Skip to main content
ONLYOFFICE logo

ONLYOFFICE

Verified

“Latvian-registered, Singapore-controlled, Russian-origin office suite.”

Operating HQ
πŸ‡±πŸ‡» Riga, Latvia
where it's run
Legal domicile
πŸ‡ΈπŸ‡¬ Singapore (group parent)
where it's incorporated
Users
15M+
Founded
2009
License
AGPL-3.0
UBO
Lev Bannov
40/100
Sovereign: Partial
Control ↑
39
Data β†’
41

40 = midpoint of Control 39 & Data 41

ConfidenceMedium (78%)

Sovereignty Quadrant

Control ↑ who owns & governs the company  Β·  Data β†’ where your data lives. Every dot is a company β€” click to open it.

Where your data lives β†’ Who controls the company β†’ 7 companies Β· fully non-EU (0/0) TikTok β€” Data 32, Control 24 Google β€” Data 16, Control 14 Youtube β€” Data 14, Control 16 Ionos β€” Data 90, Control 90 Disneyplus β€” Data 16, Control 12 Telegram β€” Data 34, Control 14 Carrefour β€” Data 100, Control 32 Corriere β€” Data 100, Control 100 Microsoft β€” Data 26, Control 14 Amazon β€” Data 14, Control 10 Amazon β€” Data 66, Control 0 Reddit β€” Data 14, Control 10 Netflix β€” Data 24, Control 20 LinkedIn β€” Data 14, Control 16 Reuters β€” Data 26, Control 0 Pinterest β€” Data 12, Control 12 Discord β€” Data 16, Control 20 AliExpress β€” Data 18, Control 12 Twitch β€” Data 18, Control 16 Samsung β€” Data 62, Control 4 Canva β€” Data 24, Control 20 Spotify β€” Data 30, Control 68 Apple β€” Data 16, Control 16 GitHub β€” Data 16, Control 10 Uber β€” Data 16, Control 16 Salesforce β€” Data 20, Control 14 Deepl β€” Data 70, Control 78 Airbnb β€” Data 18, Control 18 Shopify β€” Data 18, Control 18 Mastercard β€” Data 36, Control 16 Dropbox β€” Data 14, Control 10 HubSpot β€” Data 24, Control 10 Notion β€” Data 22, Control 16 Stripe β€” Data 30, Control 30 Zalando β€” Data 52, Control 88 Figma β€” Data 18, Control 10 SAP SE β€” Data 68, Control 78 Atlassian β€” Data 18, Control 18 Proton β€” Data 72, Control 54 Miro β€” Data 100, Control 44 Klarna β€” Data 44, Control 42 Ecosia β€” Data 60, Control 92 Zoom β€” Data 20, Control 14 Adyen β€” Data 84, Control 84 GitLab β€” Data 26, Control 14 Slack β€” Data 14, Control 20 Hetzner β€” Data 84, Control 96 Deezer β€” Data 62, Control 66 Typeform β€” Data 100, Control 52 OVHcloud β€” Data 82, Control 94 Tutanota β€” Data 100, Control 100 BlaBlaCar β€” Data 54, Control 76 Qwant β€” Data 56, Control 88 Bitwarden β€” Data 28, Control 20 Contentful β€” Data 34, Control 48 Personio β€” Data 34, Control 58 Ikea β€” Data 34, Control 100 Whatsapp β€” Data 14, Control 12 Instagram β€” Data 28, Control 22 X β€” Data 14, Control 16 Avast β€” Data 60, Control 0 Paypal β€” Data 24, Control 32 Kaspersky β€” Data 56, Control 0 Dailymotion β€” Data 100, Control 74 Snapchat β€” Data 12, Control 14 Nextcloud β€” Data 88, Control 94 41 39 ONLYOFFICE
ONLYOFFICE β€” verified peers β€” automated estimate (0–50 pillars, normalized)

Every number below traces to 12 sourced facts across 8 independent sources, last verified 2026-06-12. 3 open questions hold confidence at 78% β€” they lower confidence, never the score.

Control ↑

Who legally and economically controls the company

39/100
6 facts Β· 5 sources Β· mixed confidence
Legal & Jurisdiction
48

The operating/IP entity and GDPR data controller is Ascensio System SIA, a genuinely EU-incorporated company in Riga (reg. 40103265308, inc. 18 Dec 2009), so EU law and GDPR enforcement directly reach the data-handling entity. But that entity is the bottom of a three-layer chain: it is wholly owned by a UK company (Ascensio System Limited, London), which since 2023 is wholly owned by a Singapore holding. EU jurisdiction reaches the Latvian operator, but ultimate legal control sits outside the EU.

Why 48? 3 sourced facts · click to expand
Ascensio System SIA, Riga, reg. 40103265308, inc. 18 Dec 2009

Operating entity / GDPR controller incorporated in Latvia

firmas.lv (Latvia registry data) Β· as of 2026-06-12

Ascensio System SIA = controller & processor

Latvian SIA is named as the data controller in the privacy policy

ONLYOFFICE Privacy Policy Β· as of 2026-06-12

Singapore β†’ UK β†’ Latvia, 100% each

Latvian entity sits below a UK company and a Singapore holding

ONLYOFFICE Blog (holding announcement) Β· as of 2026-06-12

Control & Ownership
30

Voting control and the economic majority sit outside the EU. The Latvian SIA is 100% held by UK Ascensio System Limited (#05718967), which since 7 Aug 2023 is 75%+ owned by ONLYOFFICE Capital Group Pte. Ltd. of Singapore (UEN 202320424D). The ultimate beneficial owner is founder/CEO Lev Bannov, a dual Russian/Turkish citizen resident in Istanbul. UK filings show prior control by Russia's RK-Technology JSC (ceased 29 May 2023) and a Russia-resident director (ceased 2019). Not EU-controlled; no EU listing venue (private).

Why 30? 3 sourced facts · click to expand
ONLYOFFICE Capital Group Pte. Ltd. (SG), since 7 Aug 2023

UK entity's controlling shareholder is the Singapore holding (75%+)

UK Companies House β€” PSC Β· as of 2026-06-12

RK-Technology JSC (RU) ceased 29 May 2023; A. Miasnikov (RU) ceased 2019

Prior controllers were Russian (now ceased)

UK Companies House β€” PSC Β· as of 2026-06-12

Lev Bannov, Istanbul (Turkey), since 2023

Ultimate beneficial owner is founder Lev Bannov, dual Russian/Turkish citizen in Istanbul

ONLYOFFICE Blog (ONLYFacts) Β· as of 2026-06-12

Data β†’

Where your data lives and who can reach it

41/100
6 facts Β· 4 sources Β· mixed confidence
Data & Infrastructure
35

The official .eu SaaS cloud stores user data on AWS infrastructure in Frankfurt β€” an EU region but on a US hyperscaler, which carries CLOUD Act / foreign-law exposure despite EEA data residency. Crucially, ONLYOFFICE's core value is the self-hostable, AGPL open-source edition: organisations can run it on their own EU-owned infrastructure, which removes the hyperscaler and jurisdiction exposure entirely. Score reflects the hosted default (US-provider EU region) tempered by the genuine self-host escape hatch.

Why 35? 3 sourced facts · click to expand
AWS, Frankfurt (EU region, US provider)

.eu cloud user data hosted on AWS in Frankfurt

ONLYOFFICE Blog (Frankfurt move) Β· as of 2026-06-12

AGPL-3.0, source on GitHub β€” run on own infra

Open-source edition is self-hostable under AGPL

Wikipedia β€” OnlyOffice Β· as of 2026-06-12

Frankfurt chosen for GDPR procedures

Company positions hosted cloud as GDPR-aligned via EEA residency

ONLYOFFICE Blog (Frankfurt move) Β· as of 2026-06-12

Operations & People
50

Riga (Latvia) is a genuine operating hub and the registered home of the IP/data entity, giving a real EU footprint. But the workforce is explicitly distributed across mostly non-EU hubs β€” Singapore, London, Dallas, Belgrade, Yerevan, Tashkent, Shanghai and Istanbul β€” with the CEO based in Istanbul. Employees/contributors span 30+ countries. Operations are mixed, leaning out of the EU, with one substantive EU anchor.

Why 50? 3 sourced facts · click to expand
Riga, Singapore, London, Dallas, Belgrade, Yerevan, Tashkent, Shanghai

Departments listed across many non-EU cities plus Riga

ONLYOFFICE β€” About Β· as of 2026-06-12

Lev Bannov, Istanbul

CEO based in Istanbul, Turkey since 2023

ONLYOFFICE Blog (ONLYFacts) Β· as of 2026-06-12

30+ countries; 15,000,000+ users

Team/contributors spread across 30+ countries; 15M+ users

ONLYOFFICE β€” About Β· as of 2026-06-12

Aligned to the EU Commission’s official Cloud Sovereignty Framework (SEAL, Jun 2026) β†’

What we don’t know 3 open questions β€” they lower confidence, never the score
  • ?

    Exact shareholding of the Singapore holding (ACRA shareholder/officer detail is behind paid login).

    Confirms whether Bannov is sole/majority UBO or whether other parties hold economic stakes β€” material to the ownership score.

  • ?

    Whether non-.eu cloud regions or specific enterprise SaaS tenants store data outside AWS Frankfurt.

    The Frankfurt/AWS fact is confirmed for the .eu portal; other regional portals' infrastructure is not disclosed.

  • ?

    Degree of any residual technical or personnel overlap with the Russian R7-Office fork.

    Company asserts full separation since 2019/2023 with no shared codebase; independent verification is limited, affecting security/supply-chain confidence.

EU Cloud Sovereignty Framework lens

SEAL targets cloud providers; applied here as an analogous sovereignty mapping, not a certification.

Strategic

Ultimate control and the UBO sit in Singapore/Turkey, not the EU; strategic direction is outside EU reach.

weak

Legal & jurisdictional

EU-incorporated operating entity and GDPR controller in Latvia, but two parent layers (UK, Singapore) sit above it.

moderate

Data & AI

.eu cloud data resides in AWS Frankfurt (EEA) but on a US hyperscaler (CLOUD Act exposure); self-hosting removes this.

moderate

Operational

Real Riga office, but workforce spans Tashkent, Yerevan, Belgrade, Shanghai, Istanbul, Dallas; leadership in Istanbul.

moderate

Supply chain

Russian-origin codebase (NCT, 1998) and historical Russian control; asserted-but-hard-to-audit separation from R7-Office fork.

weak

Technological

AGPL-3.0 open source on GitHub; fully self-hostable, auditable codebase β€” strong technological independence option.

strong

Security & compliance

Claims GDPR/HIPAA alignment and ISO-style practices; EU public bodies faced sanctions-era restrictions on the commercial edition pre-2023.

moderate

Environmental sustainability

No primary disclosures on energy use or sustainability reporting found.

not assessed
EU alternatives
πŸ‡¬πŸ‡§ Collabora Online collaboraonline.com with caveats

LibreOffice-based, self-hostable open-source editor; strong EU-aligned engineering roots but the company is UK (post-Brexit, non-EU) incorporated.

πŸ‡©πŸ‡ͺ Nextcloud (with built-in Office) nextcloud.com EU-controlled

German-incorporated (Stuttgart), German-controlled, self-hostable collaboration suite β€” bundles document editing and keeps data on your own EU infrastructure.

πŸ‡«πŸ‡· Cryptpad cryptpad.org EU-controlled

French-developed (XWiki SAS), end-to-end encrypted, open-source office suite; EU-controlled and self-hostable.

How the method works

Methodology v2 (provisional): the score is the midpoint of two axes β€” Control (who owns and governs the company) and Data (where your data lives and who can reach it). Each axis is scored only on verified evidence; unknowns reduce confidence, never the score. Every input below is sourced; the weights and judgments are open to challenge.

Spotted an error? Every claim is sourced β€” challenge it and we correct the record.
  • 2026-06-12 β€” Initial golden profile, authored from primary sources (human + AI review).

Report Incorrect Data

Found an error in this company's profile? Help us improve our data by submitting a correction.

Required so we can follow up if needed. We won't share your email.

Verified 2026-06-12 Β· Human + AI joint review (sources independently checked) Β· Methodology