In the UK we have laws about transfer of personal data outside EEA. Then there's the NSA to keep in mind, too. Am I right in understanding that because DigitalOcean are a US based company, US law applies to all activities of non-US customers using resources in a non-US datacenter?