CanucktAI
Valdra·Canadian Privacy Compliance
Open Valdra →
Valdra/Vendor Risk

Justify every
cross-border data transfer

Law 25 art. 17 requires a documented assessment before transferring personal information outside Quebec. Our TIA workflow walks you through the legal-protection comparison, supplementary measures, and signed sign-off — defensible if challenged by the CAI.

Start Free AssessmentView all features
comply.canuckt.ai/vendors
Vendor Inventory
5 vendors · 1 action required
Search vendors…
Vendor
Type
Risk
DPA Status
Last Review
S
Salesforce
CRM
Low
Signed
Mar 2026
O
OpenAI
AI / API
High
Missing
Never
A
AWS
Cloud
Low
Signed
Jan 2026
H
HubSpot
Marketing
Medium
Pending
Apr 2026
S
Stripe
Payments
Low
Signed
Feb 2026
3 Signed DPAs
1 Pending
1 Missing — Action Required
Built for Canadian businesses
421+Entity Types
95%+F1 Accuracy
0 bytesData Retained
🍁Canadian Servers
PIPEDACertified
67%

of data breaches originate from third-party vendors

1 Ponemon Institute Cost of a Data Breach, 2024

Start Free Assessment
SF
Salesforce
CRM Platform · 3rd Party
Low Risk
Data Types
Name, Email, Phone
Data Location
Canada (Toronto)
DPA Status
✓ Signed — Jan 2026
Next Review
Jan 2027
Compliance Status
PIPEDA Contractual Terms
100%
Law 25 Requirements
100%
CASL Compliance
85%

Know exactly who touches your data.

A complete, searchable inventory of every vendor with access to personal information. Risk-scored automatically based on data type, location, and contractual protections — so you can prioritize DPA negotiations.

Request a demo
SF
Salesforce
CRM Platform · 3rd Party
Low Risk
Data Types
Name, Email, Phone
Data Location
Canada (Toronto)
DPA Status
✓ Signed — Jan 2026
Next Review
Jan 2027
Compliance Status
PIPEDA Contractual Terms
100%
Law 25 Requirements
100%
CASL Compliance
85%
DPA Tracker
1 missing1 expiring
SalesforceCRM
✓ Signed · Jan 2027
AWSCloud
✓ Signed · Mar 2027
OpenAIAI/API
Missing
HubSpotMarketing
⚠ Expires May 2026
StripePayments
✓ Signed · Dec 2026

Never miss a DPA renewal again.

Track the status of every Data Processing Agreement across your vendor portfolio. Valdra alerts you 60 days before expiry and generates renewal drafts using the vendor's existing contract as a baseline.

Request a demo

Additional features

Request a demo

Country-by-Country Legal Maps

Pre-built legal-protection comparisons for the US, EU, UK, India, Singapore, and 30+ destinations. Each country's data-protection regime vs Quebec's standard.

CLOUD-Act Risk Scoring

US transfers get an automatic CLOUD-Act exposure score. Risks of US law-enforcement compelled disclosure are quantified.

Supplementary Measures

Walk through SCCs, encryption, pseudonymization, contractual protections, and audit rights. Required when destination law is weaker than Quebec's.

Signed Sign-Off

Your Privacy Officer reviews and signs the TIA. The signed PDF lives in your evidence vault and links to the originating vendor record.

Re-Review Trigger

When a destination country's law changes (Schrems III, US executive orders), affected TIAs flag for re-review automatically.

CAI-Ready Export

If the CAI requests a TIA during an investigation, one-click export the full assessment + signed PDF + supporting evidence.

We had 80 vendors with personal data access and almost no DPAs. Canuckt's vendor inventory showed us the exposure in minutes and helped us close 60 DPAs in 3 months.

JO
James Okonkwo
CTO · Coastal Capital Advisors

Learn more about Valdra

Vendor Risk

Vendor Inventory

Complete visibility into every vendor handling personal data

Learn more
Vendor Risk

Vendor Library

Pre-assessed privacy profiles for 319+ common SaaS vendors

Learn more
Vendor Risk

DPA Tracker

Never let a Data Processing Agreement lapse again

Learn more

Get compliant and build trust

Join hundreds of Canadian organizations using Valdra to automate their privacy obligations — no consultants required.

Start Free — No credit card required

🍁 Canadian data residency · PIPEDA compliant · SOC 2 in progress

Cross-Border TIA (Law 25 art. 17 + Schrems II) | Valdra | Canuckt AI