Your data. Your database. Your jurisdiction.
A dedicated database on NZ sovereign infrastructure — physically separated from every other customer.
Every Village runs on multi-tenant infrastructure where your data is separated from other tenants by software filters. This works well and is the industry standard. But software isolation has a structural limit: if a filter fails, data boundaries can blur. For organisations that need stronger guarantees, the Sovereign Database add-on provides physical tenant isolation — your data lives in its own dedicated database, not shared with any other customer.
Your data is stored in a shared database, separated by tenant-scoped queries. Every request is filtered by your unique tenant identifier. This is the same model used by most SaaS platforms worldwide. It is secure, efficient, and well-tested.
Your data is stored in a dedicated MongoDB instance on Catalyst Cloud, NZ-owned sovereign infrastructure. A bug or misconfiguration in another tenant's queries cannot reach your data, because your data is not in the same database.
The Sovereign Database add-on is designed for organisations where data isolation is a governance requirement, not just a preference:
Boards handling resolutions, financial records, and correspondence often have constitutional or legal obligations around data custody. Physical isolation provides an additional assurance that meets audit and compliance requirements.
Whakapapa, pūrākau, and tikanga documentation carry cultural obligations that go beyond standard data protection. Physical isolation means this taonga is held separately from all other data, on infrastructure governed by NZ law.
Client records, financial data, and member information for businesses and professional associations where data breach risk must be minimised. Physical isolation reduces the attack surface to your database alone.
| Feature | Standard (included) | Sovereign Database |
|---|---|---|
| Database | Shared, tenant-scoped queries | ✓ Dedicated MongoDB instance |
| Isolation boundary | Software (tenantId filter) | ✓ Physical (separate database) |
| Infrastructure | Shared servers (EU + NZ) | ✓ Catalyst Cloud NZ (ISO 27001) |
| Encryption at rest | ✓ Yes (Percona) | ✓ Yes (AES-256-CBC, Percona) |
| Backups | ✓ Daily | ✓ Daily, 30-day retention, encrypted |
| Cross-tenant breach risk | Mitigated by software filters | ✓ Eliminated (no shared data store) |
| CLOUD Act exposure | None (no US infrastructure) | ✓ None (NZ-owned infrastructure) |
| Data jurisdiction | EU + NZ law | ✓ NZ law exclusively |
| Village features | ✓ All features | ✓ All features (identical) |
| Audit trail | ✓ Yes | ✓ Yes, plus infrastructure audit on request |
The Sovereign Database is a fixed-price add-on available to any Village subscriber. The price reflects real infrastructure costs on Catalyst Cloud and may be adjusted annually (capped at 10% or CPI).
When you add a Sovereign Database to your Village, we provision a dedicated MongoDB instance on Catalyst Cloud. Your existing data is migrated from the shared database to your dedicated instance. From that point forward:
Catalyst Cloud is New Zealand's only locally owned, ISO 27001 certified cloud provider. It holds all-of-government approval and operates data centres exclusively in the Wellington region.
This matters because data stored on US-owned infrastructure — regardless of where the servers physically sit — is subject to the US CLOUD Act (2018), which allows US authorities to compel disclosure without the knowledge or consent of the data owner. Catalyst Cloud is not subject to the CLOUD Act because it is NZ-owned and NZ-operated.
For organisations with legal, cultural, or governance obligations around data custody, this is not a theoretical concern. It is a jurisdictional fact.
Contact us to discuss your requirements. We will walk you through the provisioning process, migration timeline, and community rates for qualifying groups.