While the EU currently offers more privacy than the US, the best solution would be to use services which no one could have any meaningful control over, as much as possible, except the user.

Self-hosting (including object storage, backups, CDNs) is hard, but doable for some companies. For others it's life-and-death due to costs.

Analytics should be kept at a minimum and should always be self-hosted.

Email should die and be replaced with some E2EE solution. Matrix is far from perfect but if I were to make a website now, I would offer the choice of a Matrix address for account creation and comms. It's still federated and, while not offering 100% privacy, is much better than email, which offers none.

Using a service for transactional email is something that shouldn't be required in an ideal world. That it is only shows how email is captured by a few big players who simply won't deliver your message even if you follow the best practices when setting up your server.

Payment services shouldn't be required in an ideal world, either. They're needed because of a bunch of regulations and unnecessary complexities that could've been avoided and aren't needed from a technical POV.

AI use is troublesome when a company is not using their self-hosted models. As a customer, I wouldn't want my data being shared to a US company or an EU one, although if I had to choose, I'd say EU would be the lesser evil.