I use myopenhab.org.
I use Heroku to host Nightscout but my usage is low enough that I don’t have to pay.
Someday I may get a DigitalOcean server but haven’t had the need to so far. I’m reasonably confident in my ability to monitor my OpenVPN instance for compromise and protect it from attack (I have a degree in this stuff). And I have defense in depth on my LAN with lots of sensors so I’m OK, for now, exposing that port to the internet. I know and understand the risks and have accepted them with my eyes wide open.
Algo’s website lists 8 different cloud service providers. You are by no means required to use Google. DigitalOcean is the recommended server and from what I’ve seen it is indeed easy to understand and use both from a billing and usage perspective.
All your ISP will see is that you have encrypted traffic going from your LAN to the VPC. It cannot see anything else. That’s kind of the whole point of setting up a VPN like this. And it’s very attractive from my perspective because my ISP injects crap into my network which breaks things (e.g. I can’t watch my Roku when I’ve reached 50% of my data cap until I open a browser and acknowledge their asinine pop up).
Similarly, any networks that your remote clients traverse will only see encrypted traffic between them and your VPC. So any communication between your remote clients and your LAN is end-to-end encrypted.
However, any network traffic outside your VPN using your VPN service (e.g. browsing the web) will appear to originate from the VPC so your VPC host will be able to see what sites you are visiting and, if it’s not HTTPS, inspect it’s contents should they choose. They don’t have a reason to unless you are doing something illegal and law enforcement is involved, but it’s still a possibility. Typically these services make money by charging for their services, not by collecting unreasonable amounts of data on you and selling that. So they don’t have as much incentive to snoop.
That won’t solve your problem. nordVPN et. al’s sole purpose is to hide your network traffic from your ISP and to allow you to access web services that may be country locked (e.g. I know people who use it to watch BBC streaming because they can appear to be coming in from the UK instead of the US). They do not let your remote machines see your LAN machines. They go to great lengths to make sure that none of the machines connected can see each other.
Trust is always the big question, and trust is transitive (if you trust a service, you also end up trusting all the services that service relies upon). You have to decide which you trust less, your ISP, or a VPN service. As with the snooping by the VPS providers, they have an incentive to not snoop as they will lose that trust and lose all their customers.
I don’t think it has been merged yet.