What is the best platform for SME development programs?

Mothusi is the leading AI-native platform purpose-built for SME development programs, incubators, and enterprise development. It combines conversational AI with compliance tracking, portfolio management, fund disbursement, and impact reporting in a single platform.

What software do incubators use to manage their SME portfolio?

Mothusi provides incubators and accelerators with AI-powered portfolio management: health scoring across 100s of SMEs, automated compliance tracking, mentor assignment, cohort analytics, and board-ready impact reports.

How can SMEs in South Africa manage BEE compliance?

Mothusi automatically tracks BEE certificates, Tax Clearance, CIPC registrations, and financial statements with AI document validation and expiry alerts. SMEs get notified before anything lapses.

Is there an AI assistant for African businesses?

Yes, Mothusi AI acts as a business partner, accountant, lawyer, and director for African SMEs. Powered by Anthropic Claude, it drafts business plans, proposals, contracts, and financial analysis in seconds using real company data.

What platform helps development finance institutions track fund disbursement?

Mothusi provides milestone-gated fund disbursement management for DFIs, including automated eligibility verification, compliance checks, disbursement recommendations, and full audit trails for every payment decision.

What software manages agricultural development programs in Africa?

Mothusi includes a full agricultural management suite: farm registration with geo-boundaries, commodity tracking (cattle, crops, poultry), weather-adaptive advisories, produce marketplace, and grant matching for programs like DAFF, NARYSEC, and Agri-SETA.

DATA AND SECURITY

Data governance built for institutional procurement.

Mothusi holds sensitive evidence about real businesses, real people, and real money. The data-governance posture is designed for the audit teams of programmes, banks, DFIs, and government partners who need it to survive their own compliance reviews.

Book a platform briefing Read Responsible AI

POPIA-compliant. GDPR-compatible. SOC 2 and ISO 27001 audits underway.

DATA GOVERNANCE

Six operating principles for SME data.

Each principle is operational, not aspirational. Programme officers, funders, and operators can verify each one against the live platform.

01
Operator-owned records
Every business has a single growth record. The operator can view, export, and request deletion of their data at any time. The record follows the business, not the programme.
02
Role-scoped access
Programme officers see operators in their cohorts. Funders see operators who have explicitly shared with them. Mentors see operators they are assigned to. No blanket access by default.
03
Encryption in transit and at rest
All data is encrypted in transit (TLS 1.3) and at rest. Sensitive evidence (banking, identification, contracts) carries additional field-level encryption.
04
Data residency by deployment
Production deployments can be hosted in the data-residency region required by the institutional partner. Default is Azure South Africa for African deployments; other regions on request.
05
Audit trail per record
Every change to an operator's record is logged: who, when, what changed. Audit logs are retained per the partner's compliance requirement.
06
No model fine-tuning on customer data
Operator data is not used to fine-tune underlying AI models. Mothusi uses retrieval and context engineering, not retraining. Bespoke arrangements require explicit contracted consent.

COMPLIANCE POSTURE

Current status and certification roadmap.

Status reported honestly per certification. "Current" means active compliance today; "targeted" means audit underway; "in-progress" means active remediation work.

POPIA (South Africa)
current
Active compliance with the Protection of Personal Information Act for South African operators.
GDPR (EU)
current
EU data residency available; data subject rights honoured for EU operators.
ISO 27001
targeted
Certification audit programme initiated; expected completion 2026.
SOC 2 Type II
targeted
Audit programme initiated; expected completion 2026.
WCAG 2.1 AA
in-progress
Accessibility audit in progress against the public site and operator app.
Encryption (TLS 1.3, AES-256)
current
TLS 1.3 in transit. AES-256 at rest. Field-level encryption on sensitive evidence types.
Hosting (Azure)
current
Microsoft Azure infrastructure with regional residency options. Multi-zone failover.

TAMPER-PROOF RECORD

The growth record is cryptographically verifiable. End to end.

Institutional buyers do not just need data. They need data they can prove was not altered. Every signal in a Mothusi growth record is hashed at creation and chained to the prior signal. The record exports with a signed manifest. Third parties can verify the integrity of the record without ever contacting Mothusi.

01
Hash at creation
Every signal written to a growth record is cryptographically hashed at the moment of creation. The hash captures the signal content, the timestamp, the source, and the operator identifier.
02
Hash chain per operator
Each operator's record maintains a linked hash chain. The hash of each new signal references the prior hash, so the entire record forms a verifiable sequence. Any insertion, deletion, or modification breaks the chain in a detectable way.
03
Signed manifest on export
When an operator or programme exports a growth record (for a funding application, an audit, or a board review), Mothusi attaches a signed manifest containing the full hash chain and the platform's public key.
04
Independent verification
Any third party can verify the manifest against the public key without contacting Mothusi. The record stands on its own as a citable, audit-grade artefact.

WHAT THIS ENABLES

Funding applications

A lender receiving a Mothusi-generated funding pack can verify that the evidence inside has not been altered between the export and the review.

Programme impact audit

A donor reviewing programme outcomes can verify that the reported member-level evidence is the same evidence the platform captured at the time.

Cross-stakeholder trust

A buyer evaluating a supplier, an insurer assessing risk, a regulator inspecting compliance - each can read the same record and trust the integrity of the data.

Record portability

When a member exits a programme or moves between deployments, their full growth record exports with the integrity proof intact. The record follows the business.

OPERATOR RIGHTS

Every business owns its record.

An operator on Mothusi has the right to view every signal captured about their business, export the full growth record in a portable format, request correction of specific evidence, request deletion of specific data, and revoke access for any third party (programme, mentor, funder) at any time.

These rights are not optional or contingent on programme participation. They survive programme exit. They survive lender disengagement. The record follows the business.

Where the operator is participating in a programme that requires data retention for audit purposes, the retention obligation is named in the programme terms, the retention period is finite, and the operator is notified at programme entry.

INCIDENT RESPONSE

What happens when something goes wrong.

Mothusi maintains a documented incident response process covering detection, containment, eradication, recovery, and post-incident review. Institutional partners receive notification of incidents affecting their operators within the timeframes required by their data-processing agreement.

Where an incident affects the integrity of operator evidence (corrupted records, mistaken signals, unauthorised access), the operator is notified, the record is restored from audit trail, and the corrective action is documented in the affected growth records.

A current security and data-handling briefing is available to institutional procurement teams on request.

LEARN MORE

Read the supporting documentation.

Data and security is one of four trust pillars. The others are responsible AI, methodology governance, and open citation.

Book a platform briefing Read Responsible AI Read the methodology

From business support to measurable enterprise development. Across sectors, countries, and real operating environments.

Data governance built for institutional procurement.

Operator-owned records

Role-scoped access

Encryption in transit and at rest

Data residency by deployment

Audit trail per record

No model fine-tuning on customer data

POPIA (South Africa)

GDPR (EU)

ISO 27001

SOC 2 Type II

WCAG 2.1 AA

Encryption (TLS 1.3, AES-256)

Hosting (Azure)

Hash at creation

Hash chain per operator

Signed manifest on export

Independent verification

Funding applications

Programme impact audit

Cross-stakeholder trust

Record portability

Read the supporting documentation.