Sovereign AI by AOLC.

The models come to your data — not the other way around. All storage and inference inside South Africa.

AI That Doesn't Leave South Africa.

Some workloads can't cross borders. Archives holding a century of institutional memory. Legal matter files under attorney-client privilege. Medical records, financial records, government records. For these, the standard answer — "send it to a US AI API and trust the contract" — is the wrong answer.

Sovereign AI by AOLC is built the other way. Open-weights models, self-hosted on South-African-domiciled infrastructure. No Anthropic, no OpenAI, no Gemini, no Bedrock on the data path. Your data stays inside the country. We act as POPIA Operator under section 20. Everything is reversible on notice.

This is architectural sovereignty — not just contractual. If the law changes, the architecture still holds.

Book a Scoping Call
Sovereign AI inside South Africa

Five Guarantees.

The commitments we'd hold ourselves to, in writing, as Operator.

Data Residency

All storage and inference inside South Africa. No cross-border transfer. POPIA §72 grounds are not required because no transfer occurs.

No Third-Party Training

Your content is never used to train any commercial or foreign model. Open-weights models are invoked for inference only — weights are not updated using your data.

You Retain Ownership

Source material, derived metadata, transcripts, embeddings, and any models fine-tuned on your content remain your property. AOLC is Operator, not owner.

POPIA-Aligned Operator

AOLC processes data only on your documented instructions, as Operator under section 20 of the Protection of Personal Information Act. You remain the Responsible Party.

Fully Reversible

Exit on notice. On termination, all data is cryptographically erased and a certificate of destruction is issued. Portable in open formats at any point during the engagement.

Architectural, Not Contractual

Sovereignty is enforced by where the infrastructure sits and what the code does — not only by what the contract says. If the law changes, the architecture still holds.

How It's Built.

Every component sits inside the South African sovereignty boundary. No foreign SaaS AI provider is on the data path.

🇿🇦 South Africa Sovereignty Boundary

Your Environment

  • Source data
  • Finding aids / records
  • Authenticated workstations
  • SSO / identity (optional)
Data owner: you.

AOLC Orchestration VPS

  • Johannesburg region
  • Ingestion + API gateway
  • Per-tenant isolation
  • Immutable audit log
  • Encrypted at rest (AES-256)
  • TLS 1.3 in transit

Self-Hosted Models

  • SA-domiciled GPU compute
  • Vision LLMs (HTR / metadata)
  • Embeddings (semantic search)
  • ASR (transcription)
  • Open-weights only
  • No outbound training
Records in over HTTPS (tenant-scoped) → inference request over private network → structured JSON results back
Trust boundary: you retain ownership and control. AOLC acts as POPIA Operator. Data is processed, not harvested, and is destroyed on engagement exit.

What's Not on the Data Path.

The differentiator is defined as much by what we don't use as by what we do.

Foreign AI APIs we don't call

  • Anthropic (Claude) — US
  • OpenAI (ChatGPT, GPT-4) — US
  • Google Gemini / Vertex AI — US
  • Microsoft Azure OpenAI — US
  • AWS Bedrock — US
  • Any other foreign LLM API provider

What runs on the data path instead

  • Open-weights models — Llama family, Whisper, open vision LLMs, open embedding models
  • Self-hosted, in-tenancy — AOLC operates the inference endpoint, no third-party API calls
  • SA-domiciled infrastructure — orchestration and GPU compute both in Johannesburg
  • TLS 1.3 + AES-256 — encryption in transit and at rest
  • Immutable audit log — every inference call logged, exportable on request

Full sub-processor list and architecture detail available under NDA as part of the vendor onboarding pack.

What It Can Do.

The shape of what's possible when AI can reach your data without the data leaving the country.

📝

Metadata Drafting

Auto-draft catalogue entries, finding aids, or file-level metadata from scans and documents. Human reviewer approves or corrects.

📖

Handwritten-Text Recognition

Cursive English, Afrikaans, Dutch and other languages transcribed at scale. Useful for historical records, clinical notes, and older paper correspondence.

📷

Photograph & Image Analysis

Caption, cluster, and date previously unidentified images. Applies equally to archival photographs, evidence photos, and inspection records.

🔍

Semantic Search

Ask questions in natural language; the system retrieves relevant records across large collections. Embeddings stay inside the sovereignty boundary.

🎤

Transcription & Translation

Recorded interviews, oral histories, depositions, compliance call recordings — transcribed, translated between SA languages, and theme-tagged.

🛡

POPIA Redaction Assist

Flag likely personal information before a record is released. Human still makes the release decision; AI just makes the review faster.

Phases and Gates.

Every phase ends with an explicit decision point. Nothing rolls forward on inertia.

0

Discovery

Day 1

Workflow walk-through, pain-point mapping, architecture review, NDA. Exit: agreement on scope and success metric.

1

Onboarding

~2–3 weeks

Vendor registration with your IT function, POPIA Operator schedule signed, isolated pilot environment provisioned. Exit: approval to process the agreed scope.

2

Pilot

4–6 weeks

AI-assisted processing with human-in-the-loop review. Weekly written progress. Accuracy measured and recorded. Exit: joint go / no-go recommendation with evidence.

3

Exit or Expansion

Your decision

No-go: certificate of destruction, return of artefacts, case study published. Go: Phase 2 proposal through your standard procurement route.

Who It's For.

Sectors where data residency is a legal, regulatory, or professional obligation — not a preference.

Archives & Research

Institutional memory, heritage collections, research data. POPIA applies to personal information in living-person records; many collections sit under donor restriction. Research & Archives →

Government

Departments, municipalities, state entities. Data localisation pressure, POPIA obligations, and public-sector IT standards make cross-border AI a hard sell. Public Sector →

Legal

Matter file review, discovery redaction, contract summarisation. Attorney-client privilege and LPC rules make sovereignty a professional-duty question, not just a compliance one.

Medical

Patient records are special personal information under POPIA. HPCSA layers sit on top. AI that processes clinical data without leaving the country is the safer default.

Financial Services

Banks, insurers, FSPs, brokers. SARB, FSCA, FICA and POPIA together make data-path questions a board-level issue. Sovereign inference removes the cross-border question.

Your Sector

If your workload has a "must stay in South Africa" constraint — statutory, contractual, or reputational — talk to us. Tell us about it →

We've Done This Before.

AOLC builds and operates multi-tenant AI-powered platforms in production.

StaffWatch

A workforce-monitoring platform we built and run. Per-tenant SQLite isolation, AI-assisted activity categorisation, immutable audit trails, and a staff-facing acceptance workflow. Live, with paying customers. See StaffWatch →

ServiceDesk

Our in-house IT service-management platform. Multi-tenant on PostgreSQL, automated ticket routing, AI-assisted triage and summarisation, SLA engine, and native GRC module. See ServiceDesk →

These are examples of what we've built — evidence of delivery, not products we're trying to sell you here. Sovereign AI engagements draw on the same multi-tenant isolation, audit logging, and production AI integration muscle.

The models come to your data — not the other way around.

Architecturally, not contractually. If the law changes, the architecture still holds.

Book a Scoping Call.

Tell us about the workload and the constraints. We'll respond within one business day.