Skip to content
Postpilot
← Back to journal

Why we host in Germany — and why it matters for SMBs

Published May 22, 20262 min read

Most social-media tools are hosted on AWS us-east-1. The marketing pages say "GDPR-compliant" because the vendor signed a Data Processing Addendum, but the bits — your customers' email addresses, the DMs they sent you, the photos you uploaded — physically sit on a hard drive in Virginia.

For a German bakery serving German customers, that's a problem hiding in plain sight.

What "hosted in Germany" actually means

Postpilot runs on Hetzner servers in Falkenstein, Sachsen. Specifically:

  • Application server (FastAPI): Hetzner CX33, 8 GB RAM, Falkenstein-DC15.
  • Database (PostgreSQL 16): Same machine for MVP; will move to a dedicated DB instance in the same region in Phase 2.
  • Object storage (MinIO): Same machine, encrypted at rest with AES-256.
  • Image CDN: None — images are served from MinIO behind the same Traefik reverse proxy. No CloudFront, no Cloudflare R2, no Fastly.

There is no replica, mirror, or backup outside Germany. Not in the US, not in Ireland, not "globally distributed." When you delete a post, the bytes disappear from a hard drive in Falkenstein.

Why this matters more than a DPA

Three things change when your data physically stays in Germany:

  1. No CLOUD Act exposure. US authorities cannot compel a US-headquartered company to hand over your customers' data, because the company holding your data — Hetzner — is German. The DPA you signed with a US vendor doesn't override US subpoena law.
  2. DSGVO/GDPR is the actual jurisdiction, not "guidance." If something goes wrong, the relevant data-protection authority is the Sächsischer Datenschutzbeauftragter — not the FTC. The remedies you have are German remedies.
  3. Your audit log is in German. Sounds trivial. It isn't, when you're explaining a data-handling incident to a customer who only speaks German and runs a 4-person business.

What it costs us

Hetzner is roughly 60% cheaper per CPU-hour than AWS us-east-1 for comparable specs. Latency to Munich is around 18 ms; to Vienna around 14 ms; to Zürich around 11 ms. That's the latency budget you save by not bouncing through Ashburn.

We pass none of that saving back to you directly — pricing is set by what the value is worth, not what the hosting costs. But it's why Postpilot Free can stay free.

The honest caveats

  • OpenAI calls leave Germany. We use OpenAI for AI caption drafting under a zero-retention agreement, but the request body briefly transits via Microsoft Azure EU regions. We are working on a path to fully on-prem inference using llama.cpp; that's a Phase 3 item.
  • Email goes through SMTP relays that are not in Germany. We are looking at Mailjet (France) for transactional mail; right now it's a US-hosted relay. Flagged.
  • DNS resolution uses Cloudflare. Cloudflare does not see your authenticated traffic — only DNS lookups for app.benotable.de. But it's a US vendor in the dependency tree.

We will not pretend our setup is perfect. We will tell you exactly which atoms of your data sit on which continent. That's the contract.

If you want to talk through what this means for your business: hello@benotable.de.