⚠ Law 25 is in full force. Penalties up to $25M or 4% of worldwide turnover apply now.
Law 25 Compliance

Your SaaS tools send data outside Canada.
Law 25 says you need to document every one.

Law 25 requires a Transfer Impact Assessment for every tool that processes Quebec residents' personal information outside Canada. Most businesses have zero documented. We generate them — instantly, for your industry.

Federal Law 25-style requirements are expected to extend these obligations across Canada this year.

$25M
Maximum penal fine or 4% of worldwide turnover
$10M
Maximum administrative penalty or 2% of turnover

Based on the Canadian Technology Sovereignty Index — 753 SaaS tools mapped by jurisdiction, ownership, and foreign legal exposure.

Get Your Assessment
Law 25 Compliance Assessment
Select your industry. Get a complete five-factor Transfer Impact Assessment for every tool in your stack — with jurisdiction analysis, Canadian alternatives, and remediation priorities.
Your industry assessment found:
Tools Assessed
TIAs Required
Canadian (No TIA)
Data Sensitivity
$99
Complete five-factor TIA documentation for your industry

Watermarked to your company. Delivered instantly as PDF. Includes all five TIA factors required under Law 25.

See a sample report before you buy →

What's Included

Everything Law 25 requires you to document.

Each report is a complete compliance document — not a checklist. Five-factor Transfer Impact Assessments for every tool, pre-filled with jurisdiction data you can't get anywhere else.

🔍
Five-Factor TIA per Tool
Sensitivity, purpose, protective measures, legal framework, and compelled disclosure risk — assessed for every foreign-jurisdictioned tool in your industry stack.
🛡
Protective Measures Audit
DPA availability, encryption standards, Canadian data residency options, and certifications — researched per vendor. With specific steps to enable protections.
🇨🇦
Canadian Alternatives
For every foreign tool, we identify Canadian-parented alternatives that eliminate the TIA requirement entirely. With hosting location and compliance details.
📋
Obligations Checklist
All 10 Law 25 obligations mapped — Privacy Officer, breach response, PIAs, consent, cookie consent, data portability — with status indicators for your review.
Remediation Priorities
Ranked action items with timelines: what to fix immediately, what to address in 30 days, and what to plan for over 90 days. Specific, not generic.
🏢
Watermarked to You
Your company name watermarked on every page. This isn't a template — it's your compliance document, formatted for your files or a regulator's review.
Why This Exists

Everything a privacy consultant charges $10,000 for — now automated.

DIY Privacy Consultant Upper Harbour
Five-factor TIA per toolYou research
753-tool jurisdiction database
Canadian alternatives identifiedYou research
DPA & data residency auditYou research
Delivery timeWeeks4–8 weeksInstant
CostYour time$5,000–$20,000$99
Pricing

Choose your level of documentation.

Start with your industry assessment. Upgrade if you need documentation tailored to your exact stack or a complete compliance binder.

Most Popular
Industry Assessment
$99
Complete five-factor TIA documentation for the 18–24 most common tools in your industry.
  • Five-factor TIA for every tool
  • Jurisdiction map with CLOUD Act flags
  • DPA & data residency audit per vendor
  • Canadian alternatives with details
  • Remediation priorities with timelines
  • Watermarked to your company
  • Delivered instantly as PDF
Custom Assessment
$500
Five-factor TIAs for your exact tool stack. Only your tools, nothing extra.
  • Everything in Industry Assessment
  • Tailored to your specific tools
  • DPA status confirmed per vendor
  • Regulator-ready formatting
  • Your practice name throughout
  • Delivered within 48 hours
Full Compliance Package
$2,500
Everything Law 25 requires. The complete binder a CAI auditor would ask for.
  • Everything in Custom Assessment
  • Privacy policy template (pre-filled)
  • Breach response plan
  • Incident register template
  • Consent language for intake forms
  • Data retention schedule
  • Privacy Officer designation letter

Federal requirements are expected this year.

Law 25 applies to Quebec today. Federal Law 25-style requirements are expected to extend these obligations across Canada. Get your documentation in order now — or see exactly what you'll receive before you buy.

See a Sample Report → or Book a 15-Minute Call