Skip to main content
WAIMAKERS
About UsCareersContact
|
Schedule Free Call
Back to overview

n8n

n8n

CompliantEU: AvailableNo TrainingCustomMulti-region

Business Plan Price

€24-800/month

Enterprise Features

Self-hosted on-premises, SSO/SAML (paid license), LDAP, Git version control

Last Updated

March 23, 2026

n8n - GDPR & Data Privacy Overview for European Clients

Version: March 2026 - prepared by WAIMAKERS B.V.

1 Purpose

This overview explains how n8n deployment options (Self-hosted Community, Cloud Starter/Pro, and Enterprise) handle data in relation to GDPR, with a focus on European customers. n8n is an open-source workflow automation platform developed by n8n GmbH, a Berlin-based company that prioritizes security and privacy by design.

2 Comparison of n8n Deployment Options (EU focus)

Tier Data Location Control EU Data Centers Training on data? GDPR Compliance SOC 2 Price
Self-hosted (Community) ✅ Full control ✅ Your infrastructure ✅ No (data never leaves your servers) ✅ Full compliance (you are the controller) N/A Free (infrastructure costs only)
Cloud Starter ⚠️ Managed by n8n ✅ EU data centers (Frankfurt, Azure) ✅ No ✅ Compliant (DPA with SCCs) ✅ SOC 2 Type II €24/month (monthly billing); €20/month (annual) - execution-based
Cloud Pro ⚠️ Managed by n8n ✅ EU data centers (Frankfurt, Azure) ✅ No ✅ Compliant (DPA with SCCs) ✅ SOC 2 Type II €60/month (monthly billing); €50/month (annual) - execution-based
Enterprise ✅ Self-hosted or Cloud ✅ Your choice ✅ No ✅ Full compliance ✅ SOC 2 Type II Custom pricing (contact sales)

Notes for Europe

  • Data sovereignty: Self-hosted deployment keeps all workflow data, execution logs, and credentials on your infrastructure. Data never passes through n8n servers.
  • Cloud hosting: n8n Cloud processes data in European data centers, ensuring EU data residency for GDPR compliance.
  • No training on customer data: n8n does not use customer workflow data, execution logs, or any user data for AI/ML model training across any plan.
  • Infrastructure: Berlin-based company (Germany). Cloud version uses Azure with Frankfurt (EU) region deployment.
  • Billing model: Cloud plans are billed based on executions (not number of workflows). All plans include unlimited active workflows.
  • SSO/Git version control: Moved behind the paid Self-Hosted Business license; no longer available on Community Edition. A new Self-Hosted Business tier exists with a license fee for teams requiring SSO/SAML, Git-based version control, and advanced security on self-hosted deployments.
  • Data retention: Fully configurable. Self-hosted users control retention policies via environment variables. Cloud users can configure execution data retention and pruning.
  • Pricing: All prices in EUR. No VAT included in listed prices (VAT applies per EU regulations).

3 Is n8n GDPR-Compliant?

Short answer: Yes. All n8n deployment options can be GDPR-compliant. Self-hosted deployments offer maximum control (you act as the data controller), while Cloud plans include a Data Processing Agreement with Standard Contractual Clauses and EU data centers.

What applies to all plans:

  • No training on customer data - n8n does not use workflow definitions, execution data, credentials, or any customer information for model training or product improvement analytics (unless explicitly opted in for anonymous usage statistics).
  • Berlin-based company - n8n GmbH is headquartered in Germany and operates under EU/German privacy laws.
  • Open-source transparency - The core n8n platform is open-source (fair-code licensed), allowing full code audits and security reviews.

What's deployment-dependent:

  • Self-hosted (Community & Enterprise): You have complete control over data location, retention, access controls, and infrastructure. You are the data controller. n8n never sees your data.
  • Cloud (Starter & Pro): n8n acts as both Controller (for account/billing data) and Processor (for workflow execution data). Includes DPA with Standard Contractual Clauses. Data hosted in EU.
  • Enterprise: Offers both self-hosted (full control) and managed cloud options, plus advanced features like SSO/SAML, LDAP integration, Git-based version control, and SLA support.

Infrastructure options:

  • Self-hosted: Deploy on any infrastructure (on-premises, your cloud provider, air-gapped network). Complete flexibility.
  • Cloud: Hosted on AWS in European regions for EU customers.
  • Enterprise self-hosted: Can be deployed fully on-premises, in your private cloud, or air-gapped for maximum security.

What that means in practice:

  • For startups/small teams with EU customers: Cloud Starter or Pro plans provide GDPR compliance out-of-the-box with minimal setup (€20-50/month).
  • For enterprises with strict data residency requirements: Self-hosted Enterprise edition enables on-premises deployment with full data sovereignty.
  • For developers/technical teams: Self-hosted Community Edition (free) offers complete control and GDPR compliance if you manage your own infrastructure.

Buyer's note: Self-hosted deployments offer the strongest GDPR position (complete data sovereignty). Cloud plans are GDPR-compliant with EU data centers and SCCs. Choose based on your technical resources and control requirements.

4 Details by Offering

Self-hosted Community Edition

  • Deployment model: Open-source software you run on your own infrastructure (Docker, Kubernetes, npm, etc.)
  • Data collection: Zero. All workflow data, execution logs, credentials, and user information stay on your infrastructure. n8n never sees your data.
  • Training: Not applicable - no data transmitted to n8n.
  • Retention: Fully under your control. Configure via environment variables (e.g., EXECUTIONS_DATA_PRUNE=true, custom retention periods).
  • Compliance: You are the data controller. SOC 2 not applicable (self-managed).
  • Pricing: Free (open-source). Only infrastructure costs apply (server hosting, typically €5-15/month for basic VPS).
  • When to use: Teams with technical expertise who want complete data sovereignty, or when GDPR/compliance requires on-premises deployment.
  • When not to use: If you lack infrastructure management capabilities or prefer fully managed solutions with vendor support.

Cloud Starter Plan

  • Execution limit: Billed by executions per month (no active workflow limits - unlimited active workflows included).
  • Data collection: n8n collects workflow execution data, logs, and credentials (encrypted). Stored in EU data centers (Frankfurt, Azure).
  • Training: n8n does not train on customer data.
  • Retention: Configurable execution log retention. Can enable automatic pruning of old execution data.
  • DPA: Data Processing Agreement with Standard Contractual Clauses included.
  • Important limitation: 1 shared project, 5 concurrent executions, forum support only (no direct support).
  • Pricing: €24/month (billed monthly) or €20/month (billed annually)
  • When to use: Small teams or individuals getting started with workflow automation who need EU-compliant hosting.
  • When not to use: If you need more executions, multiple projects, or direct support.

Cloud Pro Plan

  • Execution limit: Higher execution allowance billed per month (no active workflow limits - unlimited active workflows included).
  • Data collection: Same as Starter - stored in EU data centers (Frankfurt, Azure) with encryption.
  • Training: n8n does not train on customer data.
  • Retention: Configurable execution log retention with 7 days of insights/analytics.
  • Additional features: 3 shared projects, 20 concurrent executions, admin roles, global variables, workflow history.
  • DPA: Data Processing Agreement with Standard Contractual Clauses included.
  • Pricing: €60/month (billed monthly) or €50/month (billed annually)
  • When to use: Growing teams running production workflows who need more execution capacity and collaboration features.
  • When not to use: If you need SSO/SAML, advanced user management, or high execution volumes (consider Self-Hosted Business or Enterprise).

Self-Hosted Business

  • Deployment model: Self-hosted on your own infrastructure with an n8n license.
  • Key features: SSO/SAML, Git-based version control for workflows (these features are no longer available on Community Edition and require this paid tier), advanced user management, audit logs.
  • Pricing: €800/month (license fee; self-hosted infrastructure costs are additional).
  • When to use: Teams that need SSO/Git version control on self-hosted infrastructure without full Enterprise requirements.
  • When not to use: If Cloud plans meet your needs, or if you require n8n-managed infrastructure.

Enterprise (Self-hosted or Cloud)

  • Deployment options: Self-hosted on your infrastructure OR managed cloud with dedicated support.
  • Advanced security features: SSO/SAML, LDAP integration, enforced 2FA, audit logs, IP allowlisting.
  • Developer features: Git-based version control for workflows, separate dev/staging/prod environments.
  • Scaling: Unlimited executions, multi-instance deployment support (200+ executions/second per instance).
  • Compliance: SOC 2 Type II report available on request. Self-hosted option enables full GDPR compliance with data sovereignty.
  • Support: Dedicated email support with SLA, priority bug fixes, 1:1 consultations with n8n engineers.
  • Pricing: Custom pricing (contact sales). Typically starts at several hundred euros per month depending on deployment size and features.
  • When to use: Large organisations with complex automation needs, strict compliance requirements (GDPR, ISO 27001, SOC 2), or need for on-premises deployment.
  • When not to use: If Cloud Starter/Pro meets your needs and budget constraints are tight.

5 Data Processing Flow

[User creates/triggers workflow]
  ↓
[n8n execution engine]
  ├─ Self-hosted: All processing on your infrastructure
  │   └─ Data never leaves your servers
  │   └─ You control all storage, logs, credentials
  |
  └─ Cloud: Processing in n8n-managed EU data centers
      ├─ Workflow executions logged (configurable retention)
      ├─ Credentials encrypted at rest
      └─ Data stored in AWS EU regions
  ↓
[External integrations/APIs]
  └─ n8n connects to third-party services per workflow configuration
  └─ Data flows directly from n8n instance to integration endpoints
  └─ n8n acts as a passthrough; does not store integration responses long-term
      unless configured to do so in workflow

*Execution logs and workflow history can be automatically pruned based on 
retention policies. Self-hosted users have full control via environment variables.*

6 Recommendations (GDPR-first)

  • For maximum GDPR compliance and data sovereignty, prefer Self-hosted (Community or Enterprise) - data never leaves your infrastructure.
  • For teams without dedicated DevOps, use Cloud Starter or Pro - includes DPA with SCCs and EU data centers out-of-the-box.
  • For enterprises with SSO/SAML requirements, Enterprise is required (self-hosted or cloud).
  • Complete a DPIA (Data Protection Impact Assessment) if processing sensitive personal data (health, financial, biometric) through workflows.
  • Configure execution log retention to minimise data storage - enable automatic pruning for old executions.
  • Do not use Cloud plans if your organisation requires air-gapped deployment or prohibits any cloud processing (use self-hosted Enterprise).

7 EU Rollout Checklist (Practical)

  1. Choose deployment model - Determine whether self-hosted (max control) or Cloud (managed, EU-hosted) fits your technical capabilities and compliance requirements.
  2. Review and sign DPA (Cloud users) - n8n Cloud includes a Data Processing Agreement with Standard Contractual Clauses. Review these documents and ensure they're executed before production use.
  3. Configure data retention policies - Set environment variables (self-hosted) or configure settings (Cloud) to automatically prune old execution logs. Typical retention: 7-30 days for non-critical workflows.
  4. Implement access controls - Use n8n's user management features (Pro/Enterprise) to enforce least-privilege access. Enable SSO/SAML and 2FA for Enterprise deployments.
  5. Document your workflows - Maintain an inventory of workflows, what data they process, and which external integrations they connect to. This supports GDPR Article 30 record-keeping obligations.
  6. Secure credentials - n8n encrypts credentials at rest. For self-hosted, ensure your database encryption keys are properly managed and backed up securely.
  7. Set up monitoring and audit logs - Enterprise plans offer advanced audit logging. Configure alerts for workflow failures and security events.
  8. Train your team - Ensure users understand GDPR implications of the workflows they build, especially when processing personal data through external APIs.

8 Procurement Quick Answers (EU)

Does n8n sign a Data Processing Agreement (DPA)?

Yes, for Cloud plans. n8n's DPA is included as part of the Cloud Terms of Service and includes Standard Contractual Clauses for international data transfers. Self-hosted deployments don't require a DPA with n8n (you control the data).

Where is data stored for Cloud plans?

EU customers' data is processed and stored in AWS data centers located in European regions. n8n GmbH is based in Berlin, Germany.

Can we deploy n8n fully on-premises?

Yes. Self-hosted Community Edition (free) and Enterprise Edition can be deployed entirely on your infrastructure - on-premises, in your private cloud, or air-gapped.

Does n8n use our workflow data for training AI models?

No. n8n does not use customer workflow data, execution logs, credentials, or any proprietary information for training models or product analytics (beyond optional anonymous usage statistics you can opt out of).

Is n8n SOC 2 compliant?

Yes. n8n maintains SOC 2 Type II compliance and undergoes annual audits. SOC 2 reports are available to Enterprise customers on request. SOC 3 report is publicly available.

What about ISO 27001 certification?

As of October 2025, n8n is SOC 2 Type II certified but does not publicly advertise ISO 27001 certification. Contact n8n sales for latest compliance certifications.

Can we control data retention periods?

Yes. Self-hosted users control retention via environment variables. Cloud users can configure execution data retention and enable automatic pruning of old logs.

What's the pricing model?

Cloud plans use an execution-based billing model: Starter starts at €24/month (monthly) / €20/month (annual); Pro at €60/month (monthly) / €50/month (annual). All Cloud plans include unlimited active workflows. The Self-Hosted Business tier costs €800/month and includes SSO and Git version control. Enterprise pricing is custom based on deployment requirements.

9 Notes & Caveats

  • Fair-code license: n8n uses a "fair-code" license (Apache 2.0 with Commons Clause). Source code is available for review, but production use for commercial purposes requires appropriate licensing (free for self-hosted non-SaaS use, paid for embedding in commercial products).
  • Execution limits: Cloud plans have monthly execution limits. Overages are charged additionally. Plan accordingly based on workflow frequency.
  • Self-hosted maintenance: Community Edition requires you to manage updates, security patches, backups, and infrastructure. This requires technical expertise.
  • Third-party integrations: When n8n workflows connect to external APIs (Google, Slack, etc.), data passes through those third-party services. Review those vendors' GDPR compliance separately.
  • Credential security: While n8n encrypts credentials at rest, the encryption key must be securely managed (especially for self-hosted). Losing the encryption key means losing access to stored credentials.
  • Cloud vs. self-hosted features: SSO/SAML and Git-based version control are no longer available on Self-Hosted Community Edition; they now require the paid Self-Hosted Business license (€800/month) or Enterprise. Review the feature matrix before choosing a deployment model.

10 Disclaimer

This overview is intended solely as an informative tool. We strongly advise customers to thoroughly review all Data Processing Agreements (DPAs) and privacy documentation before deploying n8n in production environments - especially when personal data, financial data, or health information are processed. WAIMAKERS applies this same principle internally; all tools we use have been thoroughly assessed and included in our own privacy and security documentation. Customers should always carefully evaluate the official documentation, terms, and DPAs of each automation platform they use. WAIMAKERS cannot be held legally liable for any mistakes, errors, inaccuracies, or for the accuracy, currency, or completeness of the information in this document; the ultimate responsibility for GDPR compliance rests with the customer.

Prepared and issued by WAIMAKERS B.V. - March 2026.

References

  • https://n8n.io/pricing - n8n Pricing (Cloud Starter €24/mo monthly, Pro €60/mo monthly, Self-Hosted Business €800/mo, Enterprise custom)
  • https://n8n.io/legal - n8n Legal & Terms (includes DPA, Privacy Policy, and Compliance documentation)
  • https://docs.n8n.io/hosting/ - n8n Self-Hosting Documentation
  • https://docs.n8n.io/security/ - n8n Security & Privacy Practices
  • https://n8n.io/security - n8n SOC 2 Type II Compliance

Need help navigating AI?

Schedule Free Call
WAIMAKERS

Learn. Lead. Make.

AI Transformation Boutique · Amsterdam

Make work exciting, make businesses unstoppable.

Who We Help

View all roles & industriesCEOs & Board MembersPE & Investment ManagersCFOs & Finance LeadersInnovation DirectorsCTOs & IT LeadersCommercial Directors

What We Do

View all servicesOur ApproachLearnTailored Training ProgrammesAI Champions ProgrammeAgentic Way of WorkingE-learningLeadMake

Company

About UsResourcesContactCareersPodcast ↗

© 2026 WAIMAKERS. All rights reserved.

Privacy PolicyCookie Policy