For German companies

E-Mail-Marketing selbst hosten: The DSGVO Stack for German Companies

A practical guide to self-hosting newsletter and email-automation software in a way that holds up to a German DPO conversation. We cover each layer of the stack — hoster, application, database, SMTP, backups, analytics, error tracking — and what remains your obligation regardless of tooling. Sober, specific, no marketing fluff.

We are not lawyers and this page is not legal advice. Specific guidance for your business should come from a qualified Datenschutzbeauftragter (DPO) or counsel.

Who this page is for

German companies, founders, CTOs, and technical marketers who have decided that EU-only or self-hosted infrastructure is the right answer — and now need a clear picture of what the stack actually looks like. The aim is a configuration that lets you say to a DPO: “Newsletter-recipient data does not leave the EU; here is the AVV with each processor; here is the record of processing.”

See Broadcast — $250 one-time See how Broadcast works

TL;DR

• Self-hosting changes which processors handle personal data, not whether the DSGVO applies. The picture changes only as much as your full stack changes.
• A clean DSGVO-friendly stack typically means: a German hoster (Hetzner, IONOS, Strato), Broadcast as the application, Postgres on the same server, an EU-based SMTP provider, EU-based backups, a privacy-friendly analytics tool, and an EU or self-hosted error-tracking option.
• You still need an AVV with the hoster and the SMTP provider, an Impressum, a Datenschutzerklärung, double opt-in, documented deletion processes, and a record of processing activities (Verzeichnis von Verarbeitungstätigkeiten). None of that goes away.
• Done well, a self-hosted DSGVO stack is operationally simpler to explain to a DPO than a US SaaS with TIA + SCCs + DPF references. It is more work to operate; the trade-off is real.

Want to see what running Broadcast looks like? See how it works

The stack, layer by layer

A working configuration. For each layer: the role, the recommended options, and the DSGVO-relevant notes.

1. Hoster

Auftragsverarbeiter

Where the server lives. The hoster is a processor for any personal data on the disk. Pick a German operator with a DSGVO-compliant AVV and a German data centre.

Recommended

• Hetzner — German GmbH, Falkenstein and Nuremberg locations, transparent pricing, standard AVV. The default pick for most teams.
• IONOS — German operator with German data centres; broader product range, slightly higher list-price for equivalent specs.
• Strato — German operator, popular with smaller teams.
• OVH (Roubaix) — French operator if you prefer EU-but-not-Germany; equivalent legal posture for transfer purposes.

Hetzner also operates Helsinki (EU) and Ashburn (USA) sites; pick a German location explicitly when ordering.

2. Application: Broadcast

Self-hosted, on your server

Broadcast is a self-hosted Rails application. You install it on your server with one command. There is no SaaS tenant, no usage telemetry sent back to us by default, and no monthly fee. Subscribers, lists, automations, and tracking events live in your own Postgres database.

Because the application runs in your area of control, Broadcast is not a processor in the DSGVO sense — the controller (you) and the hoster are. That is one of the simplifications self-hosting buys you.

3. Database: Postgres

On the same server

Broadcast uses Postgres. The simplest setup runs Postgres on the same machine as the application. No managed database service, no additional processor — the data sits on the disk you already control. For larger lists, a managed Postgres in the same German data centre (e.g. Hetzner’s managed offering) is the next step up; the AVV is then with the same hoster.

4. SMTP relay

Auftragsverarbeiter

The SMTP relay handles the actual email delivery. Recipient email addresses pass through it, so it is a processor. The choice meaningfully affects the transfer story.

EU-only options (no US parent)

• Brevo SMTP — French SAS, EU processing
• Mailjet — Sinch-owned but operationally French, EU processing
• Self-run Postfix — maximum control; needs IP-reputation work

EU residency, US parent

• Amazon SES (eu-central-1) — cheapest, AWS US parent
• Postmark EU — strong deliverability, ActiveCampaign US parent
• Mailgun EU — Sinch (Sweden) parent — closer to EU-only

For a strict EU-only stack, Brevo or Mailjet are the cleanest picks. For lowest cost with acceptable transfer posture for many teams, SES Frankfurt is the default.

5. Backups

Auftragsverarbeiter (if external)

Hetzner’s server backups stay within Hetzner infrastructure (German data centres) and are covered by the same AVV. For off-site backups, Hetzner Storage Box or a German-based S3-compatible object store (e.g. IONOS, OVHcloud Object Storage in Frankfurt or Strasbourg) keeps the AVV picture inside the EU. Avoid US-controlled backup destinations unless the transfer is documented in your TIA.

6. Analytics

Often the easiest layer to mishandle

Web analytics is where many otherwise-clean DSGVO stacks fall over. Google Analytics has been ruled problematic by several EU DPAs. Privacy-friendly options:

• Plausible — EU-based, no cookies, no personal data collection
• Pirsch — German operator, cookie-free
• Matomo — self-hostable, full data ownership
• Fathom — EU-isolated infrastructure available

7. Error tracking and monitoring

Optional but common

Stack traces can incidentally include personal data (e.g. an email address in a query parameter). Pick error tracking thoughtfully. Sentry offers EU data residency. GlitchTip is a self-hostable alternative with the same SDK API. For uptime and metrics, Uptime Kuma (self-hosted) and Grafana Cloud (Frankfurt) are reasonable options.

8. Support and operations tooling

Easy to overlook

Helpdesk, livechat, internal dashboards, and screen-sharing tools can all see personal data. If your support team uses Intercom or Zendesk, those processors must appear in your AVV chain and your TIA. EU-friendly alternatives exist (Help Scout has EU data residency; Crisp is French; Freshdesk has EU residency). Self-hosted options like Chatwoot remove the question entirely.

A worked example

A reference DSGVO-friendly stack for a typical 10,000-recipient newsletter. Concrete picks, with the rationale.

Hoster
Hetzner CX22 in Falkenstein

~€5/month · standard AVV

Application
Broadcast (self-hosted)

$250 one-time · on your server

Database
Postgres, same machine

No additional processor

SMTP
Amazon SES eu-central-1 (Frankfurt)

~$4/month · document US parent in TIA

Backups
Hetzner Storage Box

~€4/month · same AVV

Analytics
Plausible (EU)

~€9/month · EU-based

Error tracking
GlitchTip (self-hosted) or Sentry EU

Optional

Approximate monthly running cost

~€25 + amortised license

Pricing as of early 2026; verify with each provider before committing. For a strict EU-only stack with no US parent at any layer, swap SES for Brevo SMTP from France — expect a modest cost increase.

What self-hosting does not solve

Important so the page is honest: these obligations apply regardless of which tool or stack you use.

Impressum

Required on every commercial website in Germany under TMG § 5. Self-hosting changes nothing.

Datenschutzerklärung

Privacy notice must list every processor handling personal data. Self-hosting reduces the number of entries; it does not remove the obligation.

Double opt-in

German case law treats double opt-in as the safe default for newsletter consent. Broadcast supports this natively.

AVV with each processor

Hoster, SMTP provider, backup destination, analytics, error tracker. One AVV per processor, archived.

Verzeichnis von Verarbeitungstätigkeiten (VVT)

DSGVO Art. 30 record of processing activities. Required for almost all commercial controllers.

Subject access and deletion processes

Documented procedure for handling Auskunfts- and Löschungsanfragen within statutory timeframes.

Frequently asked questions

No. Self-hosting changes which processors are involved and where data is stored. The substantive DSGVO obligations — AVV, Datenschutzerklärung, double opt-in, deletion processes, VVT — apply regardless of tooling.

No. EU-based processing is sufficient. A French or Dutch hoster is the same legal posture as a German hoster for transfer purposes. Some German DPOs prefer a German operator for documentation reasons; that is a preference, not a legal requirement.

SES eu-central-1 keeps processing in Germany, but AWS has a US parent and is therefore subject to US access laws. For many teams that is acceptable when documented in a TIA. For a strict EU-only stack, choose Brevo SMTP (France) or Mailjet (France) instead.

Initial setup with the Broadcast guided installer is typically half a day including DNS, SPF/DKIM/DMARC, and SMTP configuration. Ongoing work is small — backups verified monthly, security patches via the platform updater, monitoring alerts. For teams with no Linux comfort, hire a freelancer for the initial setup; ongoing operation is light.

Resize to CX32 (~€9/month) for lists up to ~250,000, or CX42 (~€17/month) above that. Resizing is in-place on Hetzner; no migration. The AVV does not change.

These are website concerns, not Broadcast concerns. Several German court decisions have flagged Google Fonts loaded directly from Google’s CDN; self-hosting fonts removes the issue. Google Analytics has been criticised by multiple EU DPAs and is generally avoided on DSGVO-conscious sites. None of this is changed by self-hosting your newsletter tool, but it is worth aligning the rest of the website with the same posture.

DSGVO-friendly newsletter software for German companies.

Broadcast does not make you automatically DSGVO-compliant. It gives you a simpler infrastructure model: your list, your server, your database, your chosen SMTP provider.

One-time license. No per-subscriber tier. Designed for self-hosting on a German server.

See Broadcast — $250 one-time Calculate savings

By Audience

By Use Case

Learn

Free Tools