We design, build and operate AWS infrastructure and Bedrock agents for European SMBs. Nine products in production, NIS2 / DORA compliance from day one, and a monthly retainer with no lock-in.
Seven of our own digital products and two external clients. All running, all verifiable.
We dropped prices 60% so an SMB CTO can sign without three meetings. No lock-in, cancel anytime.
One week of read-only analysis on your AWS account to understand what you actually have today, what is bleeding money without return, and where generative AI can move the needle on your product.
Built for CTOs and small technical teams (1-5 engineers) who want an independent diagnostic before deciding whether to invest in a deeper audit, an MVP sprint, or staying as you are.
Two weeks of deep AWS architecture review applying the official Well-Architected Framework (the 6 pillars: operations, security, reliability, performance, cost, sustainability).
For companies running real production on AWS, who grew without external audit and need to know honestly where they are healthy, where they carry technical debt, and what to fix first before it becomes an incident.
Two weeks to take a generative AI idea from PDF to real production in your AWS account. Bedrock Claude Haiku + Lambda + DynamoDB + Next.js — the same stack behind Enekui's 9 products in production.
For founders and CTOs who need to validate traction of an AI product before investing 6 months of team. It ships to production, real people use it, you measure signal and decide whether to keep going.
Fractional CTO + embedded DevOps + your full web infrastructure operated by us, for SMBs that don't yet need or can't afford a full-time hire, but do need consistent senior technical judgement, weekly code review, and someone who understands their stack as if it were their own.
10 hours per week, no lock-in, async by default. Not a body shop, not 24/7 support — a technical partner who joins your Slack, decides with you, executes when needed, and runs your web platform with the same security baseline as the Hall of Fame portfolio.
If you don't have your web platform set up — or you're stuck on a hosting that doesn't reach Internet.nl 100% — we operate it for you as part of the retainer, no extra cost. Same architecture you can verify in our Hall of Fame.
Internal Bedrock agent connected to your real business systems. Your team asks "who owes me more than 30 days?" or "give me last RFP from client X" in natural language and gets answers from your real data — Holded, Microsoft 365, Google Drive, custom CRM.
For SMBs 10-100 employees with modern stack (Holded / M365 / Workspace) where the team wastes hours every week searching across systems. 50-60% cheaper than Microsoft Copilot 365 (€30/user/mo) and connects beyond M365 — which Copilot can't.
One week of productised hardening so your domain and your web infrastructure pass public verifications with top scores — Internet.nl 100%, SSL Labs A+, securityheaders.com A+, MTA-STS test ok.
For companies that want to close the "front-facing" security gap before a serious commercial process (RFP, due diligence, enterprise partner) without embarking on a months-long project.
High-performance technical website + Bedrock Haiku conversational bot fine-tuned to your catalog or services. Two tiers anchored against traditional web agencies that charge the same for a static brochure without AI.
For SMBs (clinics, salons, law firms, niche e-commerce, B2B SaaS) who don't want to hire an agency that builds them WordPress and need something that qualifies leads or answers FAQs 24/7 without you on the phone.
Full-stack web application + mobile apps for iOS and Android with conversational AI built-in. Two public tiers anchored against typical agency quotes that ask €15,000-50,000 for the same scope without AI.
For SMBs (clinics, gyms, gestorías, niche marketplaces, B2B SaaS) and traditional businesses (restaurants, advisors, retail) who need a real app for their end users — not a brochure WordPress.
The exact same conversational AI bot we use on enekui.io to qualify leads (talk to Kari right now to see it in action), with a system prompt tuned to YOUR services and embedded on YOUR existing website with one script tag.
For SMBs that already have a website but want to capture qualified leads 24/7 without you on the phone. 20-30% cheaper than custom Spanish chatbot agencies (€2,000-6,000 setup + €100-500/mo) with measurably better security baseline (A+ Mozilla, Internet.nl 100%) and zero lock-in.
Spanish agencies sell hardening. We leave it open in three independent public audits. Dutch government Internet.nl, Mozilla Observatory, Chromium HSTS preload list. No marketing — just scores you can re-run yourself in 30 seconds.
Every domain we own or operate is at 100% on the Dutch government's Internet.nl public test. DNSSEC chain of trust, TLS 1.3 only, ECDSA P-256, all security headers, RPKI authorised routes, security.txt RFC 9116. Total cost: 0€ over Free tier — pure AWS architecture, no Cloudflare Pro, no premium plans. Same baseline ships with our Security & compliance package · 1.990€.
We don't claim to be secure — we leave it verifiable. Anyone can run our domain through Internet.nl, SSL Labs or mxtoolbox and see the score live. Same baseline applies to our clients from day one.
WAFv2 with OWASP Top 10 in front. CloudFront with TLS 1.3 only and DNSSEC chain in the middle. S3 with KMS-encrypted objects behind. An attacker has to get through all three before reaching anything — and even then, objects are AES-256 at rest with rotated CMK.
Origin check at the edge. Bedrock Guardrails redact PII before reaching the model. Haiku 4.5 with prompt caching answers in <800ms p50. Session memory in DynamoDB with 24h TTL. Lead notification via SES with DKIM signed.
Public domain verification. Last measured on enekui.io: 100/100 across email auth, web security and modern HTTPS.
Bots, SQL injection attempts, aggressive scrapers, scanners hunting for /wp-admin. None reach your Lambda.
p=rejectRUA/RUF reporting active, MTA-STS enforce, TLS-RPT. No one cold-spoofs your domain.
$ openssl s_client -connect enekui.io:443 -tls1_2
Error: TLSv1.2 not supported
$ openssl s_client -connect enekui.io:443 -tls1_3
SSL handshake · 0-RTT · ChaCha20-Poly1305
Cert · Let's Encrypt · ECDSA P-256
HSTS · max-age 63072000 · preload# Before reaching the model
redact: [PII, NIE, IBAN-ES, AWS_KEYS]
deny_topics: [jailbreak, legal, medical]
strength: HIGH
# Result
→ "My NIE is {NIE}, can you..."
→ blocked: PII detectedDS records published to the TLD verify nobody has hijacked your DNS zone. CAA records limit which CA can issue certs.
Regulatory frameworks we prepare clients for
Verify it yourself · without asking us