Pricing — Sovereignty Intelligence for Canadian Organizations

Start Here

HarbourScan

“I need to see what we’re exposed to.”

Free

Self-serve assessment · 10 minutes · Browser-based

Map your organization’s SaaS stack against the Sovereignty Index. See which tools are CLOUD Act exposed, which need TIAs, and where the gaps are. No data stored.

Jurisdictional map of your SaaS stack
CLOUD Act exposure flags
Missing TIA / DPA identification
Exportable summary report

Map Your Stack →

Assessment

Sovereignty Snapshot

“Someone asked and I need an answer.”

From $350

Delivered in 5 business days

A professional sovereignty assessment of your organization’s SaaS environment. The document you produce when a regulator, partner, or procurement officer asks how you manage cross-border data exposure. This is often the first document organizations produce once sovereignty becomes a procurement or regulatory question.

Full jurisdictional exposure map
CLOUD Act risk classification
Sovereignty Score for each tool
Gap identification with priority ranking
Executive summary (PDF)

Buy Snapshot — $350 →

Documentation

Compliance Documentation

“We need to prove compliance.”

From $2,000

Delivered in 10–15 business days

The structured compliance record you need when regulators, auditors, or procurement evaluators ask how you manage cross-border data exposure — documentation they expect to see, and increasingly require. Board-ready deliverables that demonstrate defensible process.

Everything in the Snapshot
TIA guidance for each flagged tool
Register of Processing Activities (ROPA)
Prioritized remediation roadmap
Regulatory framework mapping (Law 25, PIPEDA)
Board-ready deliverable (PDF + editable)

Request scoping call →

Ongoing

Sovereignty Monitoring

“We need to stay compliant as things change.”

From $200/mo

Monthly or annual billing · Typically follows Snapshot or Documentation

Your sovereignty posture evolves as vendors get acquired, hosting changes, and regulations shift. Sovereignty Monitoring keeps your compliance documentation current without your team tracking every change. Without it, your documentation quietly becomes outdated as vendors change.

Continuous vendor ownership monitoring
Hosting and infrastructure change alerts
Regulatory development tracking
Sovereignty Score updates
Quarterly compliance status report
Priority support

Request scoping call →

The Typical Path

Most organizations follow the same pattern.

You don’t need to commit to everything at once. Most clients start with the free scan and work forward as their compliance needs become clear.

Map your stack (free)

You see your stack’s jurisdictional exposure for the first time. Most organizations discover 60–80% of their tools are CLOUD Act exposed.

Sovereignty Snapshot ($350+)

The scan raised questions. You need a professional assessment — something you can hand to a board member, a procurement officer, or a regulator when they ask.

Compliance Documentation ($2,000+)

The Snapshot showed real gaps. You need the full compliance record — TIA guidance, ROPA, remediation roadmap, regulatory mapping. The documentation that demonstrates defensible process.

Sovereignty Monitoring ($200+/mo)

Your documentation is current today. But vendor ownership changes, hosting shifts, and regulations evolve. Monitoring keeps your compliance posture current without manual tracking.

Additional services

Coming Q3 2026

Vendor Sovereignty Certification

For SaaS vendors selling into Canadian government or regulated industries. A third-party sovereignty assessment and certification based on Upper Harbour’s classification methodology.

$5,000 – $15,000

Coming Q4 2026

Procurement Intelligence

For procurement teams evaluating SaaS vendors against sovereignty requirements. Custom analysis of vendor shortlists with Sovereignty Scores, risk assessments, and alternative recommendations.

$10,000 – $25,000/year

Coming Q3 2026

Sector Reports

Deep-dive sovereignty analysis for specific sectors: healthcare, legal, education, government, financial services. Sector-specific tool landscapes, regulatory requirements, and Canadian alternatives.

$5,000 – $15,000

Available Now

Advisory

Direct access to Upper Harbour’s founder for sovereignty strategy, compliance architecture, and policy analysis. For organizations that need targeted guidance beyond standard deliverables.

$300 – $500/hour

Common questions

How is pricing determined?

Pricing is based on your compliance situation — the question you need to answer, and who you need to answer it to. We scope during a free 30-minute call. Final pricing reflects organizational complexity, data sensitivity, regulatory requirements, and the number of jurisdictions involved. The prices shown here are starting points.

What’s the difference between the Snapshot and full Documentation?

The Snapshot tells you where you stand — it maps your exposure and identifies gaps. The full Documentation package proves where you stand — it produces the TIA guidance, ROPA, remediation roadmap, and regulatory mapping that regulators, auditors, and procurement evaluators expect to see. If someone is going to audit your compliance, you want the full Documentation.

Do I need the Monitoring subscription?

If your compliance posture needs to be current on an ongoing basis — because you’re subject to Law 25, selling into government procurement, or in a regulated industry — then yes. A compliance assessment is a snapshot in time. Vendor ownership changes, hosting shifts, and new regulations can make your documentation stale. Monitoring keeps it current.

Is HarbourScan really free?

Yes. HarbourScan runs entirely in your browser, no data is stored or transmitted, and there is no paywall. It’s powered by the same Sovereignty Index database that underlies all our paid products. We built it because the first step to fixing a problem is seeing it.

Can I start with HarbourScan and upgrade later?

Absolutely. Most clients do exactly this. Map your stack first to see your exposure, then request a scoping call if you need professional assessment or compliance documentation.

Who is this for?

Canadian organizations that use SaaS tools and need to understand or document their jurisdictional exposure. This includes startups preparing for enterprise sales, healthcare and legal practices with regulatory obligations, organizations subject to Law 25, companies selling into government procurement, and any organization that might need to answer “how do you manage cross-border data exposure?”

Priced around your situation.