Start-up technology company Privado is a product of the frustration of Vaibhav Antil and his co-founders, Jasdeep Cheema and Prashant Mahajan. They launched the business, which is today announcing a $14 million Series A funding round, after finding it almost impossible to get to grips with the General Data Protection Regulation (GDPR) introduced by the European Union in 2018.
“We were working as engineers at the time, developing software products where we suddenly had to think about whether they complied with data privacy laws,” Antil explains. “It was hugely disruptive and there didn’t seem to be an easy way to sort the problem out.”
That concern was amplified when Antil and his colleagues spent several months working with the product and engineering teams at a leading e-commerce company. Despite conducting a series of interviews with the teams, it proved almost impossible to work out exactly how they were collecting, storing, using and sharing customers’ personal data – and therefore whether the business was GDPR-compliant. And as the business continually updated its software, that challenge became ever more complex.
Privado’s solution to this problem is a code scanner that automatically works through software to identify the data it is collecting, and what subsequently happens to this data. It provides the user with a tool that quickly maps their data practices so that these can be compared to what any piece of data privacy regulation requires. “We’re like a spell checker for data privacy,” Antil says.
Launched in 2020, Privado operates with an open-source code scanning solution. The idea is that developers and engineers use the tool on an ongoing basis, scanning software they have developed in order to identify potential data privacy issues – and then rescanning each time an update is made.
Privado’s tool not only identifies data usage and flows, but can also be tailored to identify potential breaches of specific legislation – the EU’s GDPR, for example, but also similar regulation developed by authorities in the US and Asia. “Engineers and privacy teams get instant visibility into personal data usage by their products and applications, can monitor personal data flows, and find privacy risks that exist in the code from leakage to logs,” Antil explains. The tool can also be set up to block any software updates that include code which breaches the business’s own data privacy policies.
The problem the business is solving is very real – and potentially very expensive. Data from Enforcement Tracker reveals that companies worldwide have so far been fined €1.7 billion for breaches of GDPR. In the US, meanwhile, the Federal Trade Commission is currently in the midst of a crackdown on data privacy issues – the social media giant Twitter was handed a $150 million penalty earlier this year for violations of the FTC’s rules.
However, despite knowing about the issue, organisations that are constantly developing and updating new software are vulnerable to falling foul of the regulation in exactly the same way. The scale and complexity of their code makes manual checks too challenging to be practical, particularly as new releases are iterated at speed.
Hence the need for an automated scanner, argues Privado. “Think of us as a Grammarly for your code – we give you a data privacy score for existing products and point out privacy and data security issues as you are writing new code,” Antil adds. “I expect that in the future, there will be a default scan for data privacy issues, just as such products exist in the cyber security world; we want to be that default.”
The company is making good progress in this regard, operating through a combination of a premium product, made available as a software-as-a-service tool, and a free version aimed at Android developers. Customer numbers are not available, but the company says it is already managing more than 600,000 code commits for its clients.
The challenge now is to scale the business, with the Series A round providing funding for product development, staff recruitment and to support the growth of Privado’s open-source community.
Today’s $14 million round is the company’s second funding announcement of the year – it picked up seed finance of $3.5 million in January – and is led by software investor Insight Partners and venture firm Sequoia Capital India, with participation from existing investors Together Fund and Emergent Ventures.
“Privado has created an intuitive platform that allows data and engineering teams to ensure all development changes are privacy compliant in real time,” says Nikhil Sachdev, managing director at Insight. “With its experienced team of founders and innovative architecture, Privado has already made a name for itself in the DevSecOps space.”
Abhishek Mohan, principal at Sequoia India, believes the business has identified a huge opportunity. “Privacy and data are two sides of the same coin,” he argues. “Data has been one of the biggest trends in the last few years and it’s only a matter of time before privacy catches up.”