German mid-market commerce platform (Schöppingen, est. 2000); Cloud entry €600/mo. PayPal owns ~41% as of Oct 2025.
- FROM
- €600/mo
- CLOUD ACT
- MATERIAL
A single roll-up of ownership and CLOUD Act exposure.
Polish headless GraphQL commerce platform; open-source BSD-3; cloud hosted on AWS EU (Ireland) with SOC 2 Type 2.
Saleor Commerce, in the E-commerce category, offers EU hosting with Ireland as its hosting location, but a US parent or sub-processor leaves material CLOUD Act exposure.
Saleor Commerce (PL-founded, EU team) achieves SOC 2 Type 2 and offers EU data residency on AWS eu-west-1 (Ireland), but Saleor Cloud runs on AWS (a US-controlled infrastructure), giving material CLOUD Act exposure. No public DPA or sub-processors list; these must be requested via sales for enterprise contracts.
How exposed customer data is to US authorities under the CLOUD Act (Clarifying Lawful Overseas Use of Data Act).
Where ultimate control over the operating company sits.
Exposure depends on how you run this product.
Vendor-operated: the sub-processors below apply.
How exposed customer data is to US authorities under the CLOUD Act (Clarifying Lawful Overseas Use of Data Act).
Deploy on your own EU infrastructure and you control hosting and every sub-processor.
How exposed customer data is to US authorities under the CLOUD Act (Clarifying Lawful Overseas Use of Data Act).
Saleor Commerce (founded 2018, Polish team) is a headless, API-first e-commerce platform built around a GraphQL-native architecture with 22,900+ GitHub stars and BSD-3-Clause licence. It handles 1B+ API requests and 400k+ orders monthly across its cloud customer base. Saleor Cloud offers a fully-managed SaaS with EU data residency on AWS eu-west-1 (Ireland) as the primary EU region; data is strictly isolated between regions. Certifications: SOC 2 Type 2, GDPR compliant, PCI-DSS compliant. The self-hosted path (self-deploy on EU VPS/PaaS) gives merchants full infrastructure control with zero US-cloud dependency. Saleor targets developers and agencies building composable commerce stacks: it is not an out-of-the-box hosted shop like Shopify, but rather an API layer that any EU-hosted frontend can consume. Best fit for digital agencies, D2C brands, and B2B operators who need deep API customisation with EU data residency. No public DPA or sub-processors list found; request via sales for enterprise contracts.
German mid-market commerce platform (Schöppingen, est. 2000); Cloud entry €600/mo. PayPal owns ~41% as of Oct 2025.
French open-source e-commerce with hosted SaaS option; parent group Fortidia is an Oaktree Capital portfolio company.
Polish open-source Symfony e-commerce framework (MIT); commercial Plus modules from €800/yr GMV-based.