What is Data Sovereignty?
Data sovereignty is the principle that individuals and communities should have complete control over their digital information.
It means you own your data, decide who can access it, and can take it with you whenever you want—no vendor lock-in,
no hidden terms, no surprises.
The Problem with Traditional Platforms
Most social platforms treat your data as their product. When you post a photo, share a story, or send a message,
you're not just creating content—you're feeding a machine designed to profit from your digital life.
The Corporate Platform Model
- Your content is used to train AI models without compensation
- Your behavior is tracked and sold to advertisers
- Your data is mined for insights that benefit shareholders, not you
- Your privacy is eroded by terms of service that change without notice
- Your ability to leave is restricted by proprietary formats and vendor lock-in
The Reality:
If you're not paying for the product, you ARE the product. Free platforms monetize your attention,
your data, and your relationships.
Our Philosophy: Human Agency over Amoral Intelligence
Village is built on a fundamentally different principle: technology should serve humans,
not the other way around. AI and algorithms are tools—powerful tools—but they lack moral judgment,
empathy, and understanding of human dignity.
What This Means in Practice
1. You Control the AI, Not Vice Versa
We use AI for helpful features like voice transcription and translation, but:
- AI processes your data only when you explicitly choose to use these features
- You can review and correct AI-generated content (transcriptions, translations)
- Your data is NEVER used to train third-party AI models
- AI recommendations serve your goals, not advertising algorithms
Guardian Agents: Verification You Can See
Every AI response is checked against your community's own source material using mathematical measurement — not another AI guessing. Each factual claim shows a confidence badge (high, medium, low, or unverified), so you always know how much to trust what you're reading.
2. Transparency Over Opacity
Unlike corporate platforms with inscrutable algorithms:
- We publish exactly how we use your data (see our Privacy Policy)
- We document every instance of platform administrator access to your data
- We explain our content moderation policies clearly
- We provide audit logs you can review anytime
3. Community Governance, Not Corporate Dictates
Your community makes the rules:
- Community administrators set guidelines and norms
- Members have a voice in how their space is managed
- Platform-level policies are clear, minimal, and focused on safety and legality
- No algorithmic feeds optimized for engagement over well-being
4. Privacy by Design, Not by Accident
Privacy isn't an afterthought—it's the foundation:
- Multi-tenant architecture ensures complete community isolation
- Encrypted video calls via Jitsi (E2EE available)
- Optional encryption for chat messages (Matrix)
- European data centers for GDPR compliance
- No advertising trackers, no analytics resale, no data mining
Your Rights as a User
1. Right to Own Your Data
Everything you create—stories, photos, messages, files—belongs to you. We provide storage and infrastructure,
but we never claim ownership or perpetual rights to your content.
2. Right to Access Your Data
You can request a complete export of your data at any time, in machine-readable formats (JSON for metadata,
original formats for files). We provide this within 30 days, free of charge.
3. Right to Portability
Your data is stored in open, standard formats. You can migrate to another platform whenever you want.
No proprietary lock-in. No hostage situations.
4. Right to Deletion
You can delete your account and all associated data at any time. We soft-delete for 30 days (in case you change your mind),
then permanently erase everything, including backups.
5. Right to Privacy
Your personal data is protected under GDPR. We never sell it, share it with third parties for marketing,
or use it for purposes you haven't consented to.
Community Ownership
Data sovereignty extends beyond individuals to communities. Your community (tenant) collectively owns its data:
Community Administrators Can:
- Export all community data (stories, comments, member list, files)
- Migrate to another platform if My Digital Sovereignty no longer meets their needs
- Set privacy policies for the community (within legal bounds)
- Control who has access to community content
- Delete the entire community and all its data
No Vendor Lock-In:
We succeed by providing value, not by trapping you. If we don't serve your needs, you're free to leave—and
take everything with you.
Open Standards and Interoperability
We build on open standards to ensure long-term sustainability and prevent lock-in:
| Feature |
Technology |
Open Standard |
| Chat/Messaging |
Matrix Protocol |
✓ Federated, open-source |
| Video Calling |
Jitsi Meet |
✓ WebRTC, open-source |
| File Storage |
S3/CDN |
✓ S3-compatible, open protocol |
| Documents |
Collabora Online |
✓ ODF (Open Document Format) |
| Data Export |
JSON, XML |
✓ Industry standard formats |
| Authentication |
httpOnly Cookies |
✓ Secure session management |
These aren't proprietary systems designed to lock you in. They're widely adopted, well-documented standards
that work with hundreds of other tools and platforms.
Comparison: Village vs. Corporate Platforms
| Feature |
Village |
Corporate Platforms |
| Data Ownership |
✓ You own your data |
✗ Platform owns license to your data |
| Advertising |
✓ No ads, no tracking |
✗ Ad-funded, extensive tracking |
| AI Training |
✓ Your data never used for training |
✗ Content used to train AI models |
| Data Export |
✓ Full export in open formats |
✗ Limited or proprietary formats |
| Vendor Lock-In |
✓ Migrate anytime |
✗ Proprietary formats, difficult to leave |
| Privacy |
✓ GDPR compliant, EU hosting |
✗ US-based, data sharing with third parties |
| Transparency |
✓ Open policies, audit logs |
✗ Opaque algorithms, hidden data use |
| Community Control |
✓ Administrators manage their space |
✗ Platform dictates all rules |
| Deletion |
✓ Permanent deletion guaranteed |
✗ Data often retained indefinitely |
| Business Model |
✓ Subscription-based |
✗ Surveillance capitalism |
Technical Implementation
Multi-Tenant Architecture
Each community is completely isolated:
- Separate database records with unique tenant IDs
- Isolated S3 storage with tenant-scoped prefixes
- API-level authentication ensuring users only access their own communities
- WebSocket namespaces preventing cross-tenant message leakage
Data Storage
- MongoDB: Application data (accounts, stories, metadata)
- S3/CDN: Files, photos, documents (encrypted at rest)
- Redis: Temporary session data (ephemeral)
Encryption
- In Transit: TLS 1.3 for all communications
- At Rest: Application-level encryption for credentials, server-side encryption for files, end-to-end encryption for direct messages, and infrastructure access controls
- Passwords: Bcrypt hashing (never stored in plain text)
- Backups: Encrypted before transmission and storage
Data Retention
- Active accounts: Data retained while account is active
- Deleted content: 30-day soft delete (recoverable), then permanent deletion
- Closed accounts: Data deleted within 90 days
- Backups: Retained for 7 days, then automatically purged
Legal Protections
GDPR Compliance
As a platform serving European users, we comply with the General Data Protection Regulation (GDPR):
- Right to access your data
- Right to rectify inaccurate data
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to restrict processing
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with supervisory authorities
Legal Transparency
If we receive legal requests for user data:
- We publish an annual transparency report
- We notify affected users unless legally prohibited
- We challenge overly broad or unjustified requests
- We only provide data required by law, nothing more
Ready to Take Control of Your Data?
Join a community built on respect, transparency, and your right to digital sovereignty.