Why n8n is the right choice
for law firms.

Law firms have three constraints that rule out most cloud automation platforms: mandate data must not leave the EU, workflows must be auditable, and the firm must own its automations — not rent them. n8n meets all three without compromise.

01

Self-hosted, EU-residency

n8n runs on your server or in an EU cloud. No data ever touches US infrastructure. Critical for GDPR and professional secrecy.

02

Workflows as code

Every workflow is JSON — versionable, reviewable, portable. If we leave, you have the workflows, the documentation, and the ability to run them.

03

400+ integrations, extensible

Out-of-the-box nodes for DATEV, M365, most APIs. Custom nodes possible for RA-MICRO, beA, and specialised systems.

04

Open source core

Fair-code license. Self-host indefinitely without vendor lock-in. Commercial features (RBAC, audit log) available on top if needed.

Cloud automation platforms make sense until mandate data is involved. Then self-hosted is the only defensible choice.

Production hosting, stripped down.

A lot of n8n guides make production hosting sound like a Kubernetes project. It doesn't have to be. Here's a setup that carries 20+ workflows with confidence — and costs under €100/month.

What you don't need: Kubernetes, service mesh, horizontal pod autoscaling. At the traffic typical law firms see — a few thousand workflow executions per day — a single VPS handles it comfortably. Scale vertically if you grow; add a second node only when one can't keep up for real reasons.

  • EU VPS: Hetzner Cloud (CX22 or CPX31, €8–15/month) or OVH.
  • Docker Compose on top — no orchestration needed.
  • Coolify as deployment UI — handles SSL, env vars, backups.
  • Postgres as persistence — not the SQLite default.
  • MinIO or Hetzner Storage Box for daily DB backups.
  • Cloudflare in front for TLS + basic DDoS protection.

Versioning without CI/CD overkill.

Every workflow is JSON. You can commit them to git. The question is how much CI/CD to build around that — and the answer, for most firms, is: less than you think.

01

Minimum: export + commit

After every change, export the workflow and commit the JSON to git with a one-line message. Takes 30 seconds. Gives you history, blame, and rollback.

02

Useful: staging instance

A second n8n instance for testing changes before production. Same Docker setup, half the RAM. Costs €8/month extra. Saves one major incident per quarter.

03

Often unnecessary: GitHub Actions pipelines

Automated deployment via CI only pays off if you ship workflows multiple times per week. For most firms, manual export + commit is enough for the next 18 months.

Monitoring that actually notices.

The default n8n UI tells you if a workflow failed. It doesn't tell you if a workflow didn't run when it should have. That's the hard part — and this stack covers it.

  • Uptime Kuma for server-level health (n8n reachable, DB reachable).
  • Workflow heartbeat pings: every critical workflow sends a beat to a dead-man's-switch URL.
  • Error-branch logging: every workflow has an error branch that writes to our operational Postgres.
  • Grafana dashboard over both: executions/day, error rate, latency distribution.
  • Alerting: email + Teams webhook on ≥3 consecutive errors or missing heartbeat > 30 min.

Three error patterns
that survive production.

Workflows fail. The question is what happens when they do. Silent drops are the worst outcome — a workflow that quietly didn't run is far more dangerous than one that crashed loudly. These three patterns cover 95% of real-world failures.

01

Retry with backoff (transient)

API timeout, rate limit, network hiccup — retry 3 times with 1s, 5s, 30s backoff. Most transient failures recover.

02

Review inbox (ambiguous)

LLM classification unsure, deadline extraction questionable, routing has two valid targets — workflow parks the case in a human review queue with a 24h SLA.

03

Hard stop + alert (unrecoverable)

Credential revoked, system down, data corrupted — workflow writes to operational log, sends alert, refuses to proceed. Human decides.

What a handover looks like.

Every n8n workflow we build gets a handover package. This isn't optional — it's what makes the difference between an automation that survives our departure and one that dies with it. Five documents, none of them long:

The goal: after we leave, your IT partner or in-house admin can run the workflow without ever talking to us again. If that's not true, we haven't handed it over properly.

  • Architecture sketch: one page, showing what flows from where to where.
  • Credential inventory: which API keys exist, where they're stored, how to rotate them.
  • Operations runbook: how to restart, how to debug, how to reach monitoring.
  • Known issues & fallbacks: the 3–5 things we've seen fail, and what to do.
  • Training record: who has been trained, what they can do, what they can't.

Common questions.

01Why n8n and not Make or Zapier?+
Self-hosting, data residency, and workflow ownership. n8n runs on your EU server, your data never leaves your infrastructure, and every workflow is version-controlled JSON you can take with you. Make and Zapier are fine for small-scale work but unsuitable when mandate data is in play.
02What does n8n hosting look like in practice?+
Docker on an EU VPS (Hetzner, OVH) or on your own infrastructure. We set up Coolify for deployment, Postgres for persistence, and basic monitoring (Uptime Kuma + Grafana). Cost: ~€30–80/month in infra depending on volume.
03Can we keep running n8n ourselves after the project?+
That's the default mode. Every workflow comes with a runbook, credential inventory, and monitoring guide. Handover to internal IT or an external partner is part of our method, not optional.
04What about backups and disaster recovery?+
Daily automated backups of the n8n Postgres database to EU-hosted object storage (MinIO / Hetzner Storage Box). Retention: 30 days. Restore tested every quarter. A full rebuild from backup takes under 2 hours.
05How do you handle errors in production workflows?+
Every workflow has an error branch that logs to our operational database and alerts via email or Teams. Failed executions go into a retry queue with exponential backoff; unrecoverable ones land in a manual review inbox. No silent drops.