Transitioning to enterprise software. Services live now. First product, RAG Studio, ships Q4 2026. See the roadmap →
sonofgraigsonofgraig isometric mark. Primary. Three-face hexagonal prism. Flat colour.
sonofgraig
5 clusters · One unified subscription · POPIA-native

The enterprise AI
platform Africa
has been waiting for.

18 service capabilities converted into 5 focused SaaS product clusters. Everything POPIA-compliant by architecture, not by checkbox. ZAR-priced so your budget does not move when the rand does. Hosted entirely in AWS af-south-1.

Apply for early access See pricing — from R4,999/mo Explore the platform
POPIA Section 11, 19, 22, 72
AWS af-south-1 · Cape Town
B-BBEE certified supplier
ZAR pricing · no FX risk
Platform architecture
5 clusters. 18 capabilities. One subscription.

Each cluster is an independently subscribable SaaS product. Starter includes one cluster, Growth includes three, Enterprise includes all five. Every cluster ships with the same POPIA compliance foundation.

Cluster 01
AI Dev Platform
Agent Builder · RAG Studio · ML Ops · Governance Hub
Phase 1 · Q4 2026
Cluster 02
Cloud & DevOps
Cloud Console · Pipeline Builder · Security · FinOps
Phase 2 · Q2 2027
Cluster 03
Data & Analytics
Analytics Studio · Data Pipelines · Workflow Engine
Phase 2 · Q2 2027
Cluster 04
Creative & XR
Design System Gen · Brand Studio · XR Builder
Phase 3 · 2027+
Cluster 05
Dev Platform
App Builder · IoT Platform · Smart Contract IDE
Phase 3 · 2027+
Cluster 01 · Phase 1 · Shipping Q4 2026

AI Dev Platform

The intelligence engine for South African enterprise. Build, deploy, govern, and audit autonomous AI agents and knowledge retrieval systems — with POPIA compliance baked into every layer. RAG Studio is the first product to ship, followed by Agent Builder in beta Q1 2027.

Apply for early access Read our RAG guide
3 founding customer slots remaining 247 organisations on waitlist
Cluster status & compliance
RAG Studio — Early access Q4 2026
Agent Builder — Beta Q1 2027
ML Ops — Q1 2027
Governance Hub — Q1 2027
Data residency: AWS af-south-1
Pricing: from R4,999/month ZAR
POPIA s.11POPIA s.14 POPIA s.19POPIA s.72 PII scrubbingAudit log SOC 2 in progress
RAG Studio
Early access Q4 2026

Connect your enterprise documents to a retrieval-augmented AI that gives cited, auditable answers. PII is scrubbed before embedding. All data stays in af-south-1. Query-level audit logs exported on demand for POPIA Section 19 compliance.

PII scrubber middleware — runs before embedding, detects SA ID numbers, phone, email
Cited answers — every response links to source document and chunk
Multi-format ingestion — PDF, Word, PowerPoint, HTML, Markdown, CSV
Document access control — row-level security, users see only permitted documents
Immutable audit log — query hash, document IDs, model version, timestamp
Claude + Gemini — model selection per use case
pgvectorSupabase RLSClaude APITypeScript
Details
Agent Builder
Beta Q1 2027

Visual canvas for building, testing, and deploying multi-agent AI workflows. Every agent execution is logged with a full trace. Human oversight controls are mandatory — agents cannot take consequential actions without a defined approval step.

Visual canvas — drag-and-drop agent workflow design
Execution trace — every decision point logged and reviewable
500+ tool integrations — APIs, databases, webhooks, email, calendar
Human-in-the-loop — approval gates for consequential agent actions
RAG integration — agents query your knowledge base as a tool
Google GenkitLangChain.jsComposio
Details
ML Ops
Q1 2027

Model training, fine-tuning, and deployment pipelines. Run fine-tuning jobs on your proprietary data without that data leaving af-south-1. Deploy models with version control, rollback, and A/B testing built in.

Fine-tuning on proprietary data — stays in af-south-1
Model versioning, rollback, and canary deployment
Training job monitoring with Prometheus metrics
Integration with RAG Studio and Agent Builder
PyTorchHugging FaceKubernetes
Details
Governance Hub
Q1 2027

Automated POPIA compliance reporting, bias detection, SHAP explainability, and model card generation. The audit trail your board, CISO, and Information Regulator will ask for — generated automatically from your AI Dev Platform usage.

POPIA compliance reports — exportable PDF for board reporting
Bias detection on model outputs using Fairlearn
SHAP explainability — human-readable decision explanations
Automated model cards for each deployed model
SHAPFairlearnPOPIA s.19
Details
LLM allocation (Growth)
5M
tokens per month
Document storage (Growth)
500 GB
pgvector af-south-1
Agent executions (Growth)
50K
per month
Supported models
Claude + Gemini
Sonnet, Opus, Gemini Pro

Who uses AI Dev Platform

Financial services
POPIA-compliant document intelligence for legal and compliance teams
Query thousands of regulatory documents, contracts, and client files — with cited answers and a full audit trail. PII scrubbed before any content leaves your document boundary.
Professional services
Internal knowledge base for Big 4 and law firms
Reduce time lawyers and consultants spend searching precedents, internal memos, and prior work. Access permissions enforced at the document level.
Healthcare admin
Patient record AI with strict POPIA Section 26 safeguards
Query clinical protocols and administrative procedures without exposing special personal information. Human oversight required for any AI output that informs a patient-facing decision.
Cluster 02 · Phase 2 · Q2 2027

Cloud & DevOps

Zero-trust cloud infrastructure, Kubernetes orchestration, CI/CD pipelines, security posture management, and cloud cost optimisation — all with POPIA Section 72 data residency enforcement at the infrastructure layer. Built on the same stack sonofgraig uses to run its own platform.

Join early interest list
Cluster status
Cloud Console — Q2 2027
Pipeline Builder — Q2 2027
Security Posture — Q3 2027
FinOps Dashboard — Q3 2027
Funded by: Phase 1 platform revenue
POPIA s.72af-south-1 Zero-trustSOC 2
Cloud Console
Q2 2027

Unified multi-cloud resource management. AWS, Azure South Africa North, and GCP Johannesburg in one dashboard. POPIA Section 72 residency policies enforced — resources cannot be provisioned outside permitted regions without explicit override approval.

Multi-cloud resource view — AWS, Azure, GCP
Region-lock policies enforced at provisioning
Cost allocation by department, project, and service
TerraformPulumiAWS CDK
Pipeline Builder
Q2 2027

Visual CI/CD workflow designer. GitHub Actions, GitLab CI, and Bitbucket Pipelines supported. Terraform IaC integration. Helm chart management for Kubernetes deployments. Pipeline-as-code with YAML generation from visual configuration.

GitHub Actions + GitLab CI support
Terraform IaC generation from visual canvas
Kubernetes Helm chart management and rollback
GitHub ActionsHelmKubernetes
Security Posture
Q3 2027

Zero-trust security posture management. Prometheus alerting with Grafana dashboards. Automated vulnerability scanning, secrets rotation, and POPIA breach-detection tripwires built into the monitoring stack.

Zero-trust network policy enforcement
Prometheus + Grafana monitoring stack
Automated secrets rotation via AWS Secrets Manager
PrometheusGrafanaVault
FinOps Dashboard
Q3 2027

Cloud cost allocation, budget enforcement, and right-sizing recommendations. Track cloud spend in ZAR to eliminate FX complexity in your budget reporting. Anomaly detection flags unexpected spend spikes before they hit your invoice.

Cloud cost tracking in ZAR — no FX conversion required
Budget alerts and department-level spend limits
Right-sizing recommendations and reserved instance planning
AWS Cost ExplorerZAR billing
Enterprise IT
Zero-trust cloud migration with POPIA-enforced residency
Migrate legacy on-premises workloads to AWS af-south-1 with region-lock policies that prevent accidental cross-border data movement.
Financial services
SARB and PA-compliant cloud infrastructure
Build cloud environments that satisfy Prudential Authority cloud guidance, with automated evidence collection for the PA's cloud register requirements.
Software teams
CI/CD pipelines for South African SaaS
Ship faster with automated pipelines that include POPIA checks as a deployment gate — code cannot reach production if POPIA policy tests fail.
Cluster 03 · Phase 2 · Q2 2027

Data & Analytics

The intelligence operations layer. Visual ETL/ELT pipeline design, embedded BI dashboards, and workflow automation — built with POPIA data lineage from the first pipeline stage. No SQL required for business analysts. Full lineage documentation for POPIA data subject access requests.

Join early interest list
Cluster status
Analytics Studio — Q2 2027
Data Pipelines — Q2 2027
Workflow Engine — Q3 2027
Data residency: af-south-1 enforced
POPIA lineageData minimisation af-south-1SOC 2
Analytics Studio
Q2 2027

Embedded BI dashboards for operational and executive reporting. Drag-and-drop chart builder. No SQL required for standard dashboards. Live data connectors to 50+ South African and global business systems. All queries run in af-south-1.

Drag-and-drop dashboard builder — no SQL for business users
50+ connectors including SAP, Sage, Xero, Salesforce
AI-assisted chart recommendations based on your data
Row-level security — users see only their permitted data
SupabaseMetabasedbt
Data Pipelines
Q2 2027

Visual ETL/ELT pipeline design for enterprise data teams. POPIA data lineage is tracked automatically — every transformation records source, purpose, legal basis, and output destination. Lineage maps are exportable for POPIA data subject access requests.

Visual ETL designer — 200+ source and destination connectors
POPIA data lineage — tracks legal basis per transformation
Scheduled and event-triggered pipeline execution
Apache AirflowdbtKafka
Workflow Engine
Q3 2027

500+ app integrations with a visual workflow builder for automating repetitive data processes. Schedule-based, webhook-based, and event-based trigger support. Every workflow execution is logged with POPIA processing basis documentation. South African-specific connectors: SARS eFiling API, Standard Bank, FNB, Nedbank business banking feeds.

500+ application connectors
SA bank feed connectors (Standard Bank, FNB, Nedbank)
Schedule, webhook, and event triggers
POPIA processing basis per workflow
n8nZapier-compatibleWebhooksSA banking APIs
Cluster 04 · Phase 3 · 2027+

Creative & XR Studio

The experience layer. AI-assisted design system generation, brand asset creation, and AR/VR experience building for enterprise training, customer experience, and product visualisation. Phase 3 — scope is defined, build has not started. Revenue from Phase 1 and 2 funds this cluster.

Register interest
Cluster status
Design System Gen — 2027+
Brand Studio — 2027+
XR Builder — 2028
Viability: 3/5 — dependent on Phase 1+2 revenue
Planning stageScope defined
Design System Gen
2027+

Auto-generate complete component libraries from your brand tokens. Input your primary colour, typography, and spacing scale — output a production-ready React component library with Storybook documentation, Figma components, and Tailwind configuration.

Brand token to component library conversion
React, Vue, and Angular component output
Storybook auto-generation and Figma sync
ReactFigma APIStorybook
Brand Studio
2027+

AI-assisted brand asset creation and consistency management. Generate on-brand marketing assets, social content, and presentations at scale. Brand guardrail enforcement — outputs that violate brand guidelines are flagged before delivery.

On-brand asset generation at enterprise scale
Brand guideline guardrails — outputs reviewed before delivery
Presentation deck generation from structured data
FluxClaude VisionSVG generation
XR Builder
2028

No-code AR/VR experience creator for enterprise training, product visualisation, and client demonstrations. Deploy to Meta Quest, Apple Vision Pro, and web-based WebXR. South African enterprise training use cases: factory floor safety training, mining site inductions, financial product education.

No-code XR experience builder
Meta Quest, Apple Vision Pro, WebXR output
Training completion tracking and POPIA-compliant user logs
3D model import from Blender, AutoCAD, SketchUp
WebXRThree.jsMeta QuestApple Vision Pro
Cluster 05 · Phase 3 · 2027+

Dev Platform

Low-code application development, enterprise IoT device management, and blockchain smart contract tooling — for South African enterprise and government use cases. Phase 3 — dependent on Phase 1 and 2 revenue. Service delivery in these areas continues while the platform is built.

Register interest
Cluster status
App Builder — 2027+
IoT Platform — 2028
Smart Contract IDE — 2028
Viability: 3/5 — dependent on Phase 1+2
Planning stageScope defined
App Builder
2027+

Low-code platform for building enterprise applications without a full development team. Visual UI designer, business logic builder, and database schema generator. Outputs production-ready Next.js applications connected to Supabase backends in af-south-1.

Visual UI designer + logic builder
Outputs Next.js + Supabase production code
POPIA-compliant data model templates included
Next.jsSupabaseTypeScript
IoT Platform
2028

Enterprise IoT device management and data ingestion. South African manufacturing, mining, agriculture, and smart building use cases. Device telemetry processed in af-south-1 — no sensor data leaves South Africa by default. POPIA applies to IoT data that can identify individuals.

Device fleet management at enterprise scale
Telemetry processing in af-south-1
Mining and manufacturing SA-specific sensor connectors
MQTTAWS IoT CoreTime-series DB
Smart Contract IDE
2028

Integrated development environment for Solidity and RUST smart contracts. South African enterprise blockchain use cases: land registry, supply chain provenance, B-BBEE certification on-chain, and trade finance. AI-assisted contract audit before deployment. POPIA applies — personal data must not be written to public blockchains.

Solidity and RUST contract development
AI-assisted contract security audit
SA land registry and supply chain templates
POPIA guardrails — prevents PII on public chains
SolidityRUSTEthereumHyperledger
Technical foundation

Every cluster. Same compliance foundation.

All five clusters are built on the same infrastructure stack and share the same POPIA compliance layers. Compliance is not a product feature — it is the foundation every product is built on.

01
Frontend — Next.js 15 App Router
Server-side rendering for SEO and performance. TypeScript strict mode. Sora + Inter fonts. Dark/light theming via data attributes.
Next.js 15TypeScriptTailwindRadix UI
02
API layer — GoLang + Hono.js
GoLang for performance-critical services (embedding, PII scrubbing, agent execution). Hono.js for lightweight REST APIs and webhooks.
GoLangHono.jsgRPC
03
Data layer — Supabase + pgvector
PostgreSQL with pgvector extension for vector similarity search. Row-level security for multi-tenant isolation. POPIA audit log in immutable table with Postgres rules preventing deletion.
SupabasepgvectorPostgreSQL 16RLS
04
AI layer — Claude + Google Genkit
Claude (Anthropic) for reasoning. Google Genkit for agent orchestration and tool calling. All inference calls include PII-scrubbed content only.
Claude APIGenkitLangChain.jsComposio
05
Infrastructure — AWS af-south-1
All production workloads in Cape Town. EC2, S3, RDS, Secrets Manager, VPC with no internet gateway by default. Terraform IaC. POPIA Section 72 enforced at the infrastructure level.
AWS af-south-1TerraformKubernetesPrometheus
100%
Data processed in South Africa — AWS af-south-1 (Cape Town)
Zero
Personal information transmitted to external LLM APIs without PII scrubbing
TLS 1.3
All data in transit encrypted. AES-256 at rest on all storage layers.
5 sections
POPIA sections addressed by architecture: 11, 14, 19, 22, 72
Query-level
Audit log granularity — every RAG query and agent execution logged with immutable timestamp
Built for enterprise procurement

POPIA compliance is architecture, not a feature

Every cluster ships with the same compliance foundation. There is no "compliance add-on" to purchase. The eight conditions for lawful processing are enforced in the platform infrastructure.

POPIA Section 11 — Consent
Five-category consent management. Timestamped consent records. Withdrawal handled within 24 hours. Processing basis documented per document and per workflow.
Active
POPIA Section 14 — Collection limitation
PII scrubber runs before embedding. Only information necessary for the stated purpose is retained. Document purpose statement required at ingestion.
Enforced
POPIA Section 19 — Security safeguards
TLS 1.3 in transit, AES-256 at rest. Role-based access control with Supabase RLS. Immutable query audit log. MFA enforced for all staff accessing production.
Active
POPIA Section 22 — Breach notification
Documented breach response procedure. Information Regulator notification within 72 hours. Data subjects notified as soon as reasonably possible. Breach scenario tested annually.
Documented
POPIA Section 72 — Data residency
All production data processed in AWS af-south-1 (Cape Town, South Africa). No cross-border transfer of personal information without explicit consent. Enforced at infrastructure layer, not by contract.
Enforced
SOC 2 Type II
Audit process initiated. Controls implementation is the current phase. Type II report targeted within 18 months — the primary security certification required by financial services procurement teams.
In progress
POPIA Act 4 of 2013 B-BBEE certified CIPC registered AWS af-south-1 Information Regulator registered SOC 2 Type II — in progress ISO 27001 — year 2 CIPC trademark — filed
Honest roadmap

When each cluster ships

We publish this because enterprise buyers deserve to know the actual state of the product they are evaluating. Services revenue funds the build. The timeline is realistic, not aspirational.

Now → Q4 2026
AI Dev Platform
RAG Studio
Agent Builder (Q4)
ML Ops (Q1 2027)
Governance Hub (Q1 2027)
Active build
Q2 2027
Cloud & DevOps
Cloud Console
Pipeline Builder
Security Posture (Q3)
FinOps (Q3 2027)
On roadmap
Q2 2027
Data & Analytics
Analytics Studio
Data Pipelines
Workflow Engine (Q3)
On roadmap
2027+
Creative & XR
Design System Gen
Brand Studio
XR Builder (2028)
Planning
2027+
Dev Platform
App Builder
IoT Platform (2028)
Smart Contract IDE (2028)
Planning
Ready to start
Three ways to get started
with sonofgraig

Whether you want to apply for early access to RAG Studio, start with a service project, or simply talk to the founding team before committing — we have a path for you. All conversations happen in South African business hours.

Apply for early access Talk to the founding team See pricing — from R4,999/mo