Indigenous Data Sovereignty

How the Indigenious platform respects and protects Indigenous control over data

What Is Indigenous Data Sovereignty?

Indigenous data sovereignty is the right of Indigenous peoples to govern the collection, ownership, and application of data about their lands, resources, and peoples. It is a recognition that Indigenous communities have inherent rights to their own knowledge systems and information—rights that cannot be overridden by government, academia, or private platforms.

Data sovereignty is not about privacy alone. It's about power. Who owns data? Who controls it? Who benefits from it? In a world where data drives economic opportunity, Indigenous data sovereignty ensures that Indigenous peoples are not passive subjects of research, surveillance, or extraction, but active agents governing their own information.

Platform Data vs. Community Data

Indigenious operates with a critical distinction between two types of data:

Platform Data: Indigenious's Operational Data

What it is: Technical and usage data necessary to run the platform. This includes server logs, error reports, feature analytics, and aggregated performance metrics.

Who controls it: Indigenious Inc. exercises appropriate control over platform infrastructure data for operational security and service improvement.

What happens to it: Platform data is retained to maintain system integrity and improve service reliability. It is not shared with third parties.

Examples: Server uptime logs, feature usage counts, session error tracking, performance metrics.

Community Data: Indigenous Business & Validation Records

What it is: All data about Indigenous businesses, community affiliation, and validation records created by community validators.

Who controls it: Indigenous businesses and Indigenous communities control community data. OCAP principles apply fully.

What happens to it: Data is used only with explicit consent. Communities maintain copies of all validation records they create and can access them at any time.

Examples: Your business profile, validation confirmation, community affiliation records, business registration information.

        The Key Distinction: We manage platform data responsibly as a service provider. But community data belongs to Indigenous businesses and communities. We are custodians, not owners.
      

How Business Data Flows Through Indigenious

Registration & Profile Creation

You register your business and submit profile information (name, sector, community affiliation, contact).
You control visibility. You decide whether your profile is public, visible to verified partners only, or private.
Data is encrypted and stored in Canadian data centers.

Community Verification

A community validator reviews your business registration and affiliation claim.
The validator confirms legitimacy based on community knowledge and documentation you provide.
A verification record is created and signed by the validator. This record is owned by the validating community, not by Indigenious.
The community maintains a copy of the verification record for their own records.

Matching & Sharing

A potential partner views your profile (if you've made it visible to them).
An introduction request is sent. You must actively approve the introduction.
Only upon your approval is your profile data shared with the matched partner.
You can revoke access at any time by deactivating the match.

Access & Control

At any point in this process:

You can download your complete profile as structured data
You can request corrections to inaccurate information
You can change your visibility settings
You can request deletion of your profile (processed within 30 days)

W3C VC Verification: Proof Without Exposure

Indigenious uses W3C Verifiable Credentials to create tamper-proof business certification. But W3C VCs are often misunderstood. Here's how we use them responsibly:

What's in the Credential	What's NOT in the Credential
Business legal name	Status card numbers
Verification date	Personal owner information
Verified status (yes/no)	Community affiliation details
Community jurisdiction	Validation reasoning or details
Validator organization (anonymous)	Financial or personal data
	Health, religious, or sensitive data

Why W3C VCs? W3C Verifiable Credentials create a cryptographically signed record that can be independently verified. A buyer, lender, or government agency can confirm that your business was verified by a legitimate community validator on a specific date. They don't need to ask us — they can verify it themselves. This protects both you and the verification process from tampering.

Why not put everything in the credential? Credentials should be minimal. Personal information, sensitive community data, or Indigenous identity details should never be exposed. So we keep credentials minimal: just enough to enable verification without exposure.

Community Data Governance Model

Through Unations

Each Indigenous community designates validators through Unations, the community validation network. These validators:

Are Indigenous community members or representatives
Have authority delegated by their community
Set verification standards for their jurisdiction
Maintain validation records on behalf of their community
Can access and audit all validation activity within their community

Community Control Mechanisms

Communities maintain governance through:

Validator networks: Communities designate and can revoke validator authority
Data access: Communities can request all validation records they've created
Standards setting: Communities define what counts as sufficient proof of affiliation
Dispute resolution: Communities can challenge verification decisions within their jurisdiction
Regular audits: Communities receive quarterly reports on activity in their territory

Cross-Border Data Considerations

Indigenous nations and territories often span multiple provincial and national boundaries. Indigenious operates across Canadian borders but maintains strict data residency:

Data Residency

All data stays in Canada. We do not transfer Indigenous business data to US servers, cloud services operated outside Canada, or any non-Canadian infrastructure. This is a core commitment to Indigenous data sovereignty.

Inter-Community Data Sharing

When a business operates in multiple communities, data governance is more complex. Our principles:

Each community that validates a business maintains a copy of their validation record
Cross-community data sharing requires explicit consent from the business and affected communities
No single community validator can claim exclusive authority over a multi-community business

Government Reporting

When we share data with federal or provincial government partners (for procurement compliance or program reporting):

Data is aggregated and anonymized
Individual business profiles are never shared without consent
Communities are notified of government data requests

Right to Data Portability

You have the right to request your data in portable, non-proprietary formats:

What You Can Request

Your complete business profile: All information you submitted, including documents
Your verification record: W3C VC verification details and status
Your activity log: All matches, introductions, and profile views
Your communication history: All messages and interactions through the platform

Formats Provided

CSV (spreadsheet-compatible)
JSON (structured data)
PDF (human-readable)

How to Request

Contact privacy@indigenious.ca with the subject "Data Portability Request." We will deliver your data within 15 business days.

Right to Deletion

You have an absolute right to request deletion of your business profile and all associated data.

What Gets Deleted

Your complete business profile
All documents you submitted
All activity records and matches
All communication history

What Remains (By Law)

Anonymized aggregated data used for program reporting
W3C VC verification records (cryptographically signed)

Timeline

Deletion requests are processed within 30 days of receipt. You will receive confirmation once your data has been removed.

No questions asked. We do not require explanation for deletion requests, and we do not attempt to convince you to keep your data.

        Contact: To request deletion, email privacy@indigenious.ca with the subject "Data Deletion Request" and your business name and email.
      

How We Evolve Data Practices

Indigenous data sovereignty is not static. As communities' own data practices evolve, so should platforms serving those communities. We maintain ongoing engagement with Indigenous leaders to ensure Indigenious reflects contemporary Indigenous data rights.

Community Consultation

We conduct annual consultations with:

Indigenous community leaders and validators
Indigenous data governance experts
Indigenous business networks
Federal and provincial Indigenous affairs offices

Feedback Mechanisms

Communities and businesses can provide feedback through:

Community validator network meetings (quarterly)
Indigenous business advisory council (bi-annual)
Direct contact: partnerships@indigenious.ca

Policy Updates

When we update data practices, we:

Notify all users 30 days in advance
Explain the change and why it's happening
Provide an opportunity for community feedback
Publish a summary of feedback received and how we responded

Questions About Data Sovereignty?

If you have questions about how Indigenious handles your data, or if you believe we're not honoring Indigenous data sovereignty principles, contact us:

Data Sovereignty & Community Partnerships
Email: partnerships@indigenious.ca
Phone: +1 (403) 555-0102
Office: Suite 500 – 123 5th Avenue SW, Calgary, AB T2P 1N2

Privacy & Deletion Requests
Email: privacy@indigenious.ca
Response time: 15 business days

        For Indigenous Community Leaders: If your community wants to establish a validator network, update data governance practices, or audit how Indigenious is handling community data, contact our Partnership team. Your community's governance over your data is not negotiable—it's foundational.
      