Caribbean-native GRC platform · TR²UST® Framework
ASSURA

Compliance
without the
complexity.

Assura is a GRC platform purpose-built for Caribbean data protection law. Manage risk, respond to breaches, handle DSRs, and stay audit-ready — all in one place.

Book a Demo Chat on WhatsApp See the Platform
Covering 🇹🇹 Trinidad 🇯🇲 Jamaica 🇬🇩 Grenada 🇧🇧 Barbados 🇧🇲 Bermuda 🇰🇾 Cayman Islands 🇬🇾 Guyana 🇧🇸 Bahamas 🇱🇨 St Lucia 🇧🇿 Belize
10+
Caribbean jurisdictions covered
7
Compliance modules in a single platform
34
TR²UST® controls mapped to local law
<1d
Average time to get a programme live
ROPA · Record of Processing Activities

Your processing activities, guided and maintained

Build a complete record of processing activities with a structured 5-step wizard. Map legal bases, data categories, retention periods, and third-party processors — all linked to the relevant jurisdiction’s requirements.

Guided 5-step entry with jurisdiction-aware prompts
Legal basis mapped to all data protection laws
Draft-save and multi-user collaboration built in
ROPA wizard
DSR Management

Every data subject request tracked to closure

Log, route, and respond to all request types — access, erasure, restriction, objection, blocking, portability, and more — with statutory deadlines automatically calculated per jurisdiction. Never miss a deadline again.

Auto-calculates deadlines under relevant law
Jurisdiction-specific legal framework panel on every request
Overdue alerts, requester verification, and full activity log
DSR Management
Breach Management

Breach response, from intake to regulator notification

A structured 9-step workflow captures everything from initial report through classification, root cause, risk assessment, and notification decision. Jurisdiction-specific timelines keep you on the right side of the regulator.

Real-time deadline counter from awareness date
DPO classification queue with notification decision workflow
Breach analytics by month, root cause, and notification rate
Data Breaches dashboard
TR²UST® Maturity Assessment

Know exactly where you stand, across six domains

The TR²UST® Framework maps 34 foundational controls across six domains — Governance, Rights & Consent, Data Lifecycle, Information Security, Third-Party Management, and Incident Management. Get a real maturity score, not a checkbox survey.

6 domains, 34 controls at Foundational tier
Reactive → Managed → Optimised maturity levels
Exportable report for board and regulatory reporting
Domain assessment
DPIA Workflow

Eleven-step DPIA built for the way DPOs actually work

From project scoping through lawful basis, data sharing, transfers, consultation, necessity, risk identification, and DPO sign-off — Assura’s DPIA engine walks every assessor through a defensible, documented process.

11 structured steps with draft-save at any point
Scope, Lawful Basis, Data Sharing, Transfers, Consultation, Risks, Approvals
Generates a regulator-ready DPIA document on completion
DPIA workflow
Vendor Management

Every processor relationship documented and assessed

Register all third-party vendors with full details — type, criticality, processing location, lifecycle stage, contract status, and risk profile. Know who is processing data on your behalf, and on what terms, at all times.

Vendor Info, Contract, and Risk & Review tabs
Criticality scoring and lifecycle stage tracking
Links directly to your ROPA and DPIA records
Vendor registration

Across every regulated sector

Financial Services Insurance Healthcare Legal Practices Government Credit Unions Education Retail & Hospitality
Simple Onboarding

Up and running in under a day

No implementation projects. No expensive consultants. A guided setup that gets your compliance programme live fast.

1

Set up your organisation

Add your entity details, select your jurisdiction or jurisdictions, and invite your team. Assura pre-loads the relevant legal obligations for your territory so you start from a compliant baseline.

2

Build your data register

Use guided templates to map your processing activities, data flows, and third-party processors. The wizard walks you through each field with jurisdiction-specific guidance at every step.

3

Manage ongoing compliance

Conduct DPIAs, log incidents, track DSRs, assess maturity, and monitor your compliance posture — all from a single dashboard. Your DPO gets a clear picture of the programme at all times.

Security & Infrastructure

Built on infrastructure you can trust

Assura handles sensitive personal data on behalf of its clients. The platform is built to the same standards of security and data protection that it helps organisations achieve.

Data Security

All data is encrypted at rest and in transit using industry-standard AES-256 and TLS 1.3. Role-based access controls, full audit logging, and session management ensure only authorised users can access your compliance records.

Encryption at rest
TLS 1.3 in transit
Role-based access
Full audit log
MongoDB Atlas

Reliability & Performance

Assura is deployed on AWS cloud infrastructure with high-availability architecture, automated backups, and global content delivery. Your compliance programme stays accessible when you need it most.

AWS cloud infrastructure
High availability
Automated backups
99.9% uptime SLA

Network Protection

All traffic is routed through Cloudflare's global network, providing enterprise-grade DDoS protection, web application firewall filtering, and bot mitigation — keeping the platform fast and protected around the clock.

Cloudflare protected
DDoS mitigation
Web app firewall
Global CDN
Data Processing Agreements available
Privacy by design principles applied throughout
Security documentation available on request
Multi-Jurisdiction Coverage

Built for Caribbean law,
not retrofitted from GDPR

Most compliance tools are GDPR products with a flag. Assura was designed from the ground up around the laws your organisation actually operates under — with the right terminology, the right timelines, and the right obligations at every step.

🇹🇹
Trinidad & Tobago
Data Protection Act 2011
🇯🇲
Jamaica
Data Protection Act 2020
🇬🇩
Grenada
Data Protection Act 2023
🇧🇧
Barbados
Data Protection Act Cap. 308D
🇧🇲
Bermuda
PIPA 2016
🇰🇾
Cayman Islands
Data Protection Law 2017
🇬🇾
Guyana
Data Protection Act
🇧🇸
Bahamas
Data Protection Act 2003
🇱🇨
St Lucia
Data Protection Act 2011
🇧🇿
Belize
Data Protection Act 2021
Transparent Pricing

Affordable, enterprise-grade compliance

Four tiers aligned to organisational size and compliance complexity. All prices in USD. Annual subscriptions include two months free.

Tier 1
Sole Trader & Micro

For solopreneurs, startups and micro-teams of up to 5 employees establishing a basic compliance framework.

$99/mo
$990/yr · save $198
Get Started
Includes
ROPA
DSR Workflow
Breach Workflow
Maturity Assessment
Vendor Management
DPIA
Due Diligence
Tier 2
Small Business

For growing organisations with 6 to 25 employees managing foundational third-party vendor relationships.

$199/mo
$1,990/yr · save $398
Get Started
Everything in Essential, plus
Vendor Management
DPIA Workflow Engine
Due Diligence Assessments
Tier 3
Mid-Market

For established regional entities with 26 to 100 employees requiring comprehensive, multi-module data governance.

$399/mo
$3,990/yr · save $798
Get Started
Everything in Professional, plus
Due Diligence Assessments
All 7 modules unlocked
Tier 4
Enterprise

For group structures, multi-jurisdiction deployments, and DPO consultancies.

Custom
Contact us for scoped pricing
Talk to Us
Everything in Business, plus
Multi-entity / multi-client
Group entity structures
Dedicated onboarding & SLA
DPO-as-a-Service integration

Additional seats available as a paid add-on across all tiers · Contact us for add-on pricing

Special Pricing

Civil society, schools & community organisations

Data protection obligations apply to every organisation that handles personal data — not just corporations. Assura offers special pricing for non-commercial and community organisations across the Caribbean.

NGOs & Non-Profits
Schools & Universities
Community Associations
Religious Organisations
Trade Unions
Sports Clubs
Charities
Cooperatives
Book a Conversation Chat on WhatsApp

We respond within 2 business days · [email protected]

Managing multiple clients? Assura Enterprise is built for how you work.

Run fully isolated compliance programmes for each client from a single login. Switch between entities in one click, keep every register, DPIA, breach log, and DSR queue separate, and deliver a consistent programme across jurisdictions — without the overhead.

Book a Demo [email protected]
Enterprise engagements scoped individually
Contact

Get in touch

Whether you have a question about the platform, want to discuss your organisation’s compliance needs, or are ready to get started — we’d like to hear from you.

Enterprise enquiries, multi-jurisdiction deployments, and DPO consultancy integrations are all handled individually. Reach out and we’ll respond within 2 business days.

General enquiries & sales
[email protected]
Enterprise & multi-client deployments
[email protected]
We respond within 2 business days
A product of Privicy Advisory Services
Trinidad & Tobago

Ready to talk?

Book a 30-minute demo and see the platform in action. Or reach out on WhatsApp for a quick conversation.

Prefer email? Write to us at
[email protected]

FAQ

Common questions

Is Assura built around Caribbean law or adapted from GDPR?
+
Assura is designed from the ground up around Caribbean data protection legislation — including T&T’s DPA 2011, Jamaica’s DPA 2020, Barbados’s Data Protection Act, the Cayman Islands DPL 2017, Bermuda’s PIPA 2016, and others across the region. Obligations, deadlines, DSR types, and terminology all reflect local law — not GDPR with Caribbean flags.
What is the TR²UST® Framework?
+
TR²UST® is Privicy Advisory Services’ proprietary Caribbean data protection maturity framework. It maps compliance obligations across six domains — Governance & Accountability, Rights, Consent & Transparency, Data Lifecycle Management, Information Security, Third-Party Management, and Incident & Breach Management — to a structured set of controls aligned to Caribbean law. Assura’s Maturity Assessment module is built on this framework.
Can a DPO consultancy manage multiple clients on one account?
+
Yes, on the Enterprise plan. Assura supports multi-entity and multi-client configurations where each client organisation is fully isolated. Single login, client-switching interface, and all data, registers, and reports kept separate per entity. Enterprise engagements are scoped individually — contact us at [email protected].
How long does it take to get up and running?
+
Most organisations are operational within a day. The guided setup walks you through organisation and entity configuration, jurisdiction selection, and your first ROPA entries. No lengthy implementation project required.
Where is data stored and how is it secured?
+
Assura is hosted on enterprise-grade cloud infrastructure with data encrypted at rest and in transit. We apply role-based access controls, audit logging, and regular security assessments. Data residency options are available for Enterprise clients.
What support is included?
+
All plans include email support and access to our documentation library. Business plan clients receive priority response. Enterprise clients receive dedicated onboarding, a named account contact, and an agreed SLA. Reach us at [email protected].

Start your compliance
programme today.

Purpose-built for the Caribbean. Up and running in under a day.

Book a Demo Chat on WhatsApp

Enterprise enquiries welcome · [email protected]

Ready to get started?
Caribbean-native compliance platform
Book Demo WhatsApp
Chat on WhatsApp