Hara Exchange logo Hara Exchange
Sovereign data exchange for Indonesia

A sovereign data exchange that is quantum-resistant, AI-augmented, and compliant by architecture.

Hara Exchange lets government agencies, businesses, and citizens share data peer-to-peer under the data subject's cryptographic consent — never through a central hub. Built on UU PDP, GDPR, NIST PQC, and W3C DID standards.

See the features 29 modules · 7 clusters Try it live
29
modules
< 200ms
exchange p95
72 h
offline tolerance
PQC
ML-DSA-65 + ML-KEM-768

What Hara Exchange gives you

PQC hybrid signing

Every envelope carries Ed25519 + ML-DSA-65 dual signatures (NIST FIPS 204). Connection is authenticated if either signature verifies — protecting you across the quantum migration.

On-chain consent

Personal-data exchanges require a signed consent record on HaraLedger before they can be transmitted. UU PDP §32 enforced in protocol, not policy.

Compliance gate

12 UU PDP / GDPR / OJK / charter rules evaluate every exchange before signing. Refused exchanges never hit the wire — and every refusal cites its rule.

Tamper-evident audit

Append-only Merkle log + hourly IOTA root anchor. Court-grade ASiC-E export bundle in one HTTP call.

Right-to-erasure in 14 days

HaraLineage walks the provenance graph and produces a per-system DELETE / ANONYMIZE / NO_ACTION plan automatically. UU PDP §43 closed.

Multi-org, peer-to-peer

No central hub. Each organisation runs its own HaraGate; data flows directly. The blockchain only holds identity, consent, and access — never payloads.

Six SDKs

TypeScript · Python · Go · Java · Kotlin · Rust. All generated from one OpenAPI 3.1 spec. Time-to-first-exchange < 15 minutes.

Intelligence layer

HaraGuard catches anomalies on metadata only; HaraFraud detects rings via Neo4j graphs; HaraLink assembles Golden Records from multiple sources.

Legacy bridges

SOAP / HL7 v2 / fixed-width / DB row adapters. Connect Coretax, BPJS legacy systems, hospital LIS, and mainframes without touching their code.

Five design mandates

Every product decision must satisfy at least one. If it serves none of these, it is not built.

1. Sovereign by Design
Data never moves without verifiable consent. Period.
2. Quantum-Resistant from Day One
ML-KEM + ML-DSA hybrid. No new RSA. Ever.
3. Intelligently Automated
Manual work is a defect. Anything a legacy exchange makes you wire by hand, Hara Exchange does for you.
4. Compliance is Architecture
UU PDP cannot be technically violated. Refusals are protocol-level.
5. Zero to Productive in Minutes
First verified exchange < 15 minutes from clone to demo.

Benefits by stakeholder

Citizen
  • One wallet to see who accessed your data, when, and why.
  • Revoke any consent with a single tap.
  • Selective disclosure & ZKP — prove you're a farmer without revealing NIK.
Government Agency
  • RPJMN cockpit with live differential-privacy aggregates from 6+ ministries.
  • UU PDP compliance enforced at the protocol layer — not at audit time.
  • Federation with ASEAN-SW, Gaia-X, and EU EUDR.
Bank / Insurer
  • 90-second KYC using Dukcapil VC + DJP NPWP + ZKP age proof.
  • PSR loan in < 3 sec with 6 parallel signed calls.
  • OJK-grade audit trail per exchange (ASiC-E export).
Hospital / Clinic
  • HL7 v2 → FHIR R4 bridge for legacy LIS.
  • BPJS INA-CBG claim chain settled cryptographically.
  • Health-data sensitivity auto-classified by HaraLens.
Developer
  • One OpenAPI 3.1 spec, six SDKs.
  • Sandbox with three live mock domains, no governance ticket.
  • 15-minute quickstart from clone to your first signed exchange.
Regulator (DPO / OJK / BSSN)
  • Right-to-erasure walks the lineage in seconds.
  • Tamper-evident logs anchored to IOTA, exportable as ASiC-E.
  • HaraGuard + HaraFraud surface anomalies & rings on metadata only.

29 modules · 7 clusters · 4 layers

Click any module for syntax. Each card has a Run live button when a working demo is wired.

Supported file formats (Data Console)

Each institution's Data Console accepts these formats and runs the listed pre-processing automatically on upload. Pre-baked sample files in every format are already in each org's samples/ folder.

Extension Format What happens on upload
Auto PII detection

Column names matching NIK, NPWP, nama, alamat, email, dob, phone are flagged and surfaced in HaraComply rule R-06 (data-minimisation).

Schema inference

CSV / JSON / database-row uploads can be turned into formal OpenAPI 3.1 schemas via HaraSchema (/v1/schema/infer).

Format conversion

HL7 v2 → FHIR R4, SOAP → REST, EDIFACT → JSON, fixed-width → JSON via HaraBridge adapters.

Try the showcase live

PSR Replanting Loan — Bank BRI fires 4 parallel signed calls under Pak Ahmad's consent, in < 1 second.

How an exchange flows

19 steps abstracted to 8. Every one of these is a real component you can hit on localhost.

  1. 1. Caller IS — your application sends an exchange request to its local HaraGate (HTTPS).
  2. 2. Consent check — caller SN reads on-chain ConsentRegistry; if no valid consent, refuses with 403.
  3. 3. Compliance gate — HaraComply rule pack runs 12 rules; any BLOCK refuses the exchange.
  4. 4. PQC sign — caller SN signs envelope with ML-DSA-65 + Ed25519 hybrid via HaraVault.
  5. 5. Provider verify — receiver SN verifies signature, member-active, access grant, consent (zero-trust re-read).
  6. 6. IS forward — receiver SN forwards to its internal IS over the local network.
  7. 7. Audit + Lineage — both sides emit events to HaraAudit (Postgres + Merkle) and HaraLineage (Neo4j).
  8. 8. IOTA anchor — hourly Merkle root anchored to IOTA Tangle for tamper evidence.