The managed, sovereign AI platform

AI is already everywhere in your organisation.
But nobody is watching what goes in.

Numaga is the managed control plane that classifies every AI interaction, redacts sensitive data, checks it against the EU AI Act and records it immutably — before a single token reaches a model. Governance you can show, not promise. Hosted in the Netherlands, no CLOUD Act.

  • ISO 27001 certified
  • Dutch sovereign hosting
  • EU AI Act ready
numaga · governance
  • Policy enforced on every AI interaction
  • Personal data automatically redacted (GDPR)
  • EU AI Act risk class checked
  • Immutably recorded for audit
  • Hosted in the Netherlands, no CLOUD Act
IN CONTROLdemonstrable · inspection-ready

The problem

AI without a gate is a risk you cannot prove.

Your people already use AI — through tools you do not control. Four things then happen out of your sight.

Sensitive data leaks out

Company and personal data get pasted into AI tools running on US hyperscalers. What goes out does not come back — and falls under the CLOUD Act.

Governance lives on paper, not in the system

A policy document or AI code of conduct stops no prompt. Without technical enforcement, "compliant" is a promise, not a fact.

The EU AI Act clock is running

Prohibited and high-risk use must be handled demonstrably. Without a record per decision, you have nothing to show a regulator.

Nobody knows who asked what

Shadow AI spreads per team and per tool. There is no central trail of who asked which question, with which data, to which model.

Control plane — the journey of a prompt

Six checkpoints, before a single token reaches a model.

Pick a prompt and follow it through the control plane. Every step runs before the model call — no compensation after the fact.

Example prompts
Prompt arrivesStrictly confidential
Analyse this patient record and propose a follow-up treatment.
Processing…
Optimised model

Classify

Sensitivity label assigned — public · internal · confidential · strict.

02

Redactredacted

Special-category personal data masked before it leaves the perimeter — GDPR Art. 9.

03

Risk-gate

Checked against the EU AI Act risk class — prohibited use is blocked.

04

Route

The best-fitting model chosen internally based on risk and sensitivity.

05

Meter

Budgets and rate limits enforced per user and per team.

06

Log

Immutable audit record written — tamper-evident, time-synced.

Synchronous

Every step runs before the model call — no compensation after the fact.

Deterministic

Policy rules, not LLM judgement. Reproducible for inspectors.

Configurable

Routing tables, sensitivity rules and budgets tuned to your policy.

If it doesn't pass the control plane, it doesn't happen.

What Numaga does for you

Control over AI — demonstrable, not on trust.

Four outcomes, enforced on one control plane. Dig into the capability that matters to you.

The front line

For your people? Just an assistant.

All the governance runs on the control plane — without getting in the way. What your team sees is a familiar chat app that answers from your own knowledge base.

Familiar on every device

Web, mobile, M365 add-in or Slack — nothing new to learn, so no adoption barrier.

Answers with sources

Connected to your own knowledge base; every answer cites the source document.

Governance visible, never in the way

People see that it is secured — masking and policy run automatically on every prompt.

Numaga chat app on mobile: a care question about a contagious client, answered from the HKZ knowledge base with source citations (product UI shown in Dutch)
Numaga chat app: sidebar with conversations, search and settings in a dedicated secured environment (product UI shown in Dutch)
The pilot scenario in the app: a care question answered from their own HKZ knowledge base — every answer with source citations.

"Don't we already have Copilot?"

A fair question. Here is the honest answer.

Copilot, ChatGPT Enterprise and Private-GPT wrappers are productivity AI — chat for individual employees. Numaga is a managed governance platform. That is a different category. Side by side:

"Don't we already have Copilot?"Productivity AIOff-the-shelf Private GPTNumaga.
Dutch sovereign hostingno CLOUD Act exposure
Single-tenant deploymentMulti-tenant
ISO 27001 certified supplierVaries by vendor
EU AI Act risk-class routingenforced as policy
Prompt scanning at the gateclassification · redaction · routing
Role-based access to knowledgeRBAC end-to-end, across all your AI trafficWithin its own suiteLimited
Self-built agents & workflowsno IT ticket neededLimited
Immutable audit · up to 7 years retentionTenant logs onlyBasic logging
Validation & assurance artefactsfor your audits and reviews
Interchangeable foundation modelsno vendor lock-inLimited
Managed regulatory partnershipquarterly reviews, audit support

Demonstrability & assurance

You are not buying a tool. You are buying demonstrable control.

Assurance pack

What we bring to your review.

  • Technical specification
  • Architecture & data-flow diagrams
  • Change-control register
  • Access to audit logs & proof of data integrity
  • ISO 27001 Statement of Applicability
  • Data processing agreement & DPIA inputs
  • Supplier audit pack
  • Annual ISO 27001 statement straight to your security team.
  • Change control: customer notified before any non-trivial platform change.
  • DPIA support: data flows, processor roles and retention periods supplied for your GDPR assessment.
  • Supplier qualification: we take part in your supplier and risk-assessment process.

Fully managed — Build · Run · Govern

One team runs it, you keep control.

Build

Week 1–4
  • Provisioning of your single-tenant environment
  • Control plane configured to your policy
  • SSO integration with your IdP
  • RAG ingestion — policy, documentation, internal knowledge
  • Branded chat interface
  • M365 and Slack add-ins
  • Initial user training — core users first

Run

Ongoing
  • Dutch sovereign hosting — fully managed
  • 24/7 monitoring and on-call
  • Smart model routing across the selected set
  • Prompt caching and budget monitoring
  • Office-hours support with a dedicated contact
  • Monthly health reports

Govern

Quarterly
  • ISO 27001 statement to your security team
  • Quarterly compliance reviews — CIO + DPO
  • Supplier inputs for your assurance process
  • Participation in your supplier qualification
  • Audit-log archive and proof of data integrity
  • Annual access reviews and policy refresh

Pricing — platform + usage

Transparent, in two parts.

One platform fee for the control plane, plus user seats you assign yourself and adjust monthly. No licence inflation, no shelfware.

01 · The platform

Per organisation, per month — your tier is the higher of your number of users or the depth of governance you need. The 6-checkpoint control plane, SSO and the M365 & Slack add-ins are in every tier; the table shows where they differ.

Essentials€499/ month1–99 usersPopularCompliance€999/ monthup to 499 usersSovereign€2,499/ monthup to 2,499 usersEnterpriseOn request2,500+ users
Guardrails1 set, org-widePer rolePer role + customPer role + custom
Audit retention1 year7 years7 years7 years
HostingSingle-tenant, NLSingle-tenant, NLSingle-tenant, NL+ on-prem / air-gapped
Model routingStandardStandardStandardBYO / self-hosted
SupportBusiness hoursBusiness hoursBusiness hoursSLA · 24×7
02 · Usage

Seats per tier, assigned by you and adjusted each month — up or down. No fixed per-seat contracts.

Lite

€4.95
/ user · month
100K tokens / month

Occasional users — quick lookups, document Q&A, light drafting.

Most users

Regular

€14.95
/ user · month
1.5M tokens / month

Daily users — research, drafting, analysis, regular interaction.

Power

€69.95
/ user · month
7.5M tokens / month

Heavy users — agents, long-running workflows, deep research.

Above the cap you pay €9.95 per million tokens — flat rate, no surprises.

Onboarding included

Sovereign deployment, configured to your policy, SSO, RAG ingestion, branded chat interface and training are part of the start of every engagement — no separate onboarding fee.

Typical mix

Many organisations start with ~60% Lite · 30% Regular · 10% Power and adjust monthly. That way you don't pay for heavy capacity nobody uses.

Frequently asked

Short and concrete.

The questions CIOs, CISOs and DPOs ask first — answered honestly.

What is Numaga?

Numaga is a managed, sovereign AI platform: a single control plane through which every AI interaction in your organisation runs on policy you can demonstrate, not on trust. It is single-tenant, hosted in the Netherlands, ISO 27001 certified and built around the EU AI Act. Numaga is a product of Replikate.

Where is Numaga hosted?

Numaga runs on a Dutch sovereign private cloud, fully under Dutch jurisdiction. There is no exposure to the US CLOUD Act, no hyperscaler dependency and no telemetry on the model layer. Every environment is single-tenant: your data never shares infrastructure with other customers.

Is our data used to train AI models?

No. Prompts, documents and outputs are not used to train models — not by us, and under our terms with model providers not by them either. Your environment is single-tenant, special-category personal data is redacted before the model call, and the audit logs exist for your accountability — not for training.

How does the control plane work?

Every prompt passes six checkpoints before a single token reaches a model: Classify (sensitivity label), Redact (mask personal data, GDPR Art. 9), Risk-gate (EU AI Act check), Route (best-fit model), Meter (budgets and rate limits) and Log (immutable audit record). Each step is deterministic and synchronous — policy rules, not LLM judgement, reproducible for inspectors.

How does Numaga help with the EU AI Act?

Numaga operationalises the EU AI Act as policy on the control plane, not as a guideline on paper. Prohibited uses such as social scoring are blocked; high-risk use gets audit and validation evidence; limited-risk use gets transparency labels. Every decision is logged immutably, so you can show regulators exactly what happened.

Is Numaga ISO 27001 certified?

Yes. Replikate, the company behind Numaga, is ISO 27001 certified. With every engagement Numaga provides an assurance pack — technical specification, data-flow diagrams, ISO 27001 Statement of Applicability, data processing agreement and DPIA inputs — plus an annual statement directly to your security team.

How is Numaga different from Microsoft Copilot, ChatGPT Enterprise or Claude?

It is a difference of category, not product. Copilot, ChatGPT Enterprise and Claude for Work are productivity AI: chat tools for individual employees, on hyperscalers under US jurisdiction. Numaga is a managed AI platform: one central control plane with classification, redaction, risk routing and immutable audit — built for central governance, not individual task help.

What does Numaga cost?

Numaga has two parts. A monthly platform fee for the control plane (governance, audit, routing) that scales with your organisation — from €499/month (Essentials) up to custom enterprise pricing. On top of that you buy seats per user tier — Lite (€4.95 · 100K tokens), Regular (€14.95 · 1.5M) or Power (€69.95 · 7.5M) per month — which you assign yourself and adjust up or down each month, with overage at €9.95 per million tokens. Onboarding — deployment, SSO, RAG ingestion and training — is included at the start.

What does an engagement look like?

In four phases: exploration (technical deep-dive and security review), proof of value (sovereign deployment plus a pilot cohort on one use case), a joint decision point, and rollout across the whole organisation. Quarterly compliance reviews, agent onboarding and model refresh then run continuously. The Build phase typically takes weeks 1 to 4.

Shall we begin?

We're ready. Are you?

An introduction, a technical deep-dive with your CIO/CISO and DPO, and an honest answer to whether a managed AI platform fits you.

Prefer to explore it yourself first? We set up your own demo environment.

Get demo access

Your own environment · standard data sources included · connect your own data if you like · no obligation

Visit
Van Rosenburgweg 162 · 6537 TM Nijmegen
Certified
ISO 27001 · Dutch sovereign infrastructure
Robin van Breukelen

Robin van Breukelen

Founder
robin@replikate.nl(06) 23 22 59 42