Sovereign Database
Your data. Your database. Your jurisdiction.
A dedicated database on NZ sovereign infrastructure — physically separated from every other customer.
Why Physical Isolation Matters
Every Village runs on multi-tenant infrastructure where your data is separated from other tenants by software filters. This works well and is the industry standard. But software isolation has a structural limit: if a filter fails, data boundaries can blur. For organisations that need stronger guarantees, the Sovereign Database add-on provides physical tenant isolation — your data lives in its own dedicated database, not shared with any other customer.
Two Levels of Isolation
Standard Isolation (included)
Your data is stored in a shared database, separated by tenant-scoped queries. Every request is filtered by your unique tenant identifier. This is the same model used by most SaaS platforms worldwide. It is secure, efficient, and well-tested.
Sovereign Database (add-on)
Your data is stored in a dedicated MongoDB instance on Catalyst Cloud, NZ-owned sovereign infrastructure. A bug or misconfiguration in another tenant's queries cannot reach your data, because your data is not in the same database.
What You Get
Dedicated MongoDB on Catalyst Cloud
- Your own MongoDB database on Catalyst Cloud — NZ-owned, ISO 27001 certified, all-of-government approved
- Physical isolation — a bug or breach in another tenant's queries cannot access your data
- Encrypted at rest (AES-256-CBC via Percona Server for MongoDB)
- Daily encrypted backups with 30-day retention
- Same Village interface, same features, same support — the only change is where your data lives
- Data export in open formats (JSON, CSV) at any time
Infrastructure You Can Audit
- Catalyst Cloud is the only NZ-owned, ISO 27001 certified cloud provider on the all-of-government panel
- Data centres in Wellington and Porirua — governed by NZ law, not subject to the US CLOUD Act
- No data leaves NZ jurisdiction unless you explicitly choose to
- You can request an infrastructure audit report at any time
Who This Is For
The Sovereign Database add-on is designed for organisations where data isolation is a governance requirement, not just a preference:
Governance Bodies and Boards
Boards handling resolutions, financial records, and correspondence often have constitutional or legal obligations around data custody. Physical isolation provides an additional assurance that meets audit and compliance requirements.
Whānau and Hapū Groups
Whakapapa, pūrākau, and tikanga documentation carry cultural obligations that go beyond standard data protection. Physical isolation means this taonga is held separately from all other data, on infrastructure governed by NZ law.
Professional Associations and Businesses
Client records, financial data, and member information for businesses and professional associations where data breach risk must be minimised. Physical isolation reduces the attack surface to your database alone.
Standard vs. Sovereign Database
| Feature | Standard (included) | Sovereign Database |
|---|---|---|
| Database | Shared, tenant-scoped queries | ✓ Dedicated MongoDB instance |
| Isolation boundary | Software (tenantId filter) | ✓ Physical (separate database) |
| Infrastructure | Shared servers (EU + NZ) | ✓ Catalyst Cloud NZ (ISO 27001) |
| Encryption at rest | ✓ Yes (Percona) | ✓ Yes (AES-256-CBC, Percona) |
| Backups | ✓ Daily | ✓ Daily, 30-day retention, encrypted |
| Cross-tenant breach risk | Mitigated by software filters | ✓ Eliminated (no shared data store) |
| CLOUD Act exposure | None (no US infrastructure) | ✓ None (NZ-owned infrastructure) |
| Data jurisdiction | EU + NZ law | ✓ NZ law exclusively |
| Village features | ✓ All features | ✓ All features (identical) |
| Audit trail | ✓ Yes | ✓ Yes, plus infrastructure audit on request |
Pricing
The Sovereign Database is a fixed-price add-on available to any Village subscriber. The price reflects real infrastructure costs on Catalyst Cloud and may be adjusted annually (capped at 10% or CPI).
How It Works
When you add a Sovereign Database to your Village, we provision a dedicated MongoDB instance on Catalyst Cloud. Your existing data is migrated from the shared database to your dedicated instance. From that point forward:
- All your Village data (stories, members, events, documents, messages) is stored in your dedicated database
- The Village interface is identical — your members notice no change
- Your data is automatically encrypted at rest using AES-256-CBC
- Daily backups are encrypted and stored separately with 30-day retention
- If you cancel the add-on, your data is migrated back to the shared database — no data loss
NZ Data Sovereignty
Catalyst Cloud is New Zealand's only locally owned, ISO 27001 certified cloud provider. It holds all-of-government approval and operates data centres exclusively in the Wellington region.
This matters because data stored on US-owned infrastructure — regardless of where the servers physically sit — is subject to the US CLOUD Act (2018), which allows US authorities to compel disclosure without the knowledge or consent of the data owner. Catalyst Cloud is not subject to the CLOUD Act because it is NZ-owned and NZ-operated.
For organisations with legal, cultural, or governance obligations around data custody, this is not a theoretical concern. It is a jurisdictional fact.
Interested in a Sovereign Database?
Contact us to discuss your requirements. We will walk you through the provisioning process, migration timeline, and community rates for qualifying groups.