Huka handles client data, financial records, and municipal submission history. We take that responsibility seriously.
All tenant data — projects, documents, financials — is stored in South African cloud regions. Nothing leaves the country by default.
We operate under the Protection of Personal Information Act. A Data Processing Agreement (DPA) is available on request for any tier.
Data is encrypted at rest with AES-256 and in transit over TLS 1.3. Supabase-managed database encryption is enabled for all tenants.
Three roles — admin, planner, and viewer — scope every action. The MCP server is read-only by default; write actions require explicit opt-in.
Every data change is recorded. Studio retains 90 days, Practice 2 years, Enterprise is configurable. Logs are exportable on request.
An independent third-party security assessment is conducted annually. Findings are remediated before the next release cycle.