How can a small team build a sovereign tech stack?

By either building (through code) the exact solutions you want, or by using open-source, modifiable alternatives that you can self-host. Combining EU-based hosting like Scaleway with open-source tools for CRM, CMS, HR, email marketing, and office software lets a small organisation own its data and reduce dependency on US-based SaaS.

What counts as a truly sovereign cloud provider in Europe?

A true sovereign cloud is one not built on hyperscaler infrastructure (AWS, Google, Microsoft). Scaleway, Hetzner, and OVH are leading European options. Scaleway hosts the French government's healthcare data and uses the open-source AWS CLI without being built on AWS infrastructure. OVH is trusted by the Luxembourg government for sovereign cloud services.

What are the best open-source alternatives to mainstream SaaS tools?

For CRM, SuiteCRM or Corteza. For CMS, Wordpress on Scaleway or a static framework like Astro. For HR, OrangeHRM or MintHCM. For email marketing, Mautic. For office software, LibreOffice, Euro-Office, or OnlyOffice — usually paired with Collabora for browser-based collaboration.

Is it safe to self-host HR and customer data under GDPR?

Yes, but running the software yourself makes you the data controller, with full responsibility for secure storage, network isolation, encryption, backups, right-to-erasure handling, access auditing, and patch management. Luxembourg's CNPD runs the DAAZ (Data Accountability from A to Zen) initiative as a strong starting point for understanding GDPR obligations.

Can I replace Mailchimp or HubSpot with open-source email marketing?

Yes — Mautic is a mature open-source alternative that can be hosted on Scaleway or your own infrastructure. You will need a reputable SMTP provider (Scaleway's, Brevo, or similar), proper DKIM setup, double opt-in flows, bounce detection, and a working unsubscribe link to maintain sender reputation.

Are there sovereign payroll options for businesses in Luxembourg?

Payroll is the hardest area to go fully open-source in Luxembourg because of the country's specific indexation and regulatory environment. Microtis, hosted in a PSF-certified Luxembourg datacenter, is a widely trusted local option that can integrate with open-source HR portals like OrangeHRM to keep the rest of your stack sovereign.

Building Your Own Sovereign Tech Stack: A Guide for Small Teams

If you’re interested in real tech sovereignty, unfortunately, you’re not looking at a SaaS offering.

There are plenty of tools out there in the EU that can fit the bill of housing your data in a way that it’s not vulnerable to the US government’s CLOUD Act, and I highly recommend them. The Eurostack Initiative has a fantastic website that will give you plenty of ideas, but for our quick recommendations at Crystallized Intelligence, I’d start here.

If you’re using any of these:

CRM: Hubspot, Salesforce, Monday.com, Zoho
Website CMS: Wix, Squarespace, Hubspot CMS, even a simple Shopify site
HR/Payroll Tools: Gusto, QuickBooks, Timesheets.com
Email Marketing: Mailchimp, Hubspot Marketing
Office Software: Microsoft, Google Drive

(This is not an exhaustive list FYI)

Then you can replace them with OotB options like these:

CRM: Odoo or Brevo
Website CMS: Wordpress on Scaleway or Odoo
HR/Finance Tools: Odoo (full ERP but for SMEs)
Email Marketing: Brevo
Office Software: Proton

They won’t be a perfect match feature-for-feature, but in many cases they’re cheaper (Odoo for example, which is very affordable for the number of features it has) and they’re all based in the EU. Again, check out the Eurostack Initiative’s list for more ideas.

This blog post, however, is about BUILDING a sovereign tech stack.

Building, not buying#

I mean either building, through code, the exact solutions you want, or using an open-source, modifiable alternative that you can self-host to do what you need.

I can’t go into a how-to for every one of these, but I am happy to have a conversation with you if this is something you’re interested in doing.

Hosting: where your stack lives#

My hosting partner of choice is Scaleway. Trusted by the French government for their nation’s healthcare data, it’s one of the truly sovereign cloud options in Europe that is both feature-rich and easy to use.

They have both a console, a CLI, and you can use the AWS CLI to provision your IT infrastructure.

My own website is hosted on Scaleway, along with all of my projects. They have transparent pricing, and lots of features, so whether you simply want to get a static website online, or you want to set up your own dedicated AI model, you’ve got plenty of options to work with.

There are other alternatives to Scaleway: Hetzner, OVH, and even some solutions in Luxembourg like Proximus and DEEP, but I have found that Scaleway makes the most sense for small teams since it’s fast and easy to learn, has lots of different levels of service, and it’s a true sovereign cloud — not built on hyperscalers’ tech.

They use the AWS CLI because it’s open source — it’s not a potential dependency risk, unlike some other options that are hosted in AWS, Google, or Microsoft datacenters but “re-labelled” as sovereign — also referred to by some as “sovereignty-washing”.

However, OVH, as previously mentioned, is trusted by the Luxembourg government, and have entered into a consortium to provide a sovereign cloud solution for this country.

The open-source ethos#

Well, I said you’d have to build some of it, and that’s true. But one of my favourite aspects of working in tech is the open source ethos: collaboration, reciprocation, and freedom.

The idea is, that there is plenty of software out there already that is free to use. It’s been created by a vast community of people who are generally unpaid for this labour, but it’s for the love of the game. They’re solving niche problems and they create a cycle of dependency on one another that fosters innovation, growth, and community.

If you’re going to use open source resources to build a solution, I recommend trying to contribute back to the project whether in code or in funds. I don’t recommend trying to exploit open source without taking part in its improvements. But, it means you don’t actually have to build 100% of the features you want in different technologies.

CRM options#

SuiteCRM is the #1 open source option, and Corteza is another that is considered privacy-focused (and GDPR compliant).

SuiteCRM has GDPR add-ons, which cost money, and I’d recommend being cautious about trying to build one yourself unless you’re a real GDPR expert.

There are some people out there who think you can build a CRM through pure vibe coding. I don’t recommend this because CRMs have been developed with a lot of trial and error throughout the years.

However, if your CRM is currently an excel spreadsheet (which does happen), you might be able to vibe code something to replace that. Just make sure to build-in GDPR features for data exports and deletions to respect your customers and protect your company.

CMS options#

I love a CMS. I come from a marketing background, and they’re a great tool for low-tech people to contribute to a website. However, as a marketer who codes, now doing more coding than marketing, I was always frustrated with the constraints of a CMS. You have to fill in information in so many disparate places in order to achieve SEO goals or set up data flows in a way that content would appear where it should.

Now, my website is built on Astro, hosted on Scaleway.

It’s a framework used to build extremely fast, content-driven sites with plenty of modern features (optimized images, transitions, etc).

It’s very AI-friendly because a lot of it relies on Markdown — you can write your blog posts in Markdown, for example, and get an AI to edit it quickly. Of course they have an MCP server, so you can work with your site with AI. I built my site by talking to an AI Harness and making some tweaks on my own. I did have a prototype version made in Hubspot, but I made improvements to parts of my new website using AI.

Lighthouse performance scores for crystallized.lu

My current Lighthouse score is quite good: the SEO “mark” is only lower because I have optimized for AI search, which uses a format that this developer tool has not yet integrated as a best practice (since this SEO method is currently evolving, and may end up going a different route).

I would really recommend this to anyone of any tech level. I can also help you build a site this way.

For forms, and other features on a site, you’ll need to set up a private API, but that’s also achievable via Scaleway. Not a huge cost, and means you’re not paying for costly forms. You can set up the forms to communicate with Brevo, Odoo, or any other tools I mentioned.

Do please ensure you ask your coding agent to do a security review for things like CORS, exposed secrets, input validation, etc.

HR and payroll tools#

Ok, this is an area I’m not a great expert on. Still? I have confidence that for a small team, there are great, self-hosted options.

OrangeHRM is a leader in the HR space, and MintHCM touts its AI-enabled capabilities, for teams who are looking for such a setup. Either can be self-hosted, and are free to download and use. They can be modified by adding/removing modules, integrating to other systems, translated to the language used by your business, etc.

However, running this software yourself makes you the data controller, so you need to be able to store the data securely, and offer ways to meet the requirements of GDPR for employers/employees.

The DAAZ (Data Accountability from A to Zen) initiative by CNPD (Commission Nationale pour la Protection des Données) is a great place to start learning about GDPR from both an HR and customer-facing perspective.

However, if you feel you already have an understanding of this topic, you may be ready for the next considerations:

Where will you host your database? The same instance as your app (cheaper), or a separate managed database (safer)?
How will you handle network isolation so you can only access the database via a secured connection?
How will you handle encryption?
Where will you backup your data? How long will you store it for?
How will you handle right to erasure while maintaining the information you legally have to preserve?
How will you audit who looked at what? And what access control will you implement to make sure no one is sharing accounts or looking at things they shouldn’t see?
Do you have the capability to handle patches, monitoring, migration, and upgrades (on a staging environment, no less)?

This is a lot of work. A partner who knows how to handle such a project goes a long way. But, if you’re a really small team (a handful of people), this can be something you learn as you go if you are willing to dedicate yourself to gaining operational maturity.

Now, this section promises a payroll option, and I’d love to offer an open-source option, but the truth is, we’re in Luxembourg, and it’s complicated. To keep up with changing requirements and regulations, as well as particularities around our indexation, it’s best to stick with a tool that is made for this ecosystem.

I’ve never used them myself, but Microtis has a solution that seems to be widely trusted (even by locally renowned companies such as Namur) and from what I can tell, is hosted in Luxembourg. They don’t state who their partner is, but they say it’s a PSF datacenter, meaning it has a level of security trusted by financial institutions.

This kind of platform, integrated with your open-source HR portal, may be a good way to meet your legal obligations as an employer and stay sovereign.

Email marketing#

Now, this is an area I’m a big fan of.

I’ve worked in email marketing for more than a decade.

From Mailchimp to Hubspot, from EventBank to Eventbrite, and now, running my own email marketing through Brevo, I’ve used many different SaaS solutions.

I’ve even used tools like Smartreach to automate sales emails (which I only recommend if you have a really good strategy in place — otherwise it comes across as spam).

A few years ago, I was forced by a security-conscious IT manager to use something called Mautic, an open-source email marketing tool, which he hosted on our own company’s servers, and could only be updated with his team’s help. It was a nightmare, but there were certain things I loved about it.

For one thing, it was much more code-based for designing emails. Using MJML (which you can try here) I was able to design much more beautiful email templates than with other drag-and-drop tools that were limited in their responsiveness, and didn’t test well in Outlook (the bane of every email marketer’s existence).

The issues with updating its database and sending out emails would be easier for us to manage nowadays, since we’d be able to build something custom more quickly to handle the orchestration. And this IT manager was ahead of his time — by insisting that all data was owned by the company, that our website was hosted on our own servers, our ERP, our email marketing, our POS, and everything else possible, he was able to build a highly-secure environment that I think a lot of other businesses would be jealous of now that we’re all trying to get off of American SaaS.

If you want to use Mautic (on Scaleway or elsewhere), here is my advice:

Follow the documentation carefully.
Make sure you’ve set aside a few days before you need to start using it for campaigning. If you’ve never done something like this, don’t expect it to just work in an afternoon.
Find a reputable SMTP. You will likely need to pay for this. Scaleway has one, or you can use something like Brevo to facilitate it. You can build one yourself, but then you have an uphill battle in ensuring its reputation, both at the start, and ongoing.

What do I mean by reputation? Basically, marketing emails are filtered by email providers based on how trustworthy they seem. There are ways to improve your reputation that are both directly and indirectly monitored by these providers.

Is your DKIM set up properly? Did the contact actually subscribe to receive this email? Did they double opt-in? Have you warmed up your email before sending to a large list? Are you spamming people who haven’t engaged in 6 months? Are you detecting bounces? Does your unsubscribe link work?

If you haven’t thought about these questions you might want to learn a bit more about email marketing before trying to set it up via Mautic, but it’s highly doable and a great cost-saver at scale, not to mention, it allows you to ensure sovereignty.

Office software#

This is an exciting area with a lot of ongoing changes.

Some AI-first businesses are actually switching to all Markdown files now, which eliminates the need for docx. But, if you’re not ready for that, or you’re dealing with clients who want docx, you need a reliable way to use that format.

You may also want to use excel in the same “universe” as the rest of your files, so you can easily link to and from information, like in Google Docs or Microsoft Office.

Here are some ideas for individual replacements:

Word:

Markdown + Pandoc
- Using Pandoc to convert formats can help you work on files with clients. Clunky, but doable.

Excel:

VS Code and an extension
- More comfortable for developers but gets the job done

Powerpoint:

Presenton
- Actually fantastic. BYOK (bring your own key) for AI use, completely open-source and can be used free forever, has (paid) support for specific cases. In 2026, you should not be manually making powerpoints. That world is over, and thank god.

Notetaking across devices:

Obsidian
- Very popular for AI-first use cases, with free and paid options

Everything in 1:

These are all open-source alternatives to MS Office. They all have advantages and disadvantages — Euro-Office, however, has an interesting story behind it, with a goal to help move off of American SaaS for European companies and institutions, and is backed by companies I trust, like Proton and Nextcloud. This has caused drama with OnlyOffice that I won’t get into.

To get them to work with a SaaS-like experience, accessible in the browser from anywhere but self-hosted, is possible but requires a bit of time and effort investment. You’ll probably want to pay for a business license with Collabora or another competitor so that everything works smoothly. It starts at 3€ per user per month, so not terribly expensive. You can use Collabora’s own office suite directly in its deployment (which is based on Libreoffice, though there is some drama around that), but its backend is designed to be agnostic, so you can switch out for OnlyOffice or another set of applications if you prefer. They also integrate with other tools that may be interesting for you in making your business sovereign, like Wordpress.

I just want to note before I finish this blog post that I have never in my life seen such drama as I have in this particular niche (open source office tools). Godspeed to everyone involved — I just hope we get to a place where MS Office is no longer the market-domineering force, and I wish you all luck on your journey to getting there.

Final thoughts#

Using open-source to build your own company’s tech stack can sound like a headache, and in some ways, it is. In order to gain privacy, autonomy, and independence from foreign governments, vendors who want to raise prices, and be able to easily customize your tools to fit your own needs, some sacrifices need to be made.

There has never been a better time to take on this challenge, and I’ll bet that in 2, 4, or 6 months from now it’ll be even easier. AI coding tools are changing the ways that humans interact with their machines, allowing us to translate our goals from natural language into working code.

There are security risks that go along with this — as our coding agents get better, hackers are also being better equipped, and existing vulnerabilities are being exposed and exploited. Not just for the DIY projects, like what I’ve laid out here, but even for market-leading brands.

It’s important to make decisions on what you want to take into your own hands or not, and what you’re willing to risk by moving to self-hosted, open-source tools, as well as what you’re willing to risk by not doing so.

The one thing AI may never replace is human intuition. Mine is telling me we’re on the edge of a new era for entrepreneurship and a way to make opportunities more equal through technology. But, it also says we can only accomplish this if we’re willing to take risks.

Are you willing to give it a try? Let me know if you want to talk about your needs for sovereign technology at your company.