Map your organization's sovereignty exposure
Enter your SaaS tools. See which fall under foreign jurisdiction, CLOUD Act exposure, and compliance gaps. Free. 2 minutes. No account required.
Check Your Stack →Free · Browser-based · No signup required
Built on the 715-tool Canadian Technology Sovereignty Index
When a regulator, procurement officer, or partner asks “which of your SaaS vendors are subject to foreign jurisdiction?” — most organizations cannot answer. HarbourScan produces that answer in minutes.
Four steps — from free self-assessment to ongoing compliance intelligence.
We were quoted $20,000+ from a privacy consultant. The sovereignty audit gave us everything — the jurisdictional map, the TIAs, the full compliance record — for a fraction of the cost.
Every engagement starts with a free scan. From there, choose the documentation your organization needs.
“I need to see what we’re exposed to.” — Enter your tools and see your jurisdictional exposure instantly. The initial scan runs entirely in your browser.
- Jurisdictional exposure breakdown by risk level
- CLOUD Act exposure count
- Tool-by-tool risk classification
- Applicable regulatory framework for your province
- Total compliance gap count and severity
- TIA requirement count (Quebec organizations)
- How exposed your stack is — and how urgently it needs attention
- Which tools are under foreign jurisdiction
- Whether your province’s regulations require immediate action
- The scale of the documentation gap you’re facing
“Someone asked and I need an answer.” — A professional sovereignty assessment you can produce when a regulator, partner, or procurement officer asks about your cross-border data exposure. Delivered in 5 business days.
- Full jurisdictional exposure map
- CLOUD Act risk classification per tool
- Sovereignty Score for each assessed tool
- Gap identification with severity ratings
- Executive summary PDF
- A board member or partner asks about your data sovereignty posture
- You’re responding to an RFP with sovereignty requirements
- You need a defensible answer faster than a full compliance engagement
- You want to scope the problem before committing to full documentation
“We need to prove compliance.” — The structured compliance record for regulators, auditors, and procurement evaluators. Board-ready deliverables that demonstrate defensible process. Delivered in 10–15 business days.
- Everything in the Sovereignty Snapshot
- Transfer Impact Assessment guidance per tool
- Register of Processing Activities
- Prioritized remediation roadmap
- Regulatory framework mapping (province-specific)
- Board-ready compliance document
- Law 25 requires written TIAs — not just awareness
- Procurement officers ask for compliance documentation
- You’re preparing for audit or regulatory review
- Penalties reach $25M or 4% of worldwide turnover
“We need to stay compliant as things change.” — Without monitoring, your compliance documentation can become inaccurate the moment a vendor is acquired or shifts hosting. Monitoring keeps your record current so a point-in-time assessment doesn’t quietly become a liability.
- Continuous vendor ownership monitoring
- Infrastructure change alerts
- Regulatory development tracking
- Sovereignty Score updates
- Quarterly compliance status report
- New tool assessment as your stack evolves
- Canadian SaaS companies are acquired regularly — shifting jurisdiction for every client
- Vendors launch (and retire) Canadian data centre regions
- The CPPA will change federal requirements when enacted
- A point-in-time audit goes stale within months
Map your stack. Understand your sovereignty exposure.
Most organizations complete the scan in under 10 minutes. No account required. Choose the level of documentation you need after you see your results.
Want to discuss your situation first? Book a scoping call · View pricing