eusend/Blog
DocsPricingMigrateGuidesBlogSign in
Get started

← Blog·Jul 14, 2026engineeringinfrastructure

How eusend keeps your email data in the EU

A tour of the infrastructure behind eusend — why every piece of it runs on servers we operate ourselves, inside the EU.

SivertSivertFounderBuilding eusend — self-hosted email infrastructure that never leaves the EU.

When we say "EU email infrastructure," we don't mean an EU region of an American cloud. We mean servers we rent from a European provider, running software we operate ourselves. This post is a short tour of what actually happens when you call our API.

The path of an email

You POST /emails, and everything after that stays on our machines:

curl -X POST https://api.eusend.dev/emails \
  -H "Authorization: Bearer eu_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "from": "[email protected]",
    "to": "[email protected]",
    "subject": "Your receipt",
    "html": "<p>Thanks for your order!</p>"
  }'

The API server validates and queues the message, a worker renders and signs it (DKIM keys are encrypted at rest with AES-256-GCM), and our own mail transfer agent — KumoMTA, running on hardware in Falkenstein — delivers it to the recipient's inbox. No third-party relay ever sees the message.

Where things live

ComponentSoftwareLocation
API + workersOur stackNuremberg, Germany
DatabasePostgreSQL 16Falkenstein, Germany
Mail deliveryKumoMTAFalkenstein, Germany
Object storageGarageFalkenstein, Germany
Encrypted backupsresticHelsinki, Finland

Every row in that table is a machine we administer. There's no managed database service, no hosted queue, no storage API from a hyperscaler.

Why self-host everything?

Because the alternative doesn't actually deliver the promise. An "EU region" of a US cloud provider is still subject to US law — the CLOUD Act doesn't care where the data centre is. The only way to make "your email data never leaves the EU" a technical fact rather than a marketing claim is to not hand the data to anyone who could be compelled to move it.

Sovereignty isn't a compliance checkbox. It's an architecture decision you make on day one — and re-make every time you're tempted by a managed service.

The trade-off is real: we run our own monitoring, our own backups, our own deliverability tooling. We think it's worth it, and we'll write about the messy parts here too — IP warming, bounce classification, and what it takes to keep a self-hosted MTA off the blocklists.

What's next

This blog is where we'll publish engineering notes like this one, plus product updates. If you're building something that needs email and you'd rather it stayed in Europe, request an invite — we're onboarding from the waitlist.