on infrastructure operated by a provider other than Amazon Web Services, Microsoft Azure, or Google Cloud Platform. Many applications still use hyperscalers for compute, CDN, or logging, so the meaningful question is where your files physically reside when they are not being processed. A platform can use independent object storage (such as Backblaze B2) for document data while relying on other providers for non-storage functions.

Is Backblaze cloud storage SOC 2 Type 2?

Yes. Backblaze has achieved SOC 2 Type 2 compliance at both the company and data center levels. The examination covers Security and Availability trust service criteria. Backblaze also holds additional certifications including ISO 27001, HIPAA (with Business Associate Agreements available), GDPR, CCPA/CPRA, and GovRAMP authorization.

How does erasure coding redundancy work (17+3)?

Backblaze Vaults split each file into 20 shards: 17 data shards and 3 parity shards. These shards are distributed across 20 separate storage pods using Reed-Solomon erasure coding. Any 17 of the 20 shards can reconstruct the original file, which means the system tolerates up to 3 simultaneous pod failures without data loss. This approach delivers approximately 11 nines (99.999999999%) of annual data durability.

Which Backblaze B2 data regions exist?

Backblaze B2 Cloud Storage currently offers four data regions: US West (Sacramento and Phoenix), US East (Reston, Virginia), EU Central (Amsterdam, Netherlands), and CA East (Toronto, Ontario). You select your region during account creation. Storage pricing is the same across all regions.

When should I use raw object storage vs. a document platform?

Use raw object storage (S3-compatible buckets) when you are building your own application layer and need direct API access for custom workflows, backup pipelines, or media delivery. Use a document platform when you want the storage layer handled for you and need additional capabilities such as document search, text extraction, AI-powered Q&A, or structured data export without writing integration code.