Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Shopware

VERIFIED
E-commerce · Germany
Founded 2000 · shopware.com ↗

German mid-market commerce platform (Schöppingen, est. 2000); Cloud entry €600/mo. PayPal owns ~41% as of Oct 2025.

Why this score?

shopware AG (Schöppingen DE, HRB 11471 Coesfeld) is German-incorporated and EU-hosted with ISO 27001 + SOC 2 Type II + PCI DSS, but PayPal (Nasdaq: PYPL) acquired Carlyle's stake in October 2025 and now holds ~41% — flipping the ownership signal to eu_hq_us_funded and creating material CLOUD Act exposure via the US-public-company parent stake; founders Hamann still majority-own.

SCORE
3.0/5
CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
JUMP TO
OVERVIEW

About Shopware

**Shopware** (Schöppingen, DE, founded 2000) is the most visible German Shopify alternative but is structurally **NOT** in Shopify's SMB price range — Cloud **Rise plan starts at €600/month excl. VAT**, with pricing scaling on GMV. The free open-source **Community Edition** is self-hosted and is the realistic indie / SMB path, not the SaaS Cloud. Ownership changed materially in **October 2025**: PayPal took over Carlyle's stake from the 2022 $100M Carlyle + PayPal round, bringing **PayPal's stake to ~41%**. PayPal is a US-public company on Nasdaq, which is a substantive CLOUD Act-relevant ownership flip from the 2024 "eu_owned" perception. Certifications: **ISO 27001 + SOC 2 Type II + PCI DSS + GDPR**. EU data centres claimed; specific provider not transparently named on public site. Best fit for mid-market DACH merchants who need a full-control B2B+B2C platform with on-prem option — **not** for solo merchants comparing Shopify Basic ($39/mo) prices.
SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
SOC 2
ACTIVE
Informational · US framework
FEATURES

Capability matrix

INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option Yes
PRICING

Pricing & tiers

PAID
from €600/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement — this caps the compliance score (see How we score).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
  • Terms of Service
    www.shopware.com/en…
    Open ↗
ALTERNATIVES

Alternatives in this category

MyCashflow
Finland

Finnish all-in-one e-commerce SaaS with own Helsinki hosting and 0% commission across plans.
PrestaShop
France

French open-source e-commerce with hosted SaaS option; parent group Fortidia is an Oaktree Capital portfolio company.
Saleor Commerce
Poland

Polish headless GraphQL commerce platform; open-source BSD-3; cloud hosted on AWS EU (Ireland) with SOC 2 Type 2.
See all e-commerce alternatives →