Medusa self-host­ed on Het­zn­er: TCO and data sov­er­eign­ty, hon­est­ly cal­cu­lat­ed

Medusa is Post­greSQL-na­tive and ful­ly self-hostable. On Het­zn­er with Coo­lify and Dock­er the com­merce stack runs GDPR-com­pli­ant in Ger­many, and it beats SaaS plus trans­ac­tion fees above a clear rev­enue point. What the switch re­al­ly costs, and when it pays off.
7 min readMatthias RadscheitMatthias Radscheit
Happycodingen-US

TL;DR

Medusa runs PostgreSQL-native and fully self-hosted on Hetzner with Coolify and Docker, GDPR-compliant in Germany. Against SaaS plus transaction fees it pays off above a certain revenue, because fixed costs per order fall instead of rising. Order and customer data stay under your own control. The precondition: existing ops competence and your own hours priced in honestly.

  • As open-source software Medusa charges no transaction fee itself; only infrastructure and payment-provider costs apply. That is exactly where the TCO advantage over SaaS with revenue-based fees comes from.
  • The production stack strictly needs PostgreSQL and Redis, a server and a worker process, and at least 2 GB of RAM. A Hetzner AX41 (around 39 euros/month) covers that with room to spare.
  • Realistic three-year total for a mid-sized app: 40,000 to 80,000 euros including setup (one-off 5,000 to 20,000 euros) and maintenance (2 to 5 hours/month). Self-hosted costs fall per order; SaaS fees rise with revenue.
  • With self-hosting, orders and PII sit in your own PostgreSQL instance in an EU data centre, with no third-country transfer for the core data. Payment data stays with the payment provider, and a data-processing agreement is required.
  • Break-even is an operations decision, not pure arithmetic. Without ops competence and honestly priced own hours, managed is cheaper in total effort.

The largest cost block in e-com­merce shows up as a line item in no SaaS plat­for­m's quote: the trans­ac­tion fee that grows with every euro of rev­enue. Take it se­ri­ous­ly and you end up at a Post­greSQL-na­tive stack like Medusa, one you run en­tire­ly your­self.

Medusa is open-source un­der the MIT li­cence and, as soft­ware, charges no rev­enue or trans­ac­tion fee. Only in­fra­struc­ture and pay­ment-provider costs ap­ply. That sounds like a foot­note for the ac­count­ing team, but it is a strate­gic fork in the road. You are de­cid­ing whether your cost curve climbs with rev­enue or stays flat and even falls per or­der. And you are de­cid­ing where your or­der and cus­tomer data live: in a data­base you con­trol in Ger­many, or with a US provider. The two ques­tions are con­nect­ed, and both are an­swered most hon­est­ly with a real cal­cu­la­tion rather than a promise.

What does Medusa self-host­ed on Het­zn­er re­al­ly need?

Start with the re­al­i­ty of op­er­a­tions, not the mar­ket­ing. A pro­duc­tion Medusa stack strict­ly re­quires two data­s­tores: Post­greSQL as the com­merce store and Re­dis for cache, event bus, lock­ing and the work­flow en­gine. The of­fi­cial Dock­er guide ref­er­ences post­gres:15-alpine and re­dis:7-alpine on a node:20-alpine base im­age. This is not an ex­ot­ic stack, it is stan­dard prac­tice every ops per­son knows.

On top of that comes a quirk many peo­ple miss on their first TCO com­par­i­son: in pro­duc­tion, Medusa has to run in two modes. Serv­er mode serves the API and ad­min; work­er mode process­es back­ground jobs and sub­scribers, con­trolled via MEDUSA_WORK­ER_MODE. Both process­es need the same se­crets and the same data­base con­nec­tion. The of­fi­cial rec­om­men­da­tion is at least 2 GB of RAM and Node.js v20+ as the LTS line.

For that re­quire­ment a Het­zn­er AX41 at rough­ly 39 eu­ros/month is not a com­pro­mise, it is gen­er­ous­ly sized. It han­dles Post­greSQL, Re­dis, both Medusa process­es and the Next.js store­front with room to spare. We or­ches­trate it via Coo­lify and Dock­er. Coo­lify is doc­u­ment­ed for Medusa only through com­mu­ni­ty guides, not of­fi­cial­ly, but the pat­tern is straight­for­ward: de­fine con­tain­ers, run a pre­de­ploy mi­gra­tion via medusa db:mi­grate, de­ploy. The of­fi­cial­ly doc­u­ment­ed de­ploy­ment tar­get is Rail­way; any­one who wants con­trol over their own ma­chine lands on a root serv­er in­stead.

Medusa TCO against SaaS: where the curves cross

Now the num­bers, hon­est­ly, with a range rather than in­vent­ed pre­ci­sion. A clean ini­tial im­ple­men­ta­tion of a self-host­ed Medusa stack runs a one-off 5,000 to 20,000 eu­ros, de­pend­ing on how far you cus­tomise the store­front, mod­ules and in­te­gra­tions. On­go­ing op­er­a­tion re­al­is­ti­cal­ly costs 2 to 5 hours per month of main­te­nance: up­dates, mon­i­tor­ing, check­ing back­ups. At a blend­ed rate of around 120 eu­ros per de­vel­op­er hour plus in­fra­struc­ture, a mid-sized shop lands in a three-year to­tal of rough­ly 40,000 to 80,000 eu­ros. That is the hon­est TCO, in­clud­ing the hours many cal­cu­la­tions qui­et­ly drop.

Against that you set the SaaS side. Ac­cord­ing to its of­fi­cial pric­ing page (as of July 2026, ge­olo­cat­ed in EUR, ver­i­fy), Shopi­fy Plus starts at 2,250 eu­ros/month on the one-year term, or 2,100 eu­ros/month on three years, as a pure base fee. Over three years that is rough­ly 75,000 to 81,000 eu­ros in base fee alone, be­fore a sin­gle trans­ac­tion fee lands. And that fee is ex­act­ly the point: use a third-par­ty PSP and you pay its fee plus 0.20% per trans­ac­tion to Shopi­fy. With Shopi­fy Pay­ments that sur­charge dis­ap­pears, but you tie your­self to one gate­way. The full cal­cu­la­tion with every foot­note is laid out in our di­rect com­par­i­son of Medusa against Shopi­fy Plus.

The de­ci­sive ef­fect is the di­rec­tion of the curves. Self-host­ed fixed costs are large­ly con­stant; per or­der they fall as vol­ume grows. Rev­enue-based SaaS fees do the op­po­site: they climb with suc­cess. At low GMV man­aged wins, be­cause the fixed base cost dom­i­nates. Above a cer­tain rev­enue the lines cross, and af­ter that SaaS charges you for your own growth. The same mech­a­nism, con­stant in­fra­struc­ture against man­aged fees that scale with us­age, re­peats across providers, from the data­base to the com­merce back­end.

Data sov­er­eign­ty: who owns the or­der data?

TCO is one half of the de­ci­sion, con­trol is the oth­er. With self-host­ing, or­ders, cus­tomer pro­files and all the PII sit in a Post­greSQL in­stance you con­trol, in a data cen­tre you choose; with Het­zn­er that means Ger­many. For your shop's core data there is no third-coun­try trans­fer, no de­bate about the CLOUD Act, no de­pen­dence on what­ev­er the cur­rent le­gal po­si­tion on transat­lantic data flows hap­pens to be. That is data sov­er­eign­ty in e-com­merce in the lit­er­al sense: the data nev­er leaves your span of con­trol.

The hon­est caveat: no one es­capes ex­ter­nal proces­sors en­tire­ly. Pay­ment data sits with the pay­ment provider. With the Stripe provider, card data nev­er touch­es the Medusa serv­er; en­try runs client-side through Stripe El­e­ments, and the back­end only re­ceives to­kens and pay­ment in­tents. Un­der PCI DSS log­ic that usu­al­ly qual­i­fies the card pro­cess­ing for the small­est ques­tion­naire, SAQ A, pro­vid­ed you nev­er store or trans­mit card data your­self. The con­crete clas­si­fi­ca­tion de­pends on the in­te­gra­tion type, and in self-host­ed op­er­a­tion you re­main re­spon­si­ble for scop­ing, an­nu­al at­tes­ta­tion and serv­er hard­en­ing. For Stripe and every ex­ter­nal mod­ule, an­a­lyt­ics, file stor­age, no­ti­fi­ca­tions, you need a data-pro­cess­ing agree­ment. This is an ar­chi­tec­tur­al as­sess­ment, not le­gal ad­vice.

Why this is more than a com­pli­ance foot­note, we ar­gued at more length in Is our data still safe in the Unit­ed States?. The short ver­sion: hold your busi­ness's core data on some­one else's in­fra­struc­ture in a third coun­try and you buy a risk no price list re­ports, one that in the worst case costs more than any trans­ac­tion fee. A GDPR shop whose data han­dling you own your­self is not an ide­o­log­i­cal project but prac­tised ven­dor-risk man­age­ment.

The un­com­fort­able point: run­ning a shop your­self is op­er­a­tional re­spon­si­bil­i­ty with rev­enue at stake

Now the part the sov­er­eign­ty rhetoric likes to skip. A shop is not an in­ter­nal ap­pli­ca­tion where an out­age on Fri­day evening both­ers no one. Down­time means no sales. Every minute of down­time is di­rect­ly lost rev­enue, and the re­spon­si­bil­i­ty is yours, not a Shopi­fy SLA's.

That has con­crete con­se­quences. Traf­fic spikes from a sale, from Black Fri­day, from a suc­cess­ful newslet­ter or a vi­ral mo­ment: you ab­sorb them your­self. Up­time mon­i­tor­ing, failover, back­up-re­store tests, se­cu­ri­ty patch­ing of Node, Post­greSQL and Re­dis all sit with you. Pay­ment ad­di­tion­al­ly brings PCI scope you have to man­age ac­tive­ly. A sin­gle AX41 is gen­er­ous for nor­mal op­er­a­tion but a sin­gle point of fail­ure; real re­silience means re­dun­dan­cy, a sep­a­rate data­base, read repli­cas, and that costs mon­ey. A high-avail­abil­i­ty set­up lands clos­er to 150 to 400 eu­ros/month than 39.

That is why the sav­ing is no au­to­mat­ic out­come. It is real only when two con­di­tions hold. First, there is ops com­pe­tence in-house or with a re­li­able part­ner, some­one who at three in the morn­ing knows why the work­er process is hang­ing. Sec­ond, your own hours are priced in hon­est­ly. Book op­er­a­tions as "a col­league does it on the side" and you com­pare a flat­tered self-host­ing cal­cu­la­tion against a com­plete SaaS one, then act sur­prised lat­er. For a sim­ple stan­dard B2C cat­a­logue with­out a ded­i­cat­ed team, the boil­er­plate is plain­ly over­sized; there, man­aged is the sen­si­ble choice.

What I tell de­ci­sion-mak­ers

Cal­cu­late break-even with your real num­bers, not with a slide deck. Take your ex­pect­ed GMV over the next three years, plot the rev­enue-based fees as a ris­ing curve, and set the flat self-host­ing line be­side it, in­clud­ing set­up, main­te­nance hours at the full rate and the 150 to 400 eu­ros/month for a re­silient set­up, not just the 39 eu­ros for the hob­by box. The cross­ing point is your de­ci­sion bound­ary, and it sits some­where dif­fer­ent for every­one.

If you are above that bound­ary and the ops com­pe­tence is there, the case is clear: Medusa is Post­greSQL-na­tive, ful­ly self-hostable, and runs on Het­zn­er with Coo­lify and Dock­er, GDPR-com­pli­ant in Ger­many. You save the trans­ac­tion fee that grows with your suc­cess, and you keep your or­der and cus­tomer data un­der your own con­trol. Be­low the bound­ary, or with­out the team, man­aged is the more hon­est an­swer, no loss of face but op­er­a­tional eco­nom­ics. The tech­ni­cal depth on ar­chi­tec­ture, mod­ules and work­flows that makes this sov­er­eign­ty work­able in the first place is in our pil­lar overview of Medusa as a head­less com­merce plat­form.

The real ques­tion is not "self-host­ed or SaaS?" but this: do you want your cost curve and your data sov­er­eign­ty to fol­low your ven­dor's in­ter­est, or your own? Any­one who does not ask that ques­tion has an­swered it any­way.

Frequently asked questions

What does Medusa self-hosted on Hetzner really cost?
The software itself is MIT-licensed and charges no transaction fee. Infrastructure costs apply: a Hetzner AX41 runs around 39 euros/month and covers PostgreSQL, Redis, the server and the worker process with room to spare. On top of that comes a one-off 5,000 to 20,000 euros for a clean initial implementation and 2 to 5 hours/month of maintenance. A realistic three-year total for a mid-sized app lands at 40,000 to 80,000 euros. The decisive difference from SaaS: these costs are largely fixed and fall per order, while SaaS fees rise with revenue.
Is a self-hosted Medusa shop on Hetzner GDPR-compliant?
Architecturally, yes: orders and personal data sit in your own PostgreSQL instance in the data centre you choose, for instance in Germany. For the core data there is no third-country transfer. Payment data stays with the payment provider; for Stripe and external modules such as analytics or file storage you need a data-processing agreement. This is an architectural assessment, not legal advice; the concrete evaluation belongs in your data-protection process.
When does self-hosting beat Shopify or Medusa Cloud?
The advantage appears at high revenue and/or when a third-party PSP is in play, because revenue-based transaction fees then form the biggest cost block. For small shops without an ops team, managed is cheaper in total effort. Self-hosting pays off above clear revenue and volume thresholds, and only when operations competence exists and your own hours are priced in honestly.
What infrastructure does Medusa need in production?
Strictly PostgreSQL as the commerce store and Redis for cache, event bus, locking and the workflow engine. Medusa has to run in two modes: server mode for API and admin, worker mode for background jobs. At least 2 GB of RAM and Node.js v20+ are recommended. On Hetzner we run this via Coolify and Docker; an AX41 has enough headroom for all components plus the storefront.

Sources

Related articles

Open for select projects

Let's talk about your project

Book a no-oblig­a­tion call, send us an email, or use the form – we'd love to hear from you.

150+
Completed projects
15
Years of experience
8
Senior‑level team members