Back to HAKI

Privacy Policy

Last updated: May 4, 2026

Our commitment

HAKI handles sensitive legal information about people experiencing the worst day of their lives. We have engineered the platform so that personal data is collected only when strictly necessary to deliver justice, never sold or used for advertising, and accessible only to the parties whose role requires it. This is a technical architecture, not a marketing claim.

What HAKI collects

HAKI processes the minimum information needed to support a citizen complaint and its police validation:

  • The voice recording and transcript of the citizen's interview
  • Structured incident details extracted by the AI Interview Engine
  • Citizen contact information needed to send status updates (phone number or email)
  • Police officer credentials for role-based access and validation actions
  • Audit-trail metadata: timestamps, user IDs, and state changes for every case action

What HAKI does not collect

  • Browsing or tracking data of any kind. There are no third-party analytics, advertising or tracking pixels.
  • Device identifiers beyond what is needed for session security.
  • Location data outside the optional district field on a citizen complaint.
  • Information about people who are not parties to a complaint.

How HAKI protects data

HAKI applies the Plexaris Quantum Shield framework: HTTPS in transit, encrypted storage at rest, JWT-authenticated sessions, role-based access for five user types, strict CSP, HSTS preload, rate limiting, CSRF protection, and write-once-read-many storage for evidence. The platform's audit log is append-only and cryptographically chained. Detailed technical architecture is available to procurement evaluators on request.

Who can see what

  • The citizen sees only their own report and its status.
  • Police officers see complaints assigned to their queue, with full transcript and AI analysis.
  • Reviewers and judiciary partners see cases routed for second-line review.
  • Administrators manage users and configurations but do not access case content unless investigating an audit issue.
  • The HAKI development team does not access citizen-identified content in production. Engineering work is done against anonymised or synthetic data.

Retention

Case records are retained according to the legal requirements of the jurisdiction in which the case was filed. The default for Uganda criminal cases is seven years from case closure, after which records are automatically archived in cold storage with continued cryptographic integrity. Citizens can request deletion of contact details at any time.

Your rights

Consistent with GDPR (where applicable) and the Uganda Data Protection and Privacy Act 2019, citizens have the right to:

  • Request a copy of their data (data portability)
  • Correct factual errors in their complaint or contact details
  • Request deletion of personal contact details (the case record itself is preserved as legal evidence)
  • Withdraw consent for non-essential processing
  • File a complaint with the Personal Data Protection Office (Uganda) or the relevant supervisory authority in their country

Requests can be sent to privacy@haki.legal. We respond within 30 days.

Sub-processors

HAKI relies on a small number of operational sub-processors for hosting, language services and email delivery. The current list is maintained internally and is shared with procurement evaluators on request. We notify partner organisations of material changes before they take effect.

Law enforcement requests

HAKI is a tool for police and judicial workflow, not a back door. We comply with valid legal process from competent authorities in the jurisdiction in which a case is filed. We do not voluntarily share data with foreign law enforcement absent a valid legal basis. Where the law permits, affected parties are notified of disclosure.

Changes to this policy

HAKI is a living platform in pilot phase. Material changes to this privacy policy are announced to partner organisations and reflected at the top of this page. This page is the authoritative current version.

Contact

For privacy questions: privacy@haki.legal
For general inquiries or pilot conversations: request a demo.

© 2026 HAKI Uganda · Plexaris Uganda Ltd. Privacy · Terms · Accessibility