Privacy by design in Haruko

Privacy isn't a checkbox you tick at the end of development. In Haruko, it's an architectural decision made at the start.

Encryption at rest

Sensitive fields in the student's compiled model and session transcripts are encrypted with Fernet before being stored in the database.

Immutable audit log

Every access to a minor's data is recorded in an append-only table. No one can delete that record.

Separate analytics

Aggregated metrics live in a separate database schema, with no foreign keys to tables containing personal data. They're only reported if at least 30 students contribute (k-anonymity).

Law 21.719

Chile enacted its personal data protection law in 2024. Haruko complies from day one, before it takes full effect.