You built on Lovable β React app, Supabase auth, Postgres. It works. Then your first DACH customer or pilot asks: Where is prod hosted? Where do login and data live? That question shows up fast in Germany , Austria , and Switzerland B2B β especially HR, health, finance, and anything that touches procurement or a security questionnaire.
Why βEU is fineβ is not enough in DACH
Lovableβs default path β Netlify (or similar) plus managed Supabase β is great for building. It is not always enough for prod you can point to in a buyer review.
- Germany β GDPR, vendor questionnaires, and βEU hostingβ often means nameable EU infrastructure, not βwe use a US cloud somewhere in eu-west-1.β
- Austria β Same GDPR frame; many buyers mirror German expectations on data location and subprocessors.
- Switzerland β Not in the EU/GDPR, but strong privacy expectations (revDSG). Hetzner β German company, EU datacenters β is a credible answer for many Swiss buyers without overclaiming compliance.
This is not legal advice. It is the practical friction you hit when DACH customers want a clear answer on where prod runs.
Phased prod on Hetzner β dev stays on Lovable
You do not need a big-bang migration. In a recent German-client case study, dev stayed on Netlify + managed Supabase while prod β app, login, Postgres β went live on Hetzner in the EU. Same pattern fits Lovable stacks: keep building in Lovable; add a DACH-facing prod environment on EU VMs.
Case study:
- Production on Hetzner (Part 1) β phased EU prod, OpenTofu, CI deploys, self-hosted Supabase
- Self-hosted insights (Part 2) β observability, cost guardrails, EU telemetry
Prod users hit the React app on Hetzner. Sign-in and Postgres for prod stay on Hetzner too. Dev keeps using Lovableβs stack unchanged.
Open source stack β no black box prod
DACH buyers often ask not only where data lives but what software runs there. The prod path we use is built on open source you can name, audit, and run yourself β not a proprietary PaaS you cannot inspect.
| Layer | Open source |
|---|---|
| Infra as code |
|
| App runtime |
|
| Auth + API + DB |
|
| Observability |
|
That matters in security reviews: subprocessors and components are identifiable. You are not locked into a single vendorβs managed layer for prod. Hetzner gives you VMs; the stack on top stays portable and forkable.
What I handle vs what you keep doing
You: keep shipping features in Lovable.
Me: OpenTofu (servers, firewall, DNS), GitHub Actions deploys, self-hosted open-source Supabase on prod VMs, and self-hosted observability (Grafana LGTM, cost alerts) β the documentation DACH buyers often ask for: where data lives, what runs there, who operates prod, what it costs.
I work with DACH clients on exactly this path. If that sounds like your next step, reach out.
office@martinmueller.dev Β· calendly.com/martinmueller_dev Β· LinkedIn

Top comments (0)