5 min read
Every component in our hosting stack is open source. Matrix/Element for communications. Nextcloud for file storage. WireGuard for networking. Ceph for replication. Linux and Kubernetes underneath everything. This isn't an accident or a budget decision — it's a deliberate architecture choice that directly serves the organizations we work with.
When we tell a client that their communications are end-to-end encrypted, they can verify it. The encryption implementation in Matrix is open source — anyone can read the code, audit the cryptography, and confirm that it does what it claims to do. The same applies to every other layer of the stack.
Proprietary platforms ask you to trust their claims. Open source platforms let you verify them. For organizations handling sensitive data — source materials, beneficiary records, legal files — that distinction matters.
This isn't just theoretical. Open source security tools are continuously reviewed by independent researchers, security auditors, and the broader development community. Vulnerabilities are found and patched in the open, with full transparency about what was affected and how it was fixed. With proprietary software, you often learn about vulnerabilities only when the vendor decides to disclose them — if they disclose them at all.
One of the most underappreciated risks for small organizations is vendor dependency. When your email, files, and communications all live on a single proprietary platform, you're not just a customer — you're captive. Pricing changes, terms of service updates, feature removals, and policy shifts happen on the vendor's timeline, not yours.
With open source infrastructure, you always have an exit. If you want to move your Nextcloud data to a different provider — or run it yourself — you can. Your data formats are open, your configurations are portable, and there's no proprietary lock that prevents migration. This matters especially for organizations operating in uncertain environments where the ability to move quickly is a safety consideration, not just a convenience.
The organizations we serve — nonprofits, newsrooms, NGOs — exist to serve the public interest. Many of them advocate for transparency, open governance, and accountability. Running their infrastructure on proprietary, opaque platforms creates a contradiction that's increasingly hard to defend.
Open source infrastructure aligns with these values. The tools are built by communities, the development process is transparent, and the organizations using them contribute to a shared commons rather than a private company's revenue.
This isn't just an ideological point — it has practical implications for trust. When a funder or partner asks "what is your data running on?", being able to point to auditable, community-maintained software with a track record of independent security review is a stronger answer than pointing to a brand name.
Open source software doesn't have per-seat licensing fees. There's no "enterprise tier" you need to unlock to get basic security features. The software itself is free — what you pay for is the expertise to deploy, configure, and maintain it properly.
This inverts the typical cost model: instead of paying a per-user subscription that scales linearly with headcount, you pay for infrastructure and operations. For a 20-person nonprofit, this often means lower total cost than commercial alternatives. More importantly, it means predictable costs — no surprise bills when you add five new users or exceed a storage threshold.
Open source is not a silver bullet. The software being auditable doesn't mean it's been audited by you. The code being available doesn't mean it's been configured correctly. And "free" software still requires expertise to run securely.
This is where the operational layer matters. Self-hosting open source tools without the expertise to maintain them can create more risk than using a well-run proprietary service. The value isn't in the software alone — it's in the combination of auditable software, properly configured, expertly maintained, and hosted in a jurisdiction you've deliberately chosen.
That's the model we operate: open source software that you can verify, deployed on infrastructure you can locate, maintained by people you can talk to.
For transparency, here's what we run:
Every component is open source, independently auditable, and replaceable. No proprietary dependencies, no black boxes.
Interested in open source infrastructure for your organization?
We deploy and manage fully open source hosting for nonprofits, newsrooms, and NGOs — in Iceland and the EU, with zero proprietary dependencies.
Schedule a call