Agrotech Privacy by Design: JIT Consent vs UX Friction

Complying with strict data protection laws (like Paraguay's Law 7593/25 or GDPR) doesn't mean ruining your conversion rate. Throwing a 10-checkbox legal wall at an agricultural producer during their first login is a guaranteed bounce. The technical way out is applying progressive disclosure with Just-in-Time (JIT) consent validated at the schema level using Zod.

Instead of an "All-or-Nothing" model, we isolate sensitive data permissions in our Astro 6 architecture aligned with the MITIC software standard, Technological Sovereignty principles, and my technical guide on Law 7593/2025 compliance.

  import { z } from "zod";

// 1. Core data (No initial friction)
export const BaseFarmerSchema = z.object({
  id: z.string().uuid(),
  phone: z.string().min(10),
});

// 2. Sensitive module: Plot Traceability
export const GeoConsentSchema = z.object({
  gps_tracking_agreed: z.literal(true, {
    error: "We need your OK to map the exact yield of the plot."
  }),
  agreed_at: z.date(),
});

// Zod 4 Pro-tip: Destructuring .shape merges objects instead of creating a heavy 
// ZodIntersection (.and()). This is vital for tsc performance.
export const FarmerTrackingSchema = z.object({
  ...BaseFarmerSchema.shape,
  ...GeoConsentSchema.shape,
});

You only ask for the PIIPersonally Identifiable Information: any data that identifies the producer or their property. permission when the user attempts to register a new plot. Never during the initial sign-up.

If the producer rejects the tracking, the map module shows a locked state, but the core inventory application continues operating normally. Senior Key: Consent must be as easy to revoke as it was to grant, automatically invalidating access to the dependent module.