Custodian LabsCustodian Labs

Pricing

Three plans, aligned with the POTRAZ licence tiers you already know.

Every plan ships the full Cyber and Data Protection Act compliance suite. We do not gate compliance behind paywalls. What differs by plan is conventional levers: seats, integrations, audit-log retention, and branding.

Prices in USD · Annual billing available on request · POTRAZ licence fees paid directly to the Authority

  • POTRAZ Tier 1 · 50–1,000 data subjects

    Starter

    Sole traders and small organisations getting a CDPA controller licence in place.

    USD 79 / month

    Up to 25 seats

    • Full compliance suite — RoPA, DPIA, breach reporting, vendors, retention, privacy notice
    • Forms DP1, DP2, and DP3 ready to file with POTRAZ
    • DPO management with the 14-day Authority-notice clock
    • Risk register and whistleblower channel
    • Audit log with 90-day retention
    • Email support
    Get started

  • POTRAZ Tier 2 & 3 · 1,001–500,000

    Professional

    Controllers running a real compliance programme across departments.

    USD 249 / month

    Up to 250 seats

    • Everything in Starter
    • Custom training courses and scheduled awareness campaigns
    • Auto-generated policies and certificates
    • Bulk user import
    • API keys (up to 5) and webhooks (up to 10)
    • Custom roles for delegated permissions
    • Audit log with unlimited retention plus CSV / PDF export
    • Business-hours support, 1-day SLA
    Get started

  • POTRAZ Tier 4 · more than 500,000

    Enterprise

    Banks, insurers, telcos, parastatals, and multi-jurisdictional operators.

    Custom · from USD 799 / month

    Unlimited seats

    • Everything in Professional
    • Single Sign-On (Microsoft Entra, Google Workspace, Okta)
    • SCIM provisioning — auto-sync users from your IdP
    • Multi-framework — CDPA + POPIA + GDPR + ISO 27001 on the same RoPA
    • Unlimited API keys and webhooks
    • White-label branding and custom domain (CNAME)
    • On-premise deployment option
    • Priority support, 4-hour SLA, dedicated CSM
    Contact sales

Enterprise is sales-led. The legitimate path is a conversation, not a self-serve checkout. We provision Tier 4 contracts with custom SLA and a dedicated CSM. Org admins cannot self-serve into or out of Enterprise.

ACompliance · Universal

Every module on every plan.

The Cyber and Data Protection Act and SI 155 of 2024 require these modules. We refuse to gate them. A Starter customer files Form DP1, a Tier 4 bank files DP1 and DP3, and the platform does not change underneath them.

  • RoPA · Records of Processing Activities
  • DPIA · Data Protection Impact Assessments
  • Breach reporting (Form DP3)
  • DPO management (Form DP2)
  • Data controller licensing (Form DP1)
  • Vendor and DPA management
  • Privacy notice generator
  • Children’s data
  • Cross-border transfers
  • Retention scheduling
  • Whistleblower channel
  • Code of conduct
  • Risk register
BPOTRAZ licence fees

POTRAZ controller licence fees, for reference.

Paid directly to the Authority, not to Custodian Labs. The figures below are the SI 155 of 2024 schedule. The platform reads them when preparing your Form DP1.

  • Tier 1

    50–1,000

    USD 50 / yr

  • Tier 2

    1,001–10,000

    USD 300 / yr

  • Tier 3

    10,001–500,000

    USD 500 / yr

  • Tier 4

    > 500,000

    USD 2,500 / yr

Ninety minutes · Your stack

A working session against your control catalogue and your last audit.

We bring Custodian GRC live, mapped to your frameworks. You bring the open items. We leave with a starting plan.

Request a demoEmail the team

Tendai Moyo · Head of Compliance Practice