Also I dont understand threat model.
NSA monitor and log every cable that enter and leave the US and probably half of eurole too due to secret deals with tcom providers. But If ur threat model is state terrorist or big narc type shit, then you should ateast not trust encryption that service provider handles and then metadata is likely not usable anymore (as suggested cryptomator).
btw this is not meant as a front. you can be as paranoid as you want for me, but yeah if you go this route look at better solutions then provider handled (even if zero knowledge) encrypted cloud storage.