Why Franz Runs on European Infrastructure

The first real decision I made about Franz Mail had nothing to do with email. It was about a server.

I was sitting with a list of hosting providers. The cheap ones were fast. The fast ones were everywhere. Most of them put a US-headquartered company between my users and the data they trusted me with. The question on the page was "where does the API live." The question I was actually answering was "whose courtroom does this server answer to."

Once I framed it that way, the shortlist got short.

Privacy is a vendor list

There is a version of "we care about privacy" that ends at a privacy policy. The legal page is well written, the colors are calming, and somewhere on page four you find out that the AI features call a server in Virginia.

That version is everywhere. It is also why the phrase has become close to meaningless.

The honest version of privacy is structural. It is the list of companies that, by virtue of running your traffic, hold a copy of something they should not have. Each name on that list is either inside a jurisdiction you trust, or it is not. There is no middle. Marketing copy does not change which courts can subpoena which servers.

Privacy isn't what you write on the page. It's the list of vendors you handed your users to.

Franz lives in your inbox. That is the most personal data layer most people have. So the vendor list is not a procurement detail. It is the product.

The AI decision

This was the hardest call.

Cloud AI is unavoidable for the heavy work in Franz Mail. On-device models handle classification, drafting, and search well, but the strongest models still live in datacenters. The default move is to wire up a US hyperscaler and ship. Almost everyone does.

Doing that would have undone every other choice I was about to make. There is no point putting the database in Germany if the smart-reply call goes to Virginia.

I picked Mistral. Headquartered in France. Independent of US hyperscalers. API data is not used to train their models 1. Inference runs inside Europe. Encryption is AES-256 at rest and TLS 1.2 or higher in transit 2. The company exists in part because someone in Europe noticed that most European AI workloads run on infrastructure controlled from somewhere else 3.

The EU AI Act adds one more thing on top: AI systems that interact with people have to disclose that they are AI 4. Franz already does. That is not a regulatory burden, it is the floor a serious product should already be standing on.

When you ask Franz to summarize a thread, the request goes to Mistral and the answer comes back. Nothing is stored on their side. No files are uploaded. Request, response, done.

The hosting decision

The Franz API runs on Hetzner. The servers live in Hetzner's Nuremberg park in Germany and the Helsinki park in Finland 5.

Hetzner processes our data under a formal Article 28 GDPR processor contract. Their technical and customer support is handled inside the EU 6. These are not promises in a blog post. They are contractual terms.

There was a small bonus that did not change the decision but made it feel right. The German parks have run on hydropower since 2008. Helsinki has run on hydropower since it opened in 2018 7. The infrastructure that keeps your data in Europe also runs on water.

The email decision

Franz uses Brevo for the transactional email no software can avoid: password resets, account notifications, billing receipts. These mails are short, but they carry your address and a timestamp, which is exactly the metadata most attackers and most data brokers want.

Brevo's databases sit on hosting inside the European Union. Their primary infrastructure is OVH in France and Germany 8. Every record is replicated three times across at least two locations. Backups are encrypted before storage 8. The full GDPR processor relationship is in place.

That sentence is a small thing. It also was not true at most companies I worked with before Franz, and it is still not true at most companies whose marketing pages start with "privacy first."

What we're still working on

The honest picture: Franz isn't fully European yet.

Payments still run through Stripe. Stripe is a US company. The European payment ecosystem is real, but covering every country we sell to without losing customers at checkout is not yet a clean trade. We watch it. The day it becomes feasible without restricting who can buy Franz, we move.

DNS resolution flows through Cloudflare. We are evaluating European alternatives that can handle the traffic patterns of a global download.

Part of the legacy hosting still runs on DigitalOcean in Frankfurt. Frankfurt is inside the EU, so GDPR applies, but DigitalOcean is US-headquartered. The migration onto Hetzner is in flight.

These three are the remaining names on the vendor list, and none of them sits in the path of your inbox content. They handle billing flow, DNS, and a shrinking slice of legacy infrastructure. They are documented because they should be, and they have shelf lives because they are not where Franz wants to end up. The direction does not reverse.

Why this matters now

In April 2026 the European Commission awarded a €180 million sovereign cloud procurement, explicitly to reduce reliance on foreign providers and to keep strategic decisions, economic value, and data governance inside Europe 9.

The institutions that drafted the rules are themselves choosing the path. That is the clearest possible signal that "European infrastructure" is no longer a niche preference. It is where serious data is going.

Franz handles email, which is the most personal communication layer most people have. The infrastructure should reflect that. Not because a regulator requires it. Because routing your inbox through datacenters governed by someone else's law is not good enough.

Your data, your rights

Mistral, Hetzner, and Brevo each have a formal GDPR processor relationship with Franz as the data controller. AI inference runs in Europe with no training on your content. Core hosting is German and Finnish. Email infrastructure is French and German. The legal accountability runs in clear lines, not through a privacy policy.

Under GDPR you have the right to access your data, correct it, or have it erased 10. To exercise any of those rights, email [email protected].

I would build it this way regardless of where Franz was incorporated. The infrastructure is the privacy promise. Everything else is marketing.

Stefan