Ok, I understand. In my particular use case that shouldn't be an issue. My Cryptomator folder is local and I use it only locally. Then there's a sync process to copy stuff to pCloud automatically, but that copy is never touched directly by my.
But in any case as you said, backups.
I used borg for my backups, but why do you say Cryptomator vaults are fragile?
Also: encrypt everything you upload to the cloud with Cryptomator or something like that. I amazes me I used to put stuff directly in my pCloud folder.
If you use uBlock Origin, add the following rule:
* privacy-center.org * block
This kills 99 % of the "accept or pay" modals, an you can still access the page normally.
I was doing this with documents only when I was using Veracrypt, which forces you to have a fixed volume size and I had to pick and choose what to put inside. When I discovered Cryptomator, which uses a directory and can grow as much as needed, I decided that there was no need to think about what I should encrypt and what not: let's just put everything inside that folder and be done with it.
Use whatever cloud provider + encryption on your side. That way you don't have to trust them.
I use pCloud (based in Switzerland) and what I sync is a Cryptomator vault. You have other options, such as VeraCrypt, etc.
I sync it using my pCloud folder. In case I'm away and I need access to them, I also have a cron job that copies the most recent version to a webserver I have, under a directory I only know of, protected by a password. My .kbdx files also need a credentials file that can be generated programatically. Secure enough for me.