Terra Vita HubCurrent: Portal
Protected documentation → sovereignty configuration

Data Sovereignty & Hosting Configuration

This note documents how hosting region, data residency, export controls, access governance, retention, and institutional ownership boundaries should be treated during donor or sovereign deployment review. It is documentation only: it does not change hosting, credentials, schema, RLS, auth, or live business logic.

Donor artifact indexMRV lineage noteDonor submission pack

Hosting-region options

  • EU/EEA hosting: appropriate where GDPR-aligned controls, DFI diligence, and European institutional stewardship are required.
  • National or in-country hosting: available as a deployment constraint where law or government policy requires local residency.
  • Sovereign or approved cloud: used where ministries, MDBs, or donors require an approved cloud perimeter.
  • Hybrid posture: public content may remain global while protected evidence, identity, and export layers remain in an approved region.

Data-residency constraints

Residency is governed by data class, programme owner, jurisdiction, donor terms, and the sensitivity of evidence objects. Public pages, protected records, reviewer identities, MRV evidence, committee exports, and audit logs can carry different residency requirements.

Export controls

Donor packs, committee materials, raw evidence exports, and cross-border transfers should be released only under named institutional purpose, approved access policy, and documented review. Sensitive evidence can be withheld, redacted, aggregated, or kept inside the sovereign perimeter.

Governance controls

Access policy and retention remain institutional decisions.

Access-policy governanceRole mapping, named reviewers, least-privilege access, onboarding, offboarding, and committee privileges are set by the responsible institution. Terra Vita Hub records and enforces the configured policy; it does not decide institutional authority.
Retention postureRetention should be configured by evidence class and legal requirement: active project record, donor submission artifact, audit log, grievance/safeguards record, MRV object, or archival export. Legal hold and deletion rights remain with the institutional owner.
Institutional ownership boundaryMinistries, DFIs, programme authorities, and designated committees remain owners of statutory decisions, approved methodologies, official records, and reporting authority. Terra Vita Hub supplies controlled evidence infrastructure and export readiness, not public authority.
Subprocessors and integrationsWhere third-party services support storage, authentication, monitoring, mapping, or analytics, their use should be disclosed and reviewed against donor and sovereign requirements before production deployment.

Deployment posture for donor review

A donor or sovereign deployment should be treated as configurable governance infrastructure. The required decision is not whether one global hosting model fits every country; it is which residency, access, retention, export, continuity, and evidence-quality controls are approved for the named programme and jurisdiction.