When it comes to privacy and security, I think you should treat all cloud providers equally. Use a client with client-side encryption so that the only thing that touches the provider is encrypted data.
Rclone is an example of a good client that can do this, and can even mount your cloud storage as a filesystem with its encryption layer in between.
https://grapheneos.org/faq#device-lifetime
You can buy a used Pixel 8 and it will be supported by Graphene through 2030 at the very earliest, probably the best support lifecycle you can possibly get on a phone.