From 25 servers to 600+. The story is short.
We started in 2015. The first rack held 25 machines. Eleven years later, the count is past 600 and we still know each one by hostname. Growth came from a specific kind of customer: senders who got tired of explaining to procurement why their email data sits in us-east-1 even though they sell exclusively to German hospitals or French banks.
In July 2021, we consolidated operations to a dedicated Tallinn facility. The move was not cosmetic. It was the response to a regulatory environment in which "EU region" of a US cloud no longer satisfies the procurement teams of GDPR-bound enterprises — and to our own decision that running infrastructure we don't control would eventually become a marketing claim we couldn't defend.
No public cloud provider sits between you and your delivery infrastructure. The hardware is colocated in a Tier III equivalent facility under our operational control. The legal owner of the hardware, the contractual party for your service agreement, and the entity holding your data processing addendum are the same Estonian company. There is no parent jurisdiction that can override Estonian law on data access.
The CLOUD Act problem nobody on a US cloud can solve
The Clarifying Lawful Overseas Use of Data Act, signed into US law in March 2018, gives US authorities the power to compel US-incorporated providers to disclose customer data — regardless of where that data is stored. AWS Frankfurt does not change the analysis. Google Cloud's Belgium region does not change the analysis. If the legal entity above the data center is American, the disclosure obligation reaches across the Atlantic.
For most senders this is a theoretical concern. For some it is contractual: enterprise procurement teams at German Mittelstand companies, French insurers, Dutch healthcare networks, and Nordic public sector buyers increasingly will not sign vendor contracts where the legal stack reaches a CLOUD Act jurisdiction. They are not paranoid. They are reading the same regulatory guidance their auditors will read next year.
Our jurisdictional position is straightforward. Estonian incorporation. Estonian operating entity. Estonian data center. Estonian governing law on the master service agreement. No US holding company, no US subsidiary, no US revenue channel that creates a jurisdictional hook. When a procurement team asks the data residency question, the answer fits in a single sentence and survives the followups.
What runs on the 600+ servers
The fleet is dedicated to email infrastructure. Not general-purpose hosting, not web application stacks, not Kubernetes clusters that happen to send mail. Every machine has a job related to outbound delivery, queue management, reputation monitoring, or the application layer that sits in front of those.
Hardware decisions, briefly
Email is I/O-bound, not compute-bound. PowerMTA writes every queued message to disk before attempting delivery. At 500,000 messages per day, the spool sees hundreds of thousands of small-file operations. NVMe storage cuts queue latency dramatically compared with SATA SSD; spinning disks are not viable above 50,000 messages/day on a single host.
Network throughput rarely saturates a 1 Gbps uplink for SMTP. The bottleneck is per-destination throttling enforced by recipient ISPs, not the local pipe. We provision 1 Gbps as standard and 10 Gbps for clusters that aggregate traffic across many sending IPs. CPU matters mainly for DKIM signing volume and TLS termination; the 4-core minimum on entry tier covers most production workloads.
RAM is allocated generously. The OS page cache holds spool data in memory between disk write and the moment delivery completes, which absorbs the burstiness of campaign launches without forcing repeated disk re-reads. 32 GB is the practical floor for any server doing more than 250,000/day; 64 GB and 128 GB tiers handle million-per-day workloads comfortably.
Network, IPs, and the reputation question
The facility advertises clean IPv4 ranges acquired and maintained for email use. Reputation work begins before an IP enters customer service: every block goes through warming validation against major ISP postmaster signals before being assigned. When a customer leaves, the IP is held in a cooling pool rather than being recycled the same week to the next account — a small cost we absorb because reputation contamination across tenants is a category of failure we refuse to ship.
Reverse DNS is configurable per IP, per customer, through our portal. PTR alignment with EHLO/HELO hostname is a non-negotiable for German ISPs (GMX, T-Online, web.de) and a reputation factor at Microsoft Outlook. We don't accept new sending traffic without it correctly configured.
For the technical underpinnings of how reputation works at the IP level, the dedicated reference is in our sender reputation glossary entry and the operational view is in IP warming.
Why Estonia, specifically
Estonia is a member state of the European Union. It is bound by GDPR directly. It is bound by the upcoming NIS2 transposition timetable. Personal data processed in Estonia is processed under EU law, with EU regulatory recourse available to the data subject. There is no adequacy bridge to negotiate, no Standard Contractual Clauses to maintain. Data goes from your infrastructure to ours and stays inside the European Economic Area.
Estonia is also the jurisdiction with the most mature digital governance in Europe. The e-Residency program lets non-EU founders incorporate and operate Estonian companies remotely, which is part of why Estonia has more startups per capita than most EU countries and a small but capable infrastructure ecosystem. The country runs e-government services that most EU member states have not yet built. None of this directly affects the data center itself, but the ecosystem matters: getting permits, hiring engineers with EU work authorization, and dealing with regulators is meaningfully easier here than in larger EU economies where the same operations would face heavier administrative friction.
The decision to relocate operations to Estonia in 2021 is documented in detail at why we moved to Estonia. The short version: prior banking jurisdiction was constraining cryptocurrency-friendly business operations, EU jurisdiction was strategically valuable for the customer base we already had, and Estonia answered both problems at once.
Compliance posture
- GDPR. We act as data processor for customer-controlled email content and recipient lists. A Data Processing Addendum compliant with Article 28 is available for every contract. Sub-processors are listed and updated.
- EU jurisdiction. Estonian incorporation, Estonian governing law, Estonian regulatory authority for data protection complaints (Andmekaitse Inspektsioon).
- Data residency. Customer email data is stored and processed in our Tallinn facility. We can certify this in writing for procurement reviews.
- NIS2. Estonia transposed NIS2 into national law in 2024. We track applicable obligations as a digital infrastructure provider.
- ISO 27001. Roadmap declared. Audit timeline available on request for enterprise prospects evaluating certification timelines for procurement.
- Cryptocurrency-friendly. We accept Bitcoin, Ethereum, and Monero alongside fiat. Estonia's regulatory framework permits this without the friction many EU jurisdictions impose.
What we don't do
A few things worth saying out loud, since they affect whether we are the right fit:
- We don't host shared SMTP. Every customer has dedicated IPs. Sharing reputation across tenants is a class of failure we refuse on principle.
- We don't accept purchased lists, scraped contacts, or unconsented bulk traffic. The screening happens at onboarding, not at the first complaint.
- We don't operate as an ESP with our own application layer that you log into to send campaigns. We sell infrastructure. The campaign tooling is yours (or you can use our managed Acelle / MailWizz hosting if you want a hosted UI).
- We don't mix consumer and enterprise tiers on the same hardware. Enterprise EU-sovereign customers are physically isolated.
Frequently asked questions
Need infrastructure documentation for procurement?
We can provide our Data Processing Addendum, sub-processor list, infrastructure specifications, and security questionnaire responses. Most enterprise procurement reviews complete in 1–2 weeks once the documents are in your auditors' hands.
Request compliance pack