Automation Platform Choice: n8n vs Power Automate

Pick your automation platform on compliance first, features second. If a workflow ever touches a patient name, appointment time, SIN, AFU file reference, ICBC claim, or WorkSafeBC identifier, it has to stay on Canadian infrastructure. That single constraint picks the tool for you. Pricing and integration count decide between the two remaining options.

The stack

For regulated data in BC, use one of these two. Skip everything else.

n8n self-hosted on OVH Canada VPS. OVH’s Beauharnois, Quebec datacenter is ISO 27001 and SOC 2 Type II certified and is outside US jurisdiction, meaning the US CLOUD Act cannot compel disclosure of data stored there. A VPS on that infrastructure runs $12–15 CAD per month. n8n runs self-hosted on it — 400 or more integrations, unlimited workflows, and zero marginal cost per step or execution. HTTPS termination via Caddy reverse proxy, daily encrypted backups to a separate Canadian region. Because n8n runs on your infrastructure, there is no vendor BAA to negotiate: you control the data.

Microsoft 365 Power Automate inside a Canadian M365 tenant. Practices and firms already on Microsoft 365 Business Standard have Power Automate included. When the M365 tenant is provisioned in the Canadian region (Toronto or Quebec City datacenters), automation data stays in Canada without a separate VPS. No additional licensing cost, no server to manage, no reverse proxy to configure. For teams already living in Outlook, Teams, and SharePoint, the integration surface is immediate.

For non-PHI workflows in metal fabrication shops, construction contractors, or architectural firms without regulated client data, Make.com ($9 CAD/month) is a viable third option at roughly half the price of Zapier. It is acceptable for workflows that do not touch health information, SINs, or financial identifiers requiring PIPEDA compliance. Zapier is similarly capable but costs more for comparable volume and has no compliance advantage over Make in non-PHI contexts.

How it gets wired

n8n on OVH Canada. Provision an OVH VPS at the Beauharnois location (SSD VPS 2 tier is sufficient for most practices). Install Ubuntu 22.04, then n8n via Docker Compose alongside Caddy as a reverse proxy. Point a subdomain at the VPS IP, configure Caddy to handle TLS automatically from Let’s Encrypt, and n8n is reachable over HTTPS on a private URL you control. Set up automated daily backups of the n8n database to OVH Object Storage in the Montreal region. The full setup takes approximately two hours.

Workflows connect to external services via n8n’s credential store, which encrypts secrets at rest on your VPS. Common connections for BC practices: Jane App (via webhook or n8n’s HTTP node), TaxDome (webhook triggers), Google Workspace, Airtable, and email providers. Because n8n is self-hosted, credentials never leave your infrastructure.

Power Automate on M365. The entry point is the Power Automate portal inside the Microsoft 365 admin center. Confirm the tenant region is set to Canada before building workflows — check the admin center under Settings > Org settings > Organization profile. Once confirmed, flows built in Power Automate inherit the tenant’s data residency. Connectors to Microsoft products (Teams, SharePoint, Outlook, OneDrive) work natively. Connectors to third-party services (Jane, TaxDome, Airtable) use the HTTP connector or available custom connectors.

The Make.com path for non-PHI work. For contractors tracking job costs, metal shops routing quote requests, or architectural firms coordinating submittal workflows, Make.com at $9/month handles up to 10,000 operations per month across unlimited scenarios. The migration rule: when workflow count crosses 20 active scenarios or when any workflow begins touching regulated data, migrate to n8n. Make’s export format is JSON; n8n can import Make-exported flows as a starting point.

Compliance posture

Don’t run Zapier or anything touching regulated data through a US-hosted tool. No BAA, US servers, no PIPEDA statement. A flow that pulls a patient name and appointment time from Jane into Zapier has already transferred PHI cross-border without covering consent language. Same for AFU file numbers, SINs, ICBC claim references, and WorkSafeBC identifiers. If you inherited a client already doing this, switch the affected flows over in week one.

n8n on OVH Canada is yours end-to-end. Your VPS, your data, never leaves the Beauharnois facility. No vendor BAA to chase because there is no vendor. Satisfies PIPEDA, BC PIPA, and PHIPA.

Power Automate in a Canadian M365 tenant is covered by Microsoft’s DPA and Canadian data residency (verify in the Microsoft Trust Center). Also satisfies PIPEDA, BC PIPA, and PHIPA.

Make.com is acceptable only for workflows that never touch regulated data — not “mostly don’t,” not “not yet.” If a field in the flow could hold a SIN or a patient name next quarter, start on n8n instead and save the migration.

Common pitfalls

• Provisioning an OVH VPS outside the Canadian region (Gravelines or Roubaix in France are the default offerings on some plan pages) routes data outside Canada. Confirm the datacenter location is Beauharnois before provisioning.
• Power Automate tenants provisioned without checking the region default to the US. A tenant created in the wrong region cannot be migrated — it must be reprovisioned. Check the region before building any workflows.
• n8n’s credential store is only as secure as the VPS it runs on. A VPS without firewall rules, regular OS updates, and strong SSH key authentication is not a compliant infrastructure choice regardless of datacenter location.
• Make.com workflows that begin non-PHI and gradually acquire contact fields, appointment references, or billing identifiers cross the compliance line without anyone noticing. The 20-workflow migration threshold is a forcing function for a compliance review, not just a convenience trigger.
• Power Automate’s standard connectors for third-party services (non-Microsoft APIs) route through Microsoft’s connector infrastructure, which may introduce latency or rate limits on high-volume workflows. Heavy-volume n8n workflows processing thousands of daily operations typically perform better because execution is local.

When this is worth the setup

The decision matrix is straightforward. A Microsoft 365 shop with a confirmed Canadian tenant should use Power Automate — the tooling is already paid for, the compliance posture is established, and adding a VPS introduces maintenance burden without compliance benefit. A Google Workspace shop or a clinic with PHI-adjacent workflows that is not on Microsoft 365 should use n8n on OVH Canada — the $12–15 CAD monthly cost is negligible relative to the compliance exposure of routing patient data through a non-compliant platform. A metal shop, contractor, or architectural firm with no regulated data and fewer than 20 workflows should start with Make.com and migrate when the workflow count or data sensitivity warrants it.

The setup cost for n8n on OVH is approximately two hours of configuration time. Power Automate requires confirming the tenant region and then building flows — no additional infrastructure work. Both are worth the setup from the first workflow that would otherwise require manual intervention on a recurring basis. Practices that are still doing things manually because “we haven’t had time to automate it” are in the right position for this: the platform decision is fifteen minutes, the first workflow is an afternoon.