EU infrastructure, an open-source stack, and no foreign dependencies in your runtime. Looking for the technical security controls instead? Read the security page.
Every layer of the platform is open-source software running on European infrastructure. No American-owned dependencies in the runtime path, no phone-home telemetry, no managed control plane reaching in from outside.
Run nodge in our EU cloud, on your own servers, or fully air-gapped. Self-hosted deployments work entirely offline after install. All organisation data and metadata stay inside the environment you chose.
Built for organisations where data residency, GDPR compliance, NIS2 obligations, and Schrems II rulings are non-negotiable. No exposure to the US CLOUD Act on the platform itself.
Reverse proxy routing, SSL, DNS
Git hosting repos, access control
CI/CD runner build, test, deploy
Image registry container storage
Metrics engine per-project monitoring
Dashboards pre-configured, built-in
Log aggregation query by project, time
Event bus pub/sub, audit trail
LLM proxy budget enforcement
Platform auth, API, controlResidency is not just hosting location. It is the full list of who can touch your data and from where.
Our cloud runs in the Netherlands. Organisation data, metadata, logs, and backups stay within the EU. No replication to regions outside the boundary you chose.
The runtime path has no American-owned services in it. There is no US-controlled component that could be compelled to hand over or interrupt access under the CLOUD Act.
Install on your own servers, fully offline, with no internet egress requirement. Self-hosted deployments have zero external dependency after install.
Standard Git repositories, standard container images, standard databases. Export and leave at any time. No proprietary format, no exit barrier.
Sovereignty is mostly about what a platform refuses to collect, send, or depend on.
Nothing is sent to us. No analytics, no usage tracking, no "anonymous" metrics. The platform does not phone home.
Some "self-hosted" platforms still reach back to a central control plane. nodge has zero external dependency after install.
No American-owned service sits in the path that serves your apps, so there is nothing to compel under foreign law.
Your prompts, your agent conversations, your code. None of it is used to train anything. It stays in your environment.
You control when and if you update. No silent background patches. No surprise changes to your running platform.
Everything you build is in standard formats. Export your repositories, images, and data and leave whenever you want.
Most of what a platform can leak is what it chose to collect.
We chose not to.
Platform databases, Git repositories, and certificate material are backed up nightly. Backups are encrypted before they leave the platform host, using a key the platform itself does not hold.
Off-host copies sit on a separate backup target that the platform can write to but cannot read back or delete from. The decryption key lives in a vault and never sits on the platform, so restore is a deliberate human action taken outside the platform.
The result is that even full control of the platform does not grant access to historical backups or the ability to silently restore attacker-chosen data into your environment.
Platform host
-> nightly bundle assembled
-> encrypted before it leaves
-> pushed to backup target
Backup target
-> write-only for the platform
-> platform cannot read back
-> platform cannot delete
Restore
-> key held in vault, off-host
-> deliberate human action
-> initiated outside platformProcurement officers and auditors arrive with a checklist. Here is how nodge lines up on residency and sovereignty.
| Requirement | How nodge addresses it |
|---|---|
| NIS2 Essential services obligations |
EU hosting, no American cloud dependencies in the runtime path, full audit log, documented incident response. |
| Schrems II Data sovereignty |
Hosted exclusively in the Netherlands, on-premise option, no US-controlled dependencies in the runtime path. |
| GDPR Article 32 Security of processing |
Encryption at rest, TLS in transit, access control, full audit log. Detailed on the security page. |
| US CLOUD Act Foreign access risk |
No US-controlled component in the runtime path, so there is no party that can be compelled to hand over your data. |
| Data residency Where data physically lives |
All organisation data and metadata stay inside the environment you chose: our EU cloud, your own servers, or air-gapped. |
For vendor reviews and compliance questionnaires, we share a documented pack under NDA.
For procurement, compliance reviews, and vendor questionnaires, we share a documented pack including:
Email info@nodge.ai to start the review.
Cloud, on-premise, or fully air-gapped. Your cluster, your data, your rules.