Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Saleor Commerce

VERIFIED
E-commerce · Poland
Founded 2018 · saleor.io ↗

Polish headless GraphQL commerce platform; open-source BSD-3; cloud hosted on AWS EU (Ireland) with SOC 2 Type 2.

In short

Saleor Commerce, in the E-commerce category, offers EU hosting with Ireland as its hosting location, but a US parent or sub-processor leaves material CLOUD Act exposure.

Assessment notes

Saleor Commerce (PL-founded, EU team) achieves SOC 2 Type 2 and offers EU data residency on AWS eu-west-1 (Ireland), but Saleor Cloud runs on AWS (a US-controlled infrastructure), giving material CLOUD Act exposure. No public DPA or sub-processors list; these must be requested via sales for enterprise contracts.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
CLOUD Act by deployment

Exposure depends on how you run this product.

Hosted SaaS (default)

Vendor-operated: the sub-processors below apply.

Self-hosted (open-source)

Deploy on your own EU infrastructure and you control hosting and every sub-processor.

Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Saleor Commerce

Saleor Commerce (founded 2018, Polish team) is a headless, API-first e-commerce platform built around a GraphQL-native architecture with 22,900+ GitHub stars and BSD-3-Clause licence. It handles 1B+ API requests and 400k+ orders monthly across its cloud customer base. Saleor Cloud offers a fully-managed SaaS with EU data residency on AWS eu-west-1 (Ireland) as the primary EU region; data is strictly isolated between regions. Certifications: SOC 2 Type 2, GDPR compliant, PCI-DSS compliant. The self-hosted path (self-deploy on EU VPS/PaaS) gives merchants full infrastructure control with zero US-cloud dependency. Saleor targets developers and agencies building composable commerce stacks: it is not an out-of-the-box hosted shop like Shopify, but rather an API layer that any EU-hosted frontend can consume. Best fit for digital agencies, D2C brands, and B2B operators who need deep API customisation with EU data residency. No public DPA or sub-processors list found; request via sales for enterprise contracts.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

SOC 2
ACTIVE
Informational · US framework
FEATURES

Capability matrix

Self-hostable Yes
Multi-currency Yes
Multilingual Yes
Product variants Yes
Multi-vendor marketplace No
Abandoned cart recovery No
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option Yes
PRICING

Pricing & tiers

FREEMIUM
Custom pricing

Contact vendor for tier or volume pricing.

View pricing page ↗
PUBLIC DOCUMENTS

Public documents

  • Data Processing Addendum (DPA)
    saleor.io/legal…
    Open ↗
  • Sub-processors list
    saleor.io/legal…
    Open ↗
  • Terms of Service
    saleor.io/legal…
    Open ↗
ALTERNATIVES

Alternatives in this category

Shopware
Germany · Founded 2000
EU-HOSTED

German mid-market commerce platform (Schöppingen, est. 2000); Cloud entry €600/mo. PayPal owns ~41% as of Oct 2025.

Public DPA Sub-processors Open source
FROM
€600/mo
CLOUD ACT
MATERIAL
PrestaShop
France · Founded 2007
EU-HOSTED

French open-source e-commerce with hosted SaaS option; parent group Fortidia is an Oaktree Capital portfolio company.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL
Sylius
Poland · Founded 2011
EU-SOVEREIGN

Polish open-source Symfony e-commerce framework (MIT); commercial Plus modules from €800/yr GMV-based.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
NONE