@obucate :
This is really true of any cloud provider. If your data can be decrypted on the server side, then US law enforcement can force the server owner to hand over your data without telling you. it isn't enough just to trust the server owner. There must be no physical way for them to access the data.
It also isn't enough to use non-US cloud providers. The US has agreements with many other countries.
If the app isn't open source, end to end encrypted and audited, assume that the US government can get it whenever they want.