We do offer HIPAA BAA agreements as a paid add-on. This requires a $1,000/month committed spend threshold with a year commitment paid monthly—all of that goes toward your actual usage. When a BAA is in effect, we follow a shared responsibility model and will advise on encryption setup, key storage auditing, access control, and secure storage of sensitive patient data. One important note: with an active BAA, our team will no longer be able to directly access your running workloads.

For the Canada region requirement, I have to be upfront—we don't currently offer a Canada-based region. Our available regions are US West (California), US East (Virginia), EU West (Amsterdam), and Southeast Asia (Singapore), all running on our own Railway Metal infrastructure rather than AWS. Region pinning itself is straightforward through service settings, but there's no Montreal option to pin to at the moment.

That said, for Enterprise customers with strict data residency requirements, we offer a "Bring Your Own Cloud" option where we can deploy within your own VPC. This could potentially work with your AWS Canada infrastructure if that's something you're already running. Given both the HIPAA requirement and the Canada data residency need, this might be the path worth exploring.

Since you're currently on a Pro plan, the best next step would be to reach out to our solutions team and schedule a call to discuss both the BAA process and whether BYOC would meet your Canadian data residency requirements.