Data Sovereignty - MySovereignty

What is Data Sovereignty?

Data sovereignty is the principle that individuals and communities should have complete control over their digital information. It means you own your data, decide who can access it, and can take it with you whenever you want—no vendor lock-in, no hidden terms, no surprises.

Village’s approach to data sovereignty draws on Māori data governance frameworks, particularly the CARE Principles (Collective benefit, Authority to control, Responsibility, Ethics) from the Global Indigenous Data Alliance, and Te Kāhui Raraunga’s Māori Data Governance Model — both building on Te Mana Raraunga’s 2015–2018 precursor work. These principles were embedded in Village’s constitutional framework from its earliest architecture. As the platform evolved, the influence of tikanga Māori — kaitiakitanga, rangatiratanga, whanaungatanga — gained momentum across the governance model, the AI safety framework, and the support architecture. Today it is the pivotal characteristic that distinguishes Village from platforms built on Silicon Valley assumptions.

The Problem with Traditional Platforms

Most social platforms treat your data as their product. When you post a photo, share a story, or send a message, you're not just creating content—you're feeding a machine designed to profit from your digital life.

The Corporate Platform Model

Your content is used to train AI models without compensation
Your behavior is tracked and sold to advertisers
Your data is mined for insights that benefit shareholders, not you
Your privacy is eroded by terms of service that change without notice
Your ability to leave is restricted by proprietary formats and vendor lock-in

                The Reality:
                If you're not paying for the product, you ARE the product. Free platforms monetize your attention,
                your data, and your relationships.
            

Our Philosophy: Human Agency over Amoral Intelligence

Village is built on a fundamentally different principle: technology should serve humans, not the other way around. AI and algorithms are tools—powerful tools—but they lack moral judgment, empathy, and understanding of human dignity.

What This Means in Practice

1. You Control the AI, Not Vice Versa

We use AI for helpful features like voice transcription and translation, but:

AI processes your data only when you explicitly choose to use these features
You can review and correct AI-generated content (transcriptions, translations)
Your data is NEVER used to train third-party AI models
AI recommendations serve your goals, not advertising algorithms

                Guardian Agents: Verification You Can See
                Every AI response is checked against your community's own source material using mathematical measurement — not another AI guessing. Each factual claim shows a confidence badge (high, medium, low, or unverified), so you always know how much to trust what you're reading.
            

2. Transparency Over Opacity

Unlike corporate platforms with inscrutable algorithms:

We publish exactly how we use your data (see our Privacy Policy)
We document every instance of platform administrator access to your data
We explain our content moderation policies clearly
We provide audit logs you can review anytime

3. Community Governance, Not Corporate Dictates

Your community makes the rules:

Community administrators set guidelines and norms
Members have a voice in how their space is managed
Platform-level policies are clear, minimal, and focused on safety and legality
No algorithmic feeds optimized for engagement over well-being

4. Privacy by Design, Not by Accident

Privacy isn't an afterthought—it's the foundation:

Multi-tenant architecture ensures complete community isolation
Encrypted video calls via Jitsi (E2EE available)
Optional encryption for chat messages (Matrix)
European data centers for GDPR compliance
No advertising trackers, no analytics resale, no data mining

Your Rights as a User

1. Right to Own Your Data

Everything you create—stories, photos, messages, files—belongs to you. We provide storage and infrastructure, but we never claim ownership or perpetual rights to your content.

2. Right to Access Your Data

You can request a complete export of your data at any time, in machine-readable formats (JSON for metadata, original formats for files). We provide this within 30 days, free of charge.

3. Right to Portability

Your data is stored in open, standard formats. You can migrate to another platform whenever you want. No proprietary lock-in. No hostage situations.

4. Right to Deletion

You can delete your account and all associated data at any time. We soft-delete for 30 days (in case you change your mind), then permanently erase everything, including backups.

5. Right to Privacy

Your personal data is protected under GDPR. We never sell it, share it with third parties for marketing, or use it for purposes you haven't consented to.

Community Ownership

Data sovereignty extends beyond individuals to communities. Your community (tenant) collectively owns its data:

Community Administrators Can:

Export all community data (stories, comments, member list, files)
Migrate to another platform if My Digital Sovereignty no longer meets their needs
Set privacy policies for the community (within legal bounds)
Control who has access to community content
Delete the entire community and all its data

                No Vendor Lock-In:
                We succeed by providing value, not by trapping you. If we don't serve your needs, you're free to leave—and
                take everything with you.
            

Open Standards and Interoperability

We build on open standards to ensure long-term sustainability and prevent lock-in:

Feature	Technology	Open Standard
Chat/Messaging	Matrix Protocol	✓ Federated, open-source
Video Calling	Jitsi Meet	✓ WebRTC, open-source
File Storage	Object storage / CDN (EU-hosted)	✓ S3-compatible, open protocol
Documents	Collabora Online	✓ ODF (Open Document Format)
Data Export	JSON, XML	✓ Industry standard formats
Authentication	httpOnly Cookies	✓ Secure session management

These aren't proprietary systems designed to lock you in. They're widely adopted, well-documented standards that work with hundreds of other tools and platforms.

Comparison: Village vs. Corporate Platforms

Feature	Village	Corporate Platforms
Data Ownership	✓ You own your data	✗ Platform owns license to your data
Advertising	✓ No ads, no tracking	✗ Ad-funded, extensive tracking
AI Training	✓ Your data never used for training	✗ Content used to train AI models
Data Export	✓ Full export in open formats	✗ Limited or proprietary formats
Vendor Lock-In	✓ Migrate anytime	✗ Proprietary formats, difficult to leave
Privacy	✓ GDPR compliant, EU hosting	✗ US-based, data sharing with third parties
Transparency	✓ Open policies, audit logs	✗ Opaque algorithms, hidden data use
Community Control	✓ Administrators manage their space	✗ Platform dictates all rules
Deletion	✓ Permanent deletion guaranteed	✗ Data often retained indefinitely
Business Model	✓ Subscription-based	✗ Surveillance capitalism

Technical Implementation

Multi-Tenant Architecture

Each community is completely isolated:

Separate database records with unique tenant IDs
Isolated S3-compatible object storage (sovereign-hosted) with tenant-scoped prefixes
API-level authentication ensuring users only access their own communities
WebSocket namespaces preventing cross-tenant message leakage

Data Storage

MongoDB: Application data (accounts, stories, metadata)
Object storage / CDN (EU-hosted, S3-compatible): Files, photos, documents (encrypted at rest)
Redis: Temporary session data (ephemeral)

Encryption

In Transit: TLS 1.3 for all communications
At Rest: Application-level encryption for credentials, server-side encryption for files, end-to-end encryption for direct messages, and infrastructure access controls
Passwords: Bcrypt hashing (never stored in plain text)
Backups: Encrypted before transmission and storage

Data Retention

Active accounts: Data retained while account is active
Deleted content: 30-day soft delete (recoverable), then permanent deletion
Closed accounts: Data deleted within 90 days
Backups: Retained for 7 days, then automatically purged

Legal Protections

GDPR Compliance

As a platform serving European users, we comply with the General Data Protection Regulation (GDPR):

Right to access your data
Right to rectify inaccurate data
Right to erasure ("right to be forgotten")
Right to data portability
Right to restrict processing
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with supervisory authorities

Legal Transparency

If we receive legal requests for user data:

We publish an annual transparency report
We notify affected users unless legally prohibited
We challenge overly broad or unjustified requests
We only provide data required by law, nothing more

What We Expect of Village Owners

Data sovereignty comes with responsibility. Every Village must have at least one accredited moderator who understands privacy, content moderation, and platform governance. The accreditation takes 2–3 hours over your own schedule.

Our support architecture reflects the same values as the platform itself. The AI help widget answers questions immediately on sovereign infrastructure. The feedback system investigates and resolves issues agentically. And as the Village network grows, experienced communities mentor newer ones through the tuakana-teina model — eventually extending to indigenous communities worldwide and Māori-led professional services.

Accreditation Guide (PDF) Support Services & Roadmap

Ready to Take Control of Your Data?

Join a community built on respect, transparency, and your right to digital sovereignty.

Get Started → Read Our Privacy Policy

Have questions about data sovereignty?