Hetzner

Hetzner Online GmbH is the reference EU hyperscaler alternative on this directory and the most-cited "EU-incorporated EU-controlled" hosting provider in the broader sovereignty conversation. Founded in 1997 by Martin Hetzner and still family-controlled, the company operates from Industriestr. 25, 91710 Gunzenhausen, Germany, with a Data Protection Officer reachable at [email protected]. The product surface covers dedicated servers (EX/AX/RX/SX/GPU lines), cloud servers, web hosting, managed servers, object storage, storage boxes, Storage Share (Nextcloud), DNS, SSL, load balancers, and domain registration — pricing from approximately €4/month for small cloud VMs, with cloud-cost benchmarks claimed at 10–12× cheaper than AWS / Azure / GCP for comparable configurations. For procurement-grade EU buyers the compliance posture is the strongest in this directory. Hetzner is ISO 27001 certified (annual TÜV Rheinland audits) and holds BSI C5 Type 2 — the German government's cloud-security catalogue — alongside the "Bayerns Best 50" and ECO Awards. The privacy policy (last updated 16 Apr 2025) commits that customer data for non-cloud products is processed and stored "exclusively within the EU," that EU-region cloud customers' data stays in Europe, and — most importantly for CLOUD Act analysis — that Hetzner only accepts authority requests for the Falkenstein and Nuremberg facilities from German authorities and courts, and for the Helsinki facility from Finnish authorities and courts. US and Singapore data centres exist (Oregon, Virginia, Singapore) and require international legal cooperation before EU-stored customer data can be accessed; customers fully control which region their workload runs in. The only US-resident sub-processors that appear on Hetzner's privacy policy — Kapa.ai (US, AI chatbot on the corporate website), Google Analytics (US, marketing-site analytics) — touch the hetzner.com marketing surface, not customer workloads. Other named sub-processors are EU (Brevo DE, Computop Paygate DE, Rexx Systems DE, iDenfy LT, Intrum DE). The DPA / AVV can be concluded directly inside the customer account with a checkbox, no handwritten signature required, and Hetzner explicitly states that customer master data (payment details, etc.) is not shared with overseas subsidiaries. Best fit: every EU procurement-grade buyer in this directory who controls their own hosting choice; Hetzner is also the named hosting provider for Plausible, Pirsch, GoatCounter, and the recommended self-host target for Matomo, Plausible, Tripetto SDK, and others.