Capital Digital ran an in-depth piece today on the commercial launch of PodHeitor — and the angle journalist Luiz Queiroz chose puts the product exactly where we wanted the conversation to land: at the intersection of technology and national sovereignty.
The story — “National sovereign backup challenges foreign dominance over corporate data” — moves the data-protection debate from where it usually sits (price per TB, tape slots, RPO/RTO) to a piece of ground few vendors in Brazil dare step on: who controls the code that protects the strategic data of Brazilian companies and government?
The Cloud Act and the “national cloud” illusion
Queiroz nails it by pulling the U.S. Cloud Act into the center of the story. It’s a point many CISOs prefer to ignore: physically locating data on Brazilian soil is not enough if the company that controls the protection software is subject to foreign jurisdiction. Backup, by definition, is the most sensitive copy of your data — concentrated, indexed, restore-ready. It’s exactly the asset a transnational discovery request will target first.
PodHeitor was built on that premise: no foreign proprietary components in the data path. The base is Bacula — auditable open-source — and the 21 plugins we wrote round out the coverage without reintroducing black boxes.
Perpetual licensing vs. volume-based recurrence
Another sharp reading from Capital Digital: the head-to-head between PodHeitor’s perpetual model and the per-TB or per-hypervisor recurrence charged by the foreign incumbents. The piece frames it in a quote worth keeping:
The system enables “full code auditability” and greater autonomy in tool management, shifting debates from cost to dimensions of governance and technological dependence.
Capital Digital, May 4, 2026
In real-world portfolios we’ve migrated, the three-year delta runs 70–80% in favor of the perpetual model — before you even count the psychological relief of not having an annual FX-renegotiation clock ticking on your CFO’s calendar.
A technical detail the article captures
I particularly liked the paragraph where Queiroz lists the stack: PostgreSQL, MySQL, Oracle, MongoDB, Informix, ADABAS, VMware, Hyper-V, Proxmox, Nutanix, Instant Recovery, global deduplication, active ransomware detection, and the Veeam/Commvault repository conversion module. That last one is the lever: you can walk away from the foreign vendor without losing history — and that is the kind of feature a product under U.S. jurisdiction will rarely prioritize.
Brazil’s Procurement Law 14,133 and the public-sector window
The article closes on a point that deserves emphasis: Brazil’s Law 14.133/2021 opens legitimate paths for direct contracting of sovereign solutions in public-sector bodies. With the federal Executive currently revising its IT and data-localization policies, it’s reasonable to expect Brazilian products that match the incumbents on technical capability to finally get the attention they deserve.
Acknowledgment
Thanks to Luiz Queiroz and the Capital Digital team for the editorial care and the time they invested in understanding the technical thesis before writing. This caliber of reporting — analytical, no dressed-up press release — is what separates serious IT journalism from the noise.
Read the full article at Capital Digital (in Portuguese).
Disponível em: 
Português (Portuguese (Brazil))
English
Español (Spanish)
