If you're serious about privacy, jurisdiction matters. Hetzner is a German company subject to German privacy law and GDPR - not US surveillance laws, not the CLOUD Act, not National Security Letters. Combined with prices that actually beat most US providers, Hetzner is the privacy-conscious choice for self-hosting. No free tier needed when you're paying €3.29/month.
Last updated: July 2026
Hetzner Cloud - EU Jurisdiction
German company, German/Finnish datacenters, GDPR protection. Starting at €3.29/month (~$3.50 USD).
Start with Hetzner CloudNo free tier, but prices are so low you won't miss it.
Why Hetzner for Privacy?
Hetzner stands apart from US providers in one critical way: jurisdiction.
| Factor | Hetzner (Germany) | US Providers |
|---|---|---|
| Jurisdiction | Germany (EU) | United States |
| Privacy law | GDPR + German BDSG | Weak federal protections |
| NSA/FBI requests | Must go through German courts | Direct compliance required |
| National Security Letters | Not applicable | Secret demands possible |
| CLOUD Act | Not applicable | Applies to all US companies |
| Five Eyes | Not a member | Full member |
The Jurisdiction Advantage
This is the most important section in this guide. Understanding jurisdiction is understanding why Hetzner matters for privacy.
US Providers: The CLOUD Act Problem
When you use DigitalOcean, Vultr, or Linode:
- The CLOUD Act (2018) allows US authorities to demand data from US companies regardless of where it's stored
- Your server in Amsterdam is still subject to US jurisdiction if the company is American
- National Security Letters can compel disclosure without any notification to you
- Data sharing with Five Eyes intelligence alliance is routine
Hetzner: German Law Applies
When you use Hetzner:
- US authorities cannot directly request data - must go through Mutual Legal Assistance Treaties (MLAT)
- German courts review requests and can deny them
- GDPR provides strong baseline - data minimization, purpose limitation, breach notification
- German BDSG (Federal Data Protection Act) adds additional protections
- No Five Eyes membership - Germany is not part of the core intelligence sharing alliance
What This Means in Practice
If US law enforcement wants your Hetzner data, they must:
- File a request through official diplomatic channels (MLAT)
- Have the request reviewed by German authorities
- Meet German legal standards for data disclosure
- Often wait months for the process to complete
Compared to US providers where a single National Security Letter can compel immediate, secret disclosure.
Limitations of Jurisdiction
Jurisdiction isn't magic. German authorities can still:
- Request data for legitimate German law enforcement
- Comply with valid court orders
- Cooperate with international investigations through proper channels
Germany also has intelligence agencies (BND, BfV) that conduct surveillance, though with more legal constraints than the NSA.
Hetzner Locations
Limited locations but strategically placed:
- Nuremberg, Germany - Primary datacenter
- Falkenstein, Germany - Large facility
- Helsinki, Finland - Nordic option (also EU, strong privacy)
- Ashburn, USA - For US latency needs (still German company)
- Hillsboro, USA - West coast US
US Locations Note
Hetzner's US datacenters are operated by the German parent company. While this provides better legal protection than US-owned providers, data physically in the US is more accessible to US authorities. For maximum jurisdictional benefit, choose German or Finnish locations.
Pricing: Absurdly Good
Hetzner doesn't need free credits because their regular prices beat most competitors' promotional rates:
| Hetzner Plan | RAM | CPU | Storage | Price |
|---|---|---|---|---|
| CX11 | 2GB | 1 vCPU | 20GB | €3.29/mo (~$3.50) |
| CX21 | 4GB | 2 vCPU | 40GB | €5.39/mo (~$5.80) |
| CX31 | 8GB | 2 vCPU | 80GB | €9.59/mo (~$10.30) |
| CX41 | 16GB | 4 vCPU | 160GB | €17.99/mo (~$19.30) |
Price Comparison
The CX11 at €3.29 includes 2GB RAM. Compare:
| Provider | Cheapest 2GB Plan | Difference |
|---|---|---|
| Hetzner CX11 | €3.29/mo | Baseline |
| DigitalOcean | $8/mo | +143% |
| Vultr | $6/mo | +82% |
| Linode | $12/mo | +264% |
Hetzner offers more RAM for less money than any US competitor. The "no free tier" disadvantage disappears when you realize you're paying less than other providers' post-credit prices.
Privacy & Threat Model
Jurisdiction: Germany (EU)
Hetzner Online GmbH is headquartered in Gunzenhausen, Germany. This means:
- GDPR applies: Strictest mainstream privacy regulation globally
- German Basic Law: Constitutional privacy protections
- BfDI oversight: Federal Commissioner for Data Protection monitors compliance
- Not Five Eyes: Not part of the core intelligence sharing alliance
- No CLOUD Act: US cannot directly compel disclosure
What Hetzner Can See
| Data Type | Visible? | Notes |
|---|---|---|
| Account info | Yes | Name, email, payment (required under German law) |
| Server IPs | Yes | Logged for abuse prevention |
| Traffic metadata | Yes | Volume and timing |
| Disk contents | Technically yes | Hypervisor access possible |
| Encrypted traffic | No | WireGuard protected |
| E2E encrypted files | No | Client-side encryption |
Threat Model Assessment
Hetzner is Ideal For:
- Users concerned about US surveillance overreach
- Journalists and activists in US-adversary situations
- Anyone wanting GDPR protections
- EU residents wanting data to stay in EU
- Cost-conscious users wanting best value
- Long-term self-hosting (no promo expiration anxiety)
Hetzner May Not Help With:
- German law enforcement investigations
- EU-level investigations (Europol)
- Requests through proper MLAT channels (slow but possible)
- Situations where Germany specifically is the adversary
The German Intelligence Question
Germany has intelligence agencies:
- BND (Foreign Intelligence) - Conducts signals intelligence
- BfV (Domestic Intelligence) - Internal security
- MAD (Military Intelligence)
However, German intelligence operates under stricter legal oversight than US agencies. The BND has faced court challenges and parliamentary investigation for overreach. This doesn't make Germany surveillance-free, but the legal constraints are real.
Getting Started
Step 1: Create Account
- Go to hetzner.cloud
- Click Sign Up
- Verify email
- Add payment method (card, PayPal, bank transfer - no crypto)
- Pass identity verification (German law requires this)
Identity Verification
Unlike US providers, Hetzner requires actual identity verification under German law. This means:
- Accurate personal information required
- May need to verify with ID in some cases
- Prevents anonymous signup
This is the tradeoff for jurisdiction protection. You can't be anonymous to Hetzner, but Hetzner provides legal protection against US demands.
Step 2: Create a Server
- Click Create Server
- Choose location (Nuremberg or Helsinki for max privacy)
- Select Ubuntu 24.04
- Choose CX11 (€3.29/mo) for basic VPN
- Add SSH key (recommended) or create password
- Click Create & Buy Now
Step 3: Connect
ssh root@YOUR_SERVER_IP Hetzner-Specific Features
Volumes (Block Storage)
€0.0440/GB/month - add storage for Nextcloud. 100GB = €4.40/month.
Floating IPs
€4/month for a static IP that survives server rebuilds.
Snapshots
€0.0119/GB/month - incredibly cheap for backups.
Load Balancers
€5.39/month for traffic distribution.
Dedicated Servers
Hetzner is famous for their server auction - dedicated physical servers at absurd prices (€30-50/month for enterprise hardware). Ultimate isolation from other customers.
Hetzner vs US Providers
| Factor | Hetzner | DigitalOcean | Vultr | Linode |
|---|---|---|---|---|
| Jurisdiction | Germany | USA | USA | USA |
| CLOUD Act | No | Yes | Yes | Yes |
| Free credit | None | $200 | $100 | $100 |
| 2GB price | €3.29 | $8 | $6 | $12 |
| Crypto payment | No | Bitcoin | Yes | No |
| Identity req'd | Yes | No | No | No |
| Best for | Privacy/value | Beginners | Locations | Reliability |
Summary: Why Hetzner
Hetzner is Right For You If:
- US jurisdiction is a concern for your threat model
- You want GDPR protection for your data
- You prefer paying less for more resources
- You don't need dozens of global locations
- You're comfortable providing real identity information
- Long-term hosting without promotional expiration stress
Ready for EU-Jurisdiction Privacy?
German law, GDPR protection, prices that beat free tier. Start at €3.29/month.
Start with Hetzner Cloud