[throwawayblwBz]

That's a great point. Our customers are from all over the world - the US is the largest single country, but there are lots in the EU, India, Japan, Australasia, Latin America, Africa...

We'd love to start a new political party, but doing that at the same time as a startup would be, um, hard.

[laurentl]

Definitely look at your customer base, and maybe talk to them in terms of privacy expectations and which jurisdiction they're comfortable with. From what I understand of your post the issue is not only encryption legislation itself but more generally if/how the government can access your data (and your customers').

If you're banking for EU customers, then anywhere in the EU should be fine once the GDPR comes into effect (2018 IIRC). If you want to accommodate a broader base and/or have customers with stringent privacy requirements, Switzerland is a good option.