Managed · Sovereign · Validated
Numaga is a managed, sovereign AI platform. Every AI interaction in your organisation runs through policy you can prove, not trust.
In practice
Numaga is running a pilot with Ontdek Zorg, a home-care organisation in Gelderland. Healthcare, with special-category personal data under the GDPR, is where responsible AI is hardest. That is exactly where we put the control plane to the test.
A category choice — not a product choice
Those are different categories. Here is the difference, stated plainly.
A chat tool for individual employees across the organisation. Designed for personal task assistance — not central governance. Runs on hyperscalers under US jurisdiction.
Buyer: end user / line of businessMulti-tenant SaaS that builds a UI around shared cloud LLMs. Functional, but self-service — no managed governance, no regulatory partnership.
Buyer: self-service teamsSingle-tenant, one control plane, hosted in the Netherlands. Every prompt classified, routed, redacted, logged — by policy, not by trust.
Buyer: CIO, CISO, DPO, compliance & legalSide by side
The capabilities you need to be accountable for AI — and who delivers them.
| Side by side | Productivity AI | Off-the-shelf Private GPT | Numaga. |
|---|---|---|---|
| Dutch sovereign hostingno CLOUD Act exposure | |||
| Single-tenant deployment | Multi-tenant | ||
| ISO 27001 certified supplier | At hyperscaler level | ||
| EU AI Act risk-class routingenforced as policy | |||
| Prompt scanning at the gateclassification · redaction · routing | |||
| Role-based access to knowledgeRBAC end-to-end | Limited | ||
| Self-built agents & workflowsno IT ticket needed | Limited | ||
| Immutable audit · 5+ year retention | Tenant logs only | Basic logging | |
| Validation & assurance artefactsfor your audits and reviews | |||
| Interchangeable foundation modelsno vendor lock-in | Limited | ||
| Managed regulatory partnershipquarterly reviews, audit support |
Four things you get nowhere else
For organisations deploying AI responsibly.
ISO 27001 certified. EU AI Act ready. Dutch sovereign hosting. The three certifications your CIO, CISO and DPO need — in the box, not on the roadmap.
Defensible from day oneEvery prompt classified, sensitive data redacted, risky content blocked — before a single token reaches a model. Confidential information, personal data, trade secrets: they never leave the perimeter.
Enforced on the control planeYour team sees only what it is entitled to. Policy, documentation, internal knowledge — routed by role, with end-to-end RBAC over retrieval and inference.
RBAC end-to-endYour teams build their own agents and automate their own workflows — inside the same control plane, without an IT ticket.
Power without escalationHow the platform is built
Web UI, M365 add-in, Slack, API access for agents. Familiar to end users — nothing new to learn.
Classification, redaction, risk-class routing, immutable audit logging, key management. The part that does not exist in productivity tools.
Models are commodities; swap underlying models without rebuilding. Per-request model optimisation.
Dutch private cloud, NL jurisdiction. No CLOUD Act exposure, no hyperscaler dependency, no telemetry hooks on the model layer.
Foundation models are commodities. The control plane is where compliance lives.
Control plane — the journey of a prompt
Pick a prompt and follow it through the control plane. Every step runs before the model call — no compensation after the fact.
Sensitivity label assigned — public · internal · confidential · strict.
Special-category personal data masked before it leaves the perimeter — GDPR Art. 9.
Checked against the EU AI Act risk class — prohibited use is blocked.
The best-fitting model chosen internally based on risk and sensitivity.
Budgets and rate limits enforced per user and per team.
Immutable audit record written — tamper-evident, time-synced.
Every step runs before the model call — no compensation after the fact.
Policy rules, not LLM judgement. Reproducible for inspectors.
Routing tables, sensitivity rules and budgets tuned to your policy.
If it doesn't pass the control plane, it doesn't happen.
Dynamic model routing
Models are swapped dynamically; every prompt gets the best-fitting model for that specific request. We assemble the pool from vetted European providers.
The decision happens on the control plane, not in the user's prompt. Users get the right model without choosing one.
No vendor lock-in. If a provider's terms or jurisdiction change, we route around them overnight.
Routing rules are updated as models improve and prices fall. Your cost drops, your capacity rises.
Risk-aware routing & data classification
Not as a guideline — as policy, enforced on the control plane.
| EU AI Act class | Platform behaviour |
|---|---|
| Prohibitede.g. social scoring | Blocked on the control plane. |
| High riskdecision & process support | Audit · validation evidence. |
| Limited risktransparency required | Transparency labels added in-line. |
| Minimal risk | Standard routing with monitoring. |
| Sensitivity | Behaviour |
|---|---|
| Public | Standard routing. |
| Internal | Identity + audit. |
| Confidential | EU-compliant provider + redaction. |
| Strictly confidentialpersonal data, trade secrets | Strictest provider class + redaction + long-term retention. |
Audit & observability
What we record
What you get out
Demonstrability & assurance
What we bring to your review.
What's in the managed service
Pricing — usage-based
No licence inflation, no shelfware, no headcount negotiations up front. Tiers are assigned automatically each billing cycle based on actual usage. Concrete rates follow in a tailored proposal.
Occasional users — quick lookups, document Q&A, light drafting.
Daily users — research, drafting, analysis, regular interaction.
Heavy users — agents, long-running workflows, deep research.
Sovereign deployment, control plane configured to your policy, SSO integration, RAG ingestion, branded chat interface, M365 and Slack add-ins, initial training. One fixed amount at the start — then only usage.
Every user starts on Regular. At the end of each billing cycle each user moves to the tier matching their actual usage — no manual review, no over-provisioning.
Usage above the tier cap is billed per million tokens at a fixed, pre-agreed rate.
~60% Lite · 30% Regular · 10% Power. Most users sit light — you don't pay for heavy capacity nobody uses.
How we work together
Technical deep-dive, security review, scope and policy established together.
Sovereign deployment plus a pilot cohort on a bounded use case.
Evaluate together and decide to scale.
Broaden to your full organisation; usage-based billing goes live.
Frequently asked
The questions CIOs, CISOs and DPOs ask first — answered honestly.
Numaga is a managed, sovereign AI platform: a single control plane through which every AI interaction in your organisation runs on policy you can demonstrate, not on trust. It is single-tenant, hosted in the Netherlands, ISO 27001 certified and built around the EU AI Act. Numaga is a product of Replikate.
Numaga runs on a Dutch sovereign private cloud, fully under Dutch jurisdiction. There is no exposure to the US CLOUD Act, no hyperscaler dependency and no telemetry on the model layer. Every environment is single-tenant: your data never shares infrastructure with other customers.
Every prompt passes six checkpoints before a single token reaches a model: Classify (sensitivity label), Redact (mask personal data, GDPR Art. 9), Risk-gate (EU AI Act check), Route (best-fit model), Meter (budgets and rate limits) and Log (immutable audit record). Each step is deterministic and synchronous — policy rules, not LLM judgement, reproducible for inspectors.
Numaga operationalises the EU AI Act as policy on the control plane, not as a guideline on paper. Prohibited uses such as social scoring are blocked; high-risk use gets audit and validation evidence; limited-risk use gets transparency labels. Every decision is logged immutably, so you can show regulators exactly what happened.
Yes. Replikate, the company behind Numaga, is ISO 27001 certified. With every engagement Numaga provides an assurance pack — technical specification, data-flow diagrams, ISO 27001 Statement of Applicability, data processing agreement and DPIA inputs — plus an annual statement directly to your security team.
It is a difference of category, not product. Copilot, ChatGPT Enterprise and Claude for Work are productivity AI: chat tools for individual employees, on hyperscalers under US jurisdiction. Numaga is a managed AI platform: one central control plane with classification, redaction, risk routing and immutable audit — built for central governance, not individual task help.
Numaga is usage-based: you pay for actual token consumption, not licences or seats. Each billing cycle, users are automatically placed in a tier — Lite, Regular or Power — based on real usage. A one-time onboarding fee applies on top. Concrete rates follow in a tailored proposal.
In four phases: exploration (technical deep-dive and security review), proof of value (sovereign deployment plus a pilot cohort on one use case), a joint decision point, and rollout across the whole organisation. Quarterly compliance reviews, agent onboarding and model refresh then run continuously. The Build phase typically takes weeks 1 to 4.
Shall we begin?
An introduction, a technical deep-dive with your CIO/CISO and DPO, and an honest answer to whether a managed AI platform fits you.
Prefer that we reach out? Leave your details.
