If you're serious about privacy, jurisdiction matters. Hetzner is a German company subject to German privacy law and GDPR - not US surveillance laws, not the CLOUD Act, not National Security Letters. Combined with prices that actually beat most US providers, Hetzner is the privacy-conscious choice for self-hosting. No free tier needed when you're paying €3.29/month.

Last updated: July 2026

Why Hetzner for Privacy?

Hetzner stands apart from US providers in one critical way: jurisdiction.

Factor Hetzner (Germany) US Providers
Jurisdiction Germany (EU) United States
Privacy law GDPR + German BDSG Weak federal protections
NSA/FBI requests Must go through German courts Direct compliance required
National Security Letters Not applicable Secret demands possible
CLOUD Act Not applicable Applies to all US companies
Five Eyes Not a member Full member

The Jurisdiction Advantage

This is the most important section in this guide. Understanding jurisdiction is understanding why Hetzner matters for privacy.

US Providers: The CLOUD Act Problem

When you use DigitalOcean, Vultr, or Linode:

  • The CLOUD Act (2018) allows US authorities to demand data from US companies regardless of where it's stored
  • Your server in Amsterdam is still subject to US jurisdiction if the company is American
  • National Security Letters can compel disclosure without any notification to you
  • Data sharing with Five Eyes intelligence alliance is routine

Hetzner: German Law Applies

When you use Hetzner:

  • US authorities cannot directly request data - must go through Mutual Legal Assistance Treaties (MLAT)
  • German courts review requests and can deny them
  • GDPR provides strong baseline - data minimization, purpose limitation, breach notification
  • German BDSG (Federal Data Protection Act) adds additional protections
  • No Five Eyes membership - Germany is not part of the core intelligence sharing alliance

What This Means in Practice

If US law enforcement wants your Hetzner data, they must:

  1. File a request through official diplomatic channels (MLAT)
  2. Have the request reviewed by German authorities
  3. Meet German legal standards for data disclosure
  4. Often wait months for the process to complete

Compared to US providers where a single National Security Letter can compel immediate, secret disclosure.

Limitations of Jurisdiction

Jurisdiction isn't magic. German authorities can still:

  • Request data for legitimate German law enforcement
  • Comply with valid court orders
  • Cooperate with international investigations through proper channels

Germany also has intelligence agencies (BND, BfV) that conduct surveillance, though with more legal constraints than the NSA.

Hetzner Locations

Limited locations but strategically placed:

  • Nuremberg, Germany - Primary datacenter
  • Falkenstein, Germany - Large facility
  • Helsinki, Finland - Nordic option (also EU, strong privacy)
  • Ashburn, USA - For US latency needs (still German company)
  • Hillsboro, USA - West coast US

US Locations Note

Hetzner's US datacenters are operated by the German parent company. While this provides better legal protection than US-owned providers, data physically in the US is more accessible to US authorities. For maximum jurisdictional benefit, choose German or Finnish locations.

Pricing: Absurdly Good

Hetzner doesn't need free credits because their regular prices beat most competitors' promotional rates:

Hetzner Plan RAM CPU Storage Price
CX11 2GB 1 vCPU 20GB €3.29/mo (~$3.50)
CX21 4GB 2 vCPU 40GB €5.39/mo (~$5.80)
CX31 8GB 2 vCPU 80GB €9.59/mo (~$10.30)
CX41 16GB 4 vCPU 160GB €17.99/mo (~$19.30)

Price Comparison

The CX11 at €3.29 includes 2GB RAM. Compare:

Provider Cheapest 2GB Plan Difference
Hetzner CX11 €3.29/mo Baseline
DigitalOcean $8/mo +143%
Vultr $6/mo +82%
Linode $12/mo +264%

Hetzner offers more RAM for less money than any US competitor. The "no free tier" disadvantage disappears when you realize you're paying less than other providers' post-credit prices.

Privacy & Threat Model

Jurisdiction: Germany (EU)

Hetzner Online GmbH is headquartered in Gunzenhausen, Germany. This means:

  • GDPR applies: Strictest mainstream privacy regulation globally
  • German Basic Law: Constitutional privacy protections
  • BfDI oversight: Federal Commissioner for Data Protection monitors compliance
  • Not Five Eyes: Not part of the core intelligence sharing alliance
  • No CLOUD Act: US cannot directly compel disclosure

What Hetzner Can See

Data Type Visible? Notes
Account info Yes Name, email, payment (required under German law)
Server IPs Yes Logged for abuse prevention
Traffic metadata Yes Volume and timing
Disk contents Technically yes Hypervisor access possible
Encrypted traffic No WireGuard protected
E2E encrypted files No Client-side encryption

Threat Model Assessment

Hetzner is Ideal For:

  • Users concerned about US surveillance overreach
  • Journalists and activists in US-adversary situations
  • Anyone wanting GDPR protections
  • EU residents wanting data to stay in EU
  • Cost-conscious users wanting best value
  • Long-term self-hosting (no promo expiration anxiety)

Hetzner May Not Help With:

  • German law enforcement investigations
  • EU-level investigations (Europol)
  • Requests through proper MLAT channels (slow but possible)
  • Situations where Germany specifically is the adversary

The German Intelligence Question

Germany has intelligence agencies:

  • BND (Foreign Intelligence) - Conducts signals intelligence
  • BfV (Domestic Intelligence) - Internal security
  • MAD (Military Intelligence)

However, German intelligence operates under stricter legal oversight than US agencies. The BND has faced court challenges and parliamentary investigation for overreach. This doesn't make Germany surveillance-free, but the legal constraints are real.

Getting Started

Step 1: Create Account

  1. Go to hetzner.cloud
  2. Click Sign Up
  3. Verify email
  4. Add payment method (card, PayPal, bank transfer - no crypto)
  5. Pass identity verification (German law requires this)

Identity Verification

Unlike US providers, Hetzner requires actual identity verification under German law. This means:

  • Accurate personal information required
  • May need to verify with ID in some cases
  • Prevents anonymous signup

This is the tradeoff for jurisdiction protection. You can't be anonymous to Hetzner, but Hetzner provides legal protection against US demands.

Step 2: Create a Server

  1. Click Create Server
  2. Choose location (Nuremberg or Helsinki for max privacy)
  3. Select Ubuntu 24.04
  4. Choose CX11 (€3.29/mo) for basic VPN
  5. Add SSH key (recommended) or create password
  6. Click Create & Buy Now

Step 3: Connect

ssh root@YOUR_SERVER_IP

Hetzner-Specific Features

Volumes (Block Storage)

€0.0440/GB/month - add storage for Nextcloud. 100GB = €4.40/month.

Floating IPs

€4/month for a static IP that survives server rebuilds.

Snapshots

€0.0119/GB/month - incredibly cheap for backups.

Load Balancers

€5.39/month for traffic distribution.

Dedicated Servers

Hetzner is famous for their server auction - dedicated physical servers at absurd prices (€30-50/month for enterprise hardware). Ultimate isolation from other customers.

Hetzner vs US Providers

Factor Hetzner DigitalOcean Vultr Linode
Jurisdiction Germany USA USA USA
CLOUD Act No Yes Yes Yes
Free credit None $200 $100 $100
2GB price €3.29 $8 $6 $12
Crypto payment No Bitcoin Yes No
Identity req'd Yes No No No
Best for Privacy/value Beginners Locations Reliability

Summary: Why Hetzner

Hetzner is Right For You If:

  • US jurisdiction is a concern for your threat model
  • You want GDPR protection for your data
  • You prefer paying less for more resources
  • You don't need dozens of global locations
  • You're comfortable providing real identity information
  • Long-term hosting without promotional expiration stress