🇩🇪 Deutsch
Contact
← All articles

Six Principles for Strategic Software Infrastructure

Krito Franke
valuesopen-sourcedata-privacyintegrationai

This article is a translation. Read the original →

Six principles that guide our work. How we build software infrastructure, and why.

TLDR;

  • No Vendor Lock-in
  • Open Source Software
  • EU Hosting
  • GDPR+ (fair treatment of others, protecting your own reputation)
  • AI as an integration window into traditional software
  • AI is a support tool, humans steer

1. Freedom of Choice: No Vendor Lock-in

Platforms change. Prices rise, features disappear, terms get adjusted, often not in the user’s favor. That’s not always malicious, but once you’re locked in, switching becomes painful. Some platforms exploit this deliberately. That’s why we always keep the exit open, especially right now, when new software is sprouting up everywhere.

In practice, this means:

  • Data export must be possible. Whoever holds the data must be able to hand it back, in a usable format.
  • Self-hosted over SaaS. Where feasible, we prefer solutions you can run yourself. Open standards, Docker, your own servers.
  • Proprietary software only where necessary, and even then with a data exit path.

The advantage isn’t just ideological. Those who can switch can renegotiate. Those who are locked in pay whatever is demanded.

The LinkedIn Example

LinkedIn is a good example of this dynamic. The platform is relevant for B2B, but it’s becoming increasingly difficult to use: more algorithmic noise, declining organic reach, high prices for Sales Navigator. Integration with your own software infrastructure is actively prevented by LinkedIn (ToS, bot detection).

The EU has classified LinkedIn as a “Gatekeeper” under the Digital Markets Act. Portability APIs formally exist, but according to a MyData Global study they are “clunky, hard to access, and poorly documented.” The study could not find a single software project that had successfully connected to the API.

Our approach: Use LinkedIn, but don’t depend on it. Transfer relevant contacts into your own CRM, build parallel channels. If the platform changes, we adapt, instead of panicking.

Sources

2. Open Source Software

We recommend open source as a starting point. There is a surprising amount of high-quality Free & Open Source Software (FOSS) and Open Core software out there.

We’ve evaluated dozens of tools. This is the stack we use day to day:

AreaToolLicense
Project ManagementPlaneOpen Core
Automationn8nOpen Core
Cloud StorageSeafileOpen Core
Team ChatRocket.ChatOpen Core
Git + CI/CDForgejoFOSS
Office SuiteOnlyOfficeOpen Core
PasswordsVaultwardenFOSS
VideoJitsiFOSS
VPNWireGuardFOSS
AnalyticsUmamiFOSS

The downside: integration. Open source projects often have less funding and less pressure to gain market share. Strategic integrations are frequently neglected because they’re not the most exciting programming task.

Where SaaS Is the Better Choice

Three exceptions, each with a specific reason:

  1. Pipedrive (CRM) — No self-hosted CRM has comparable workflow integration. We evaluated Twenty, Frappe CRM, Krayin, and Erxes. Pipedrive has a solid API and export. The exit path exists.
  2. Mistral (AI) — Self-hosting with Ollama is possible, but hardware costs are currently too high.
  3. Claude (AI + Code) — Claude Code is hard to replace right now. We’re keeping an eye on this.

The pattern: SaaS where FOSS can’t compete, but always with an open API/export.

The Business Case

At what team size does self-hosting pay off? Our experience:

  • Solo founder: Setup costs time, cost advantage comes later
  • 5–10 users: Per-seat pricing becomes noticeable, self-hosted becomes attractive
  • 20+ users: Clear difference. SaaS costs scale linearly, server costs barely do.

Free Data Belongs to the Customer

A point that matters to us: When we research publicly available data for clients, that data belongs to the client. Not to us.

The business model of tools like Apollo, Hunter, or ZoomInfo is built on scraping the internet and selling the same data over and over again. We find that questionable. When we collect data for a client, the client gets the data. We don’t resell it, we don’t hoard it. We want to provide infrastructure that empowers everyone to do this research themselves.

Sources

3. Hosting in Germany or the EU

We recommend hosting business data in Germany because jurisdiction determines which rules apply. The GDPR as the most important regulation is implemented EU-wide, so we see no issue as long as we stay within the EU.

Our own infrastructure runs on Hetzner in Falkenstein: German law, GDPR, no foreign government requests. When Germany isn’t an option, we work with a clear hierarchy:

  1. Germany — First choice
  2. EU — GDPR applies
  3. US-owned, EU data center — The CLOUD Act is a problematic factor
  4. USA — Only when unavoidable (e.g., certain AI APIs)

Why This Is More Than Theory

A documented example: Amazon Marketplace. A 2020 WSJ investigation showed how Amazon used seller data: revenues, prices, margins, inventory of individual merchants. This data fed into decisions for Amazon’s own products. Customers became competitors.

The EU Commission formally determined in 2020 that Amazon violated competition rules. In 2022, Amazon accepted binding commitments.

This is an extreme case. But it illustrates a dynamic worth keeping in mind: platforms with access to business data have options that don’t always serve their users’ interests. Those who choose their infrastructure so this dynamic can’t take hold sleep better.

Sources

4. GDPR Compliance Is the Bare Minimum

GDPR compliance goes without saying. But our actual standard is different: we work the way we’d want to be treated ourselves.

The first three principles create the technical foundation for this. Avoiding lock-in gives us flexibility, open source gives us control, German servers give us legal clarity. That allows us to make conscious decisions about how we handle data.

The GDPR sets the floor. We don’t want to lose customer data to foreign companies through carelessness, nor do we want to intrude on other people’s privacy and harass them algorithmically. That’s how we understand the spirit of the GDPR, and it should be honored, not just the letter.

The Spam Question

An example: Recently, one of our clients was pitched an outreach tool: 8,000 emails per week, 5% reply rate, 30% of those positive, 45% of those convert to a deal. Conversion rate: 0.675%.

That means: 99.3% of the people contacted receive a message they didn’t ask for. Technically a legal gray zone because it’s B2B. But is that the way you want to build business relationships?

We don’t think so. And the numbers back us up: reply rates for cold emails dropped from 6.8% (2023) to 5.8% (2024), a 15% year-over-year decline. 71% of decision-makers cite lack of relevance as the main reason for not responding. The strategy is eating itself.

What Targeted Outreach Looks Like

The GDPR permits contact under “legitimate interest.” We take that seriously: look for signals (job postings, conference appearances, LinkedIn activity), use public sources, document why you’re reaching out to someone.

Sources

5. Integration Is the Key to the AI Era

Systems that don’t talk to each other create manual work. And manual work creates errors, inconsistency, and frustration. Good integration is the foundation for everything else.

Our recommendation: Every type of data needs a clear owner, a single source of truth. Sales data lives in the CRM, documents in cloud storage, code in Git. Other systems read from there.

The Integration Hierarchy

Not every integration needs enterprise middleware. Our preference:

  1. Native Integration + MCP Server — Real-time, bidirectional
  2. REST API + Webhooks — Programmatic
  3. Manual Export + AI Reformatting + Import — Semi-automated
  4. Copy-Paste — Last resort

For simple workflows we use n8n as an orchestration layer: notifications, prototyping, low-volume automation. For complex AI integration we work at the code level. n8n is the Swiss Army knife, not the factory.

AI as an Integration Window

The most exciting thing happening in integration right now: the Model Context Protocol (MCP). Any tool with an MCP server can be connected to an AI chatbot. In a single conversation, AI can access your CRM and internal documents at the same time.

This AI window into all software platforms creates integrated visibility. Once MCP servers can not only read but also write, users can control their entire software stack through AI. From our perspective, this is the future of integration.

Currently, this market is underserved. Make, Zapier, and n8n provide many connectors, that’s their greatest strength. But they’re not designed AI-first: workflows have to be built by hand, and the advantages of AI don’t come into play. Loops and if-then logic that would be a few lines of code become large block constructs. This just inverts the difficulty: integration is easy, processing is hard.

Claude Code (and others) offer a real alternative here. Complex logic can now be implemented with natural language, and you quickly get solutions that map exactly to your workflow. But as soon as these meet the real world, you hit exactly the problems that low/no-code tools have solved well: infrastructure (where does the code run), integration (how do I connect my software), and authentication (OAuth, bearer tokens need to be stored and managed). These things remain complicated even in the AI era. A true solution for non-developers is not yet in sight.

Sources

6. AI for Support, Humans for Decisions

AI makes teams more productive. If not now, then in the near future. The more interesting question is: What do you do with that productivity?

AI is strong at structuring knowledge, combining information, accelerating research. What used to take hours now takes minutes. That’s a real gain.

But there’s a line we draw deliberately: business relationships. Partnerships, strategy conversations, and important decisions need humans. Trust is built through real interaction, time, and attention, and that doesn’t scale.

AI is poor at decision-making because it doesn’t reason logically. It selects based on statistical frequency in the training data and then finds a plausible-sounding rationalization. That’s dangerous, because it often takes experts to recognize why certain decisions are completely unrealistic. But AI is strong at the administrative side of knowledge work: opening up possibility spaces, fanning out options, filtering by criteria.

The Spam Temptation

AI makes mass outreach technically trivial. Thousands of “personalized” messages, sent automatically. But “personalized” doesn’t mean “personal.” The recipient can tell the difference, and the numbers show it: 51% of all spam emails are now AI-generated, and trust is measurably declining.

Our approach: AI for research, preparation, analysis. Communication with people, we do that ourselves.

AI Agents and Security

A point that often gets lost in the current AI enthusiasm: AI agents with system access are a security concern. Prompt injection is real: malicious instructions can be hidden in emails or documents. An AI agent that reads this content can be manipulated.

That’s why we recommend not letting AI act unsupervised. Supervision is part of a professional setup, not overcaution, but due diligence.

The Balance

AI makes us more productive. But building relationships, taking responsibility, and earning trust stays human. These aren’t inefficiencies. They’re the core of business.

Sources