Software is eating the world, and privacy is eating software. The proliferation of user data because of software adoption has led to second-order effects, where data protection and privacy have become top-of-the-mind concerns for businesses and consumers alike. Unprecedented regulatory action, along with changing user behaviour, has made it almost mandatory for any company to adopt and implement privacy compliance.
This is where Privado comes in. By providing visibility of data usage, flows, and risks at the software code development stage, Vaibhav, Jasdeep, and Prashant make it easier for businesses to be privacy compliant. And that is why we are super excited to announce our investment in Privado.
Rise of Privacy
Privacy is super important for organisations. Gartner predicts a rise of $8 billion worldwide in privacy-driven spending on compliance tooling by the end of this year. Annual budgets for privacy are expected to exceed $2.5 million, making a shift from compliance ethics to competitive differentiation.
Privado’s work is especially important today because non-compliance with privacy regulations comes at a cost. A rather high cost. One look at the biggest fines for non-compliance with the European Union’s General Data Protection Regulation (GDPR) should give you an idea of what is involved. (Amazon alone was fined over $870 million just last year.) Also, it is not just technology-first companies that make the list. Clothing retailers, energy companies, and airlines also have been held accountable.
Privado’s unique approach
Data processes in engineering are distributed. Software codes are always being overhauled and updated, so preventing data leakage onto logs is difficult to keep a handle on. Most compliance today is a manual process, an ‘after-thought’. It is also more reactive than real-time fixing of issues. This not only leaves businesses at risk of being non-compliant but also slows down software development cycles by not being developer friendly.
From large enterprises to fast-scaling startups, nearly everyone Privado spoke to agreed that understanding what happens with data was a big problem. For the team at Privado, the insights boiled down to two main learnings:
(1) The understanding of how data is used was not complete because it relied on human interventions and/or manual processes.
(2) Whatever compliance companies ended up with would be out of date because the product would have gone through multiple software releases.
The big takeaway was that privacy compliance had to be built at the speed of software development, as it happens with software security.
What got us excited about Privado’s approach is that it embeds itself into the software development lifecycle (Shift-left in DevOps). This means that engineering and privacy teams get instant visibility into their data usage, and can monitor data flows and identify privacy risks that exist in the code before delivery. Being an open-source code scanning solution purpose-built for privacy, Privado is truly developer friendly and has so far managed over 600,000 code commits for global companies such as Thrasio, Zego, and many more.
We have known the founders for some time now and have had an opportunity to closely witness their unique journey of building Privado. Vaibhav and Jasdeep go back nearly a decade. They earlier co-founded their previous startup, Jukebox Studio, which was bought by Gaana in 2018. When they decided to build a dev-tool startup next, they were joined by Prashant, who had scaled the engineering team at Pubmatic ($PUBM) and was well-versed with code scanning and open telemetry applications for privacy.
Their journey, however, started as a workflow solution to help businesses be privacy compliant. After countless customer interactions, the team saw that the clients still struggled to figure out how PII data was being collected and shared. It took over a hundred interviews with executives who handle data at their organisations — chief privacy officers, data protection officers, chief information security officers, product managers, and engineers in Europe and the US — for Privado to arrive at the code-scanning solution approach.
We first met the Privado team in 2019, when Shubham helped them raise their angel round. Excited by their ambitions, we kept in touch and tracked them. They were trying to build in an industry very few people from India were willing to experiment in. In 2021, when we began our conversations again, their hustle and their iterative approach were clear to us.
Privado was almost a brand new company. It had pilots with large enterprises such as Here, Thrasio, Zego, with six-figure contracts from customers across the world in their pipeline. Also, its devtool solution had generated over 2,000 Android data safety reports. Given our thesis on this space and Privado’s progress, we were already keen on this partnership. But to build our conviction thoroughly, we spoke to our experts and their early customers — and every single one of them praised not just the team’s work ethic but also how deeply they understood this subject. NPS was through the roof, and that sealed the deal for us. Their conviction and the razor-sharp focus on their mission were very inspiring to watch.
At Together, we are very excited by the passion that founders bring to solving lesser understood problems that impact businesses. Privacy and data protection are areas that are relatively new but definitely important. They also represent a massive business opportunity and are no longer just a good-to-know or good-to-have.
All of these added together, we decided to join Privado on their journey and lead their seed investment with our friends at Emergent Ventures. Within a few months, our friends at Insight and Sequoia also joined in to invest in their Series A round. We are excited about what lies ahead for them, and if data privacy is top of your mind, please reach out to the team here.
— By Manav Garg with inputs from Shivam Kant