The largest cost block in e-commerce shows up as a line item in no SaaS platform's quote: the transaction fee that grows with every euro of revenue. Take it seriously and you end up at a PostgreSQL-native stack like Medusa, one you run entirely yourself.
Medusa is open-source under the MIT licence and, as software, charges no revenue or transaction fee. Only infrastructure and payment-provider costs apply. That sounds like a footnote for the accounting team, but it is a strategic fork in the road. You are deciding whether your cost curve climbs with revenue or stays flat and even falls per order. And you are deciding where your order and customer data live: in a database you control in Germany, or with a US provider. The two questions are connected, and both are answered most honestly with a real calculation rather than a promise.
What does Medusa self-hosted on Hetzner really need?
Start with the reality of operations, not the marketing. A production Medusa stack strictly requires two datastores: PostgreSQL as the commerce store and Redis for cache, event bus, locking and the workflow engine. The official Docker guide references postgres:15-alpine and redis:7-alpine on a node:20-alpine base image. This is not an exotic stack, it is standard practice every ops person knows.
On top of that comes a quirk many people miss on their first TCO comparison: in production, Medusa has to run in two modes. Server mode serves the API and admin; worker mode processes background jobs and subscribers, controlled via MEDUSA_WORKER_MODE. Both processes need the same secrets and the same database connection. The official recommendation is at least 2 GB of RAM and Node.js v20+ as the LTS line.
For that requirement a Hetzner AX41 at roughly 39 euros/month is not a compromise, it is generously sized. It handles PostgreSQL, Redis, both Medusa processes and the Next.js storefront with room to spare. We orchestrate it via Coolify and Docker. Coolify is documented for Medusa only through community guides, not officially, but the pattern is straightforward: define containers, run a predeploy migration via medusa db:migrate, deploy. The officially documented deployment target is Railway; anyone who wants control over their own machine lands on a root server instead.
Medusa TCO against SaaS: where the curves cross
Now the numbers, honestly, with a range rather than invented precision. A clean initial implementation of a self-hosted Medusa stack runs a one-off 5,000 to 20,000 euros, depending on how far you customise the storefront, modules and integrations. Ongoing operation realistically costs 2 to 5 hours per month of maintenance: updates, monitoring, checking backups. At a blended rate of around 120 euros per developer hour plus infrastructure, a mid-sized shop lands in a three-year total of roughly 40,000 to 80,000 euros. That is the honest TCO, including the hours many calculations quietly drop.
Against that you set the SaaS side. According to its official pricing page (as of July 2026, geolocated in EUR, verify), Shopify Plus starts at 2,250 euros/month on the one-year term, or 2,100 euros/month on three years, as a pure base fee. Over three years that is roughly 75,000 to 81,000 euros in base fee alone, before a single transaction fee lands. And that fee is exactly the point: use a third-party PSP and you pay its fee plus 0.20% per transaction to Shopify. With Shopify Payments that surcharge disappears, but you tie yourself to one gateway. The full calculation with every footnote is laid out in our direct comparison of Medusa against Shopify Plus.
The decisive effect is the direction of the curves. Self-hosted fixed costs are largely constant; per order they fall as volume grows. Revenue-based SaaS fees do the opposite: they climb with success. At low GMV managed wins, because the fixed base cost dominates. Above a certain revenue the lines cross, and after that SaaS charges you for your own growth. The same mechanism, constant infrastructure against managed fees that scale with usage, repeats across providers, from the database to the commerce backend.
Data sovereignty: who owns the order data?
TCO is one half of the decision, control is the other. With self-hosting, orders, customer profiles and all the PII sit in a PostgreSQL instance you control, in a data centre you choose; with Hetzner that means Germany. For your shop's core data there is no third-country transfer, no debate about the CLOUD Act, no dependence on whatever the current legal position on transatlantic data flows happens to be. That is data sovereignty in e-commerce in the literal sense: the data never leaves your span of control.
The honest caveat: no one escapes external processors entirely. Payment data sits with the payment provider. With the Stripe provider, card data never touches the Medusa server; entry runs client-side through Stripe Elements, and the backend only receives tokens and payment intents. Under PCI DSS logic that usually qualifies the card processing for the smallest questionnaire, SAQ A, provided you never store or transmit card data yourself. The concrete classification depends on the integration type, and in self-hosted operation you remain responsible for scoping, annual attestation and server hardening. For Stripe and every external module, analytics, file storage, notifications, you need a data-processing agreement. This is an architectural assessment, not legal advice.
Why this is more than a compliance footnote, we argued at more length in Is our data still safe in the United States?. The short version: hold your business's core data on someone else's infrastructure in a third country and you buy a risk no price list reports, one that in the worst case costs more than any transaction fee. A GDPR shop whose data handling you own yourself is not an ideological project but practised vendor-risk management.
The uncomfortable point: running a shop yourself is operational responsibility with revenue at stake
Now the part the sovereignty rhetoric likes to skip. A shop is not an internal application where an outage on Friday evening bothers no one. Downtime means no sales. Every minute of downtime is directly lost revenue, and the responsibility is yours, not a Shopify SLA's.
That has concrete consequences. Traffic spikes from a sale, from Black Friday, from a successful newsletter or a viral moment: you absorb them yourself. Uptime monitoring, failover, backup-restore tests, security patching of Node, PostgreSQL and Redis all sit with you. Payment additionally brings PCI scope you have to manage actively. A single AX41 is generous for normal operation but a single point of failure; real resilience means redundancy, a separate database, read replicas, and that costs money. A high-availability setup lands closer to 150 to 400 euros/month than 39.
That is why the saving is no automatic outcome. It is real only when two conditions hold. First, there is ops competence in-house or with a reliable partner, someone who at three in the morning knows why the worker process is hanging. Second, your own hours are priced in honestly. Book operations as "a colleague does it on the side" and you compare a flattered self-hosting calculation against a complete SaaS one, then act surprised later. For a simple standard B2C catalogue without a dedicated team, the boilerplate is plainly oversized; there, managed is the sensible choice.
What I tell decision-makers
Calculate break-even with your real numbers, not with a slide deck. Take your expected GMV over the next three years, plot the revenue-based fees as a rising curve, and set the flat self-hosting line beside it, including setup, maintenance hours at the full rate and the 150 to 400 euros/month for a resilient setup, not just the 39 euros for the hobby box. The crossing point is your decision boundary, and it sits somewhere different for everyone.
If you are above that boundary and the ops competence is there, the case is clear: Medusa is PostgreSQL-native, fully self-hostable, and runs on Hetzner with Coolify and Docker, GDPR-compliant in Germany. You save the transaction fee that grows with your success, and you keep your order and customer data under your own control. Below the boundary, or without the team, managed is the more honest answer, no loss of face but operational economics. The technical depth on architecture, modules and workflows that makes this sovereignty workable in the first place is in our pillar overview of Medusa as a headless commerce platform.
The real question is not "self-hosted or SaaS?" but this: do you want your cost curve and your data sovereignty to follow your vendor's interest, or your own? Anyone who does not ask that question has answered it anyway.
