CanucktAI
Valdra·Canadian Privacy Compliance
Open Valdra →
60+ features · 8 AI agents · Built for Canada

Every tool you need.
Nothing you don't.

PIPEDA, Law 25, CASL, breach management, vendor risk, data governance, and trust signals — in one Canadian platform.

60+

Features

14

Privacy & health acts

421+

PII recognizers

100%

Canadian data residency

Overview

Your compliance command center

Core

Compliance Dashboard

Real-time score across PIPEDA, Law 25, CASL, FINTRAC, and PHIPA — color-coded heatmap, upcoming deadlines, executive PDF reports.

87

Compliance Score

+12 this month

Live ScoreHeatmapExec Reports
Explore

Regulatory Alerts

Monitors OPC, CRTC, CAI, and FINTRAC feeds daily. New guidance translated into plain-language action items for your business.

OPCCRTCCAI
Compliance Hub

Automated assessments for every Canadian law

Free

Free Assessment

30 plain-language questions. Instant scored report across PIPEDA, Law 25, and CASL. No account, no credit card — start in 10 minutes.

PIPEDA72%
Law 2544%
CASL91%
FreeInstantNo signup
Explore

PIPEDA Assessment

AI-guided walkthrough of all 10 fair information principles. Scored gap report with OPC citations and auto-generated accountability docs.

10 PrinciplesAI GuidedOPC Citations

Law 25 Assessment

Full Bill 64 coverage — PIA triggers, Law 25 heightened consent, CAI filing readiness — bilingual EN/FR.

Bill 64PIA TriggersBilingual

CASL Assessment

Consent mapping, CEM definition review, unsubscribe mechanism audit, and sender ID check — with CRTC enforcement context.

Consent MappingCEM AuditCRTC

Plain-English Law Summaries

All 14 Canadian privacy & health acts explained without legalese. Four-section format (requires / applies-to / enforcement / penalty) in EN + FR.

14 LawsPlain EnglishEN + FR

Bill C-27 Status Tracker

Live parliamentary status of the federal bill replacing PIPEDA. CPPA + Tribunal + AIDA breakdown, gap pre-analysis, penalty modelling.

Live StatusCPPAAIDA
Privacy

Privacy documents and impact assessments

Core

AI Legal Documents

Privacy policies, DPAs, CASL consent notices, employee privacy notices, cookie policies — bilingual, version-controlled, with signing links.

Privacy PolicyGenerated
Data Processing AgreementGenerated
CASL Consent NoticeGenerated
Cookie PolicyGenerated
Privacy PolicyDPABilingual
Explore

PIA Wizard

8-step Privacy Impact Assessment satisfying Law 25 §3.3 and OPC framework. Risk matrix with stakeholder sign-off and PDF export.

Law 25 §3.3Risk MatrixE-signature

CASL Consent Center

Timestamped consent records with IP, channel, exact consent language. Express vs. implied tracking, 10-day unsubscribe queue, CRTC export.

TimestampedUnsubscribe QueueCRTC Export

PIA Threshold Screener

6-question pre-screener decides whether your project actually needs a full PIA under PIPEDA / Law 25. Saves hours when one isn't required.

ScreenerSaves TimeAudit Record

AI-Assisted PIA Drafting

Claude drafts your Privacy Impact Assessment from a plain-language project description. Multi-stakeholder reviews, inline statutory citations.

Claude AIMulti-ReviewerCitations
Privacy Rights

Core

Privacy Rights Center

DSARs, complaints, opt-outs, deletion, and portability requests in one inbox. Public tokenized submission portal, 30-day SLA clock, bulk import.

DSAR30-Day SLAPublic Portal
Explore

Multi-Language Intake

Submit privacy requests in English, French, or 5 Indigenous languages (Cree, Inuktitut, Ojibwe, Anishinaabe, Mi'kmaq). Accessibility win.

EN + FR5 Indigenous LanguagesAccessibility
Cookies & Trackers

Core

Cookie Scanner

188-cookie catalogue + 73 tracker signatures. Auto-classifies as necessary / functional / analytics / marketing. Canonical inventory + CMP JSON export.

Necessary100%
Analytics65%
Marketing32%
188 Cookies73 TrackersCMP Export
Explore
Breach & Incidents

Breach Autopilot — 72-hour OPC deadline, handled

Core

Incident Log

Register breaches with AI-assisted triage. The 72-hour OPC clock starts automatically. Full evidence trail for regulators.

In ProgressRROSH Assessment
48

hours remaining

72h OPC deadline

72h ClockAI TriageEvidence Trail
Explore

RROSH Assessment

Conversational Real Risk of Significant Harm evaluation. Step-by-step AI guidance through statutory factors — documented for review.

AI GuidedStatutory FactorsDocumented

OPC Report Builder

Auto-generates OPC breach notifications and CAI filings from your incident data. Legally reviewed templates, done in minutes.

OPC FilingCAI ReportAuto-generated

Notification Letters

Auto-drafted individual notification letters for affected parties — plain-language, PIPEDA-compliant, bilingual. Tracks send status.

Affected PartiesBilingualStatus Tracking

Mass Breach Notification

Upload 100K affected individuals as CSV. Bilingual personalized notifications, delivery tracking, opt-out, throttled send, audit log. PIPEDA + Law 25 compliant.

100K RecipientsBilingualAudit Trail

Breach Register

2-year PIPEDA-required breach retention log. Searchable, exportable, and audit-ready for OPC review.

2-Year LogSearchableOPC-ready
Vendor Risk

Third-party risk, fully mapped

Core

Vendor Inventory

All third-party data processors with risk scores, CLOUD Act exposure flags, country of incorporation, SOC 2 / ISO cert tracking.

🇺🇸SalesforceMedium
🇨🇦AWS CanadaLow
🇺🇸HubSpotHigh
Risk ScoringCLOUD ActSOC 2
Explore

Vendor Library

Pre-built compliance profiles for common Canadian SaaS tools with pre-assessed PIPEDA status and CLOUD Act risk ratings.

Pre-builtPIPEDA StatusSaaS Coverage

DPA Tracker

Auto-generate DPAs with Canadian standard contractual clauses. Track signed/requested/missing status across all vendors.

Auto-generateCanadian SCCsStatus

Shadow AI Detection

Detects unauthorized AI tools used by your team. Flags CLOUD Act exposure and auto-answers 70%+ of vendor questionnaires.

Shadow AIAuto-detect70% Auto-answer

Cross-Border TIA

Law 25 art. 17 + GDPR Schrems II Transfer Impact Assessment. Country legal maps, CLOUD-Act scoring, supplementary measures, CAI-ready export.

Law 25 art. 17CLOUD ActCAI Ready
Risk Management

Core

Risk Register

5×5 likelihood × impact heatmap. Inherent + residual scoring, treatment plans (mitigate / transfer / accept / avoid), auto-linked controls. SOC 2 CC3.2 + ISO 27001 6.1.

5×5 HeatmapSOC 2 CC3.2ISO 27001
Explore

Penalty Calculator

Calculate maximum penalty exposure under PIPEDA, Law 25 ($25M / 4% revenue), and CASL ($10M). Multi-violation scenarios, recent enforcement citations.

PIPEDA / Law 25 / CASLMulti-ViolationBoard Pack

STRIDE Threat Models

STRIDE-based threat modelling. Data flow diagrams, mitigation library from your controls, SOC 2 CC3.2 evidence, reusable templates.

STRIDEData FlowPIA Evidence
Security

SOC 2 and ISO 27001 readiness

Core

SOC 2 Readiness

Full Trust Service Criteria — map controls, collect evidence, track implementation. Auditor-ready evidence packages in one click.

Controls implemented

43/ 61
TSC FrameworkEvidenceAuditor Export
Explore

ISO 27001

All 93 Annex A controls with guidance, evidence requirements, and status tracking. Gap analysis against your current posture.

93 ControlsGap AnalysisAnnex A

Control Library

Unified control browser across SOC 2, ISO 27001, PIPEDA, and NIST. Tag controls, assign owners, track completion.

Multi-frameworkOwner AssignCompletion

Evidence Collection

Upload PDFs, screenshots, policies as evidence per control. Version-controlled, audit-trailed, exportable evidence packages.

File UploadVersion ControlAuditor Packages
Account Security

Core

Passkeys (WebAuthn)

Phishing-resistant passwordless sign-in with Touch ID, Face ID, Windows Hello, and hardware keys. Cross-device sync, multiple per user. Free on every plan.

FIDO2Touch ID + Face IDFree Tier
Explore

Authenticator App 2FA

Standard TOTP via Google Authenticator, Authy, 1Password. QR setup, magic-link-then-code flow, recovery codes.

TOTP6-Digit CodeStandard

Login History (SOC 2 CC6.1)

90-day login audit with IP, country, device, and auth method. Required for SOC 2 CC6.1 logical access evidence.

90-Day LogIP GeoSOC 2 CC6.1

IP Allowlist

Restrict admin actions to a list of CIDR blocks. Per-org enforcement, audit log of denied attempts.

CIDR BlocksAdmin OnlyAudit Log
Data Governance

Know your data. Map it. Govern it.

Core

Data Discovery

Map every system processing personal data — what you hold, where it lives, who accesses it. Automated and continuous.

CRM
HR System
Cloud Storage
Email
Analytics
System MappingPII DetectionAutomated
Explore
Core

Data Lineage Maps

Sankey-style layered view: Sources → Apps → Storage → Vendors. Auto-derived from your vendor inventory. PII-type filter chips, CLOUD-Act flags, PNG export.

Sankey ViewPII FilterPNG Export
Explore

Privacy Score & ROPA

Auto-populated Register of Processing Activities required by Law 25. Jurisdiction scoring with data residency tracking.

ROPALaw 25Residency

Data Flow Maps

Visual maps of PII movement through your organization — intake, storage, sharing, disposal. Export for PIA docs.

Visual MapsPIA ExportCross-border

Retention Schedules

Define retention periods per data category. Automated alerts when periods expire and deletion workflows.

Auto AlertsDeletion FlowPIPEDA
Trust Center

Turn compliance into a competitive advantage

Core

Public Trust Page

A live shareable compliance page showing your score, certifications, and control status — for customers, partners, and regulators.

A

Trust Grade

43 controls verified

Public trust page live
Shareable URLLive ScoreCustomer-facing
Explore

Compliance Badge

Embeddable "Valdra Verified" badge for your website, email footer, or proposals. Links to your live trust page.

EmbeddableWebsiteEmail Footer

Cookie Consent Banner

PIPEDA/CAI-compliant cookie consent with granular controls. Single script tag. Consent logs stored in Valdra.

Single ScriptGranularConsent Log

Privacy Notice Embed

Auto-updated privacy notices that sync with your data map. Change data practices — notice updates automatically.

Auto-syncedAlways CurrentNo-code

Subprocessor Disclosure

Public list of third-party vendors that process your customers' data — auto-rendered from your Vendor Inventory. DPA + SOC 2 standard practice.

Auto-renderedDPA ReadySubscriptions

Inquiry Inbox + NDA Vault

Capture security questionnaires from prospects. Email alerts, NDA-gated document vault, per-inquiry audit trail, quarterly insights.

NDA GateEmail AlertsAudit Trail

Status / Incident Page

StatusPage.io-style public incident page. Subscriber notifications, severity tracking, post-mortem templates. No more $99/mo SaaS.

Public StatusSubscribersPost-mortems
Audit & Reports

Core

Audit Log + CSV Export

Immutable 90-day audit trail of every action. SOC 2 CC7.2 compliant. Filter by user / event / IP, export to CSV for external auditors.

SOC 2 CC7.2CSV ExportImmutable
Explore

Custom Report Builder

Drag-and-drop composer with live data binding. Branded bilingual PDFs for OPC submissions, SOC 2 evidence, board updates.

Drag + DropBranded PDFBilingual

Board-Ready Quarterly Pack

One-click quarterly board pack: compliance score trend, top-5 risks, breach summary, vendor changes, training completion, regulatory horizon.

QuarterlyTop RisksTrends
Training

Core

Training Academy

22 modules across 3 bilingual courses (PIPEDA 7 + CASL 7 + Law 25 8). Knowledge-check quizzes, per-employee completion tracking, certificates.

22 Modules3 CoursesQuizzes
Explore

Custom Course Upload

Upload your own training content in Markdown — sector-specific (fintech, healthcare), internal-policy-specific, or new-hire-onboarding.

MarkdownSector-SpecificCustom
Integrations

Connect everything you already use

Core

All Integrations

Connect Valdra with your existing tech stack — AI assistants, cloud providers, HR platforms, and more. MCP Server, REST API, and no-code webhooks.

Claude
AWS
Slack
Salesforce
HubSpot
Azure
MCP ServerREST APIWebhooks
Explore
AI Agents

Core

Valdra Copilot

Ask any Canadian compliance question and get a sourced answer citing the exact PIPEDA section, Law 25 article, or CASL clause. Always up to date.

PIPEDALaw 25CASL Citations
Explore

Document Drafter

Generates privacy policies, DPAs, CASL consent notices, employee privacy notices, and cookie policies — bilingual, jurisdiction-specific, ready to sign.

Privacy PolicyDPABilingual

Breach Triage

AI-guided breach response from first report to OPC/CAI filing. Manages the 72-hour clock, RROSH determination, notification letters, and evidence package.

72h ClockOPC FilingRROSH

PII Scanner

Shielk-powered entity detection built directly into Valdra. Discovers undeclared PII in your data inventory, docs, and cloud assets across 421+ Canadian types.

421+ Entity TypesPowered by ShielkDiscovery

Vendor Risk

Reviews SOC 2 reports, flags CLOUD Act exposure, and scores vendor DPAs against PIPEDA transfer requirements. Prioritizes by data sensitivity and volume.

SOC 2CLOUD ActDPA Review

Gap Analyst

Identifies compliance gaps across all active frameworks, ranks them by regulatory severity and remediation effort, and links each gap to the specific statute.

Gap RankingStatute LinksRemediation

Regulatory Monitor

Watches OPC, CRTC, CAI, and FINTRAC feeds daily. Translates new guidance into plain-language action items specific to your compliance profile.

OPCCRTCCAIFINTRAC

Training Module

Employee privacy awareness training tailored to your industry and applicable laws. Completion tracking, attestation records, and bilingual delivery.

Employee TrainingAttestationsBilingual
Canadian infrastructure · Quebec, Canada · Zero CLOUD Act exposure

Start your free compliance assessment

No credit card, no consultant required. See your PIPEDA, Law 25, and CASL score in 10 minutes.

Start free — no credit card Back to Valdra overview
All Features — Valdra | Canadian Privacy Compliance | Canuckt AI