Personal blog of Yzmir Ramirez

Relyance AI, an early-stage startup that is helping companies stay in compliance with privacy laws at the code level, announced a $25 million Series A today. At the same time, they revealed a previously unannounced $5 million seed round.

Menlo Ventures and Unusual Ventures led the A round, while Unusual was sole lead on the seed. Serial entrepreneur Jyoti Bansal from Unusual will join the board under the terms of the deal. His partner John Vrionis had previously joined after the seed round. Matt Murphy from Menlo is coming on as a board observer. The company has now raised $30 million.

Relyance takes an unusual approach to verifying that data stays in compliance working at the code level, while ingesting contracts and existing legal requirements as code to ensure that a company is in compliance. Company co-CEO and co-founder Abhi Sharma says that code-level check is key to the solution. “For the first time, we are building the legal compliance and regulation into the source code,” Sharma told me.

He added, “Relyance is actually embedded within the DevOps pipeline of our customers’ infrastructure. So every time a new ETL pipeline is built or a machine learning model is receiving new source code, we do a compiler-like analysis of how personal sensitive data is flowing between internal microservices, data lakes and data warehouses, and then get a metadata analysis back to the privacy and compliance professionals [inside an organization].”

Leila R. Golchehreh, the other founder and co-CEO, brings a strong compliance background to the equation and has experienced the challenge of keeping companies in compliance firsthand. She said that Relyance also enables companies to define policy and contracts as code.

“Our approach is specifically to ingest contracts. We’ve actually created an algorithm around how [you] actually write a good data protection agreement. We’ve extracted those relevant provisions and we will compare that against [your] operational reality. So if there’s a disconnect, we will be able to raise that as an intelligent insight of a data misalignment,” she said.

With 32 employees, the co-founders hope to double or perhaps even triple that number in the next 12-18 months. Golchehreh and Sharma are a diverse co-founder team and they are attempting to build a company that reflects that. They believe being remote-first gives them a leg up in this regard, but they also have internal policies to drive it.

“The recruiters we work with have a mandate internally to say, ‘Hey, we really want to hire good people and diverse people.’ Relyance as a company is the genesis of two individuals from two completely different ends of the spectrum coming together. And I think hopefully, we can do our job of relaying that into the company as we scale,” Sharma said.

The two founders have been friends for several years and began talking about forming a company together in 2019 over a pizza dinner. The idea began to gel and they launched the company in February 2020. They spent some time talking to compliance pros to understand their requirements better, then in July 2020 began building the solution they have today. They released a beta in February and began quietly selling it in March.

Today they have a number of early customers working with their software, including Dialpad, Patreon, Samsara and True.

DataGrail, a startup that helps customers understand where their data lives in order to help comply with a growing body of privacy regulations, announced a $30 million Series B today.

Felicis Ventures led the round with help from Basis Set Ventures, Operator Collective and previous investors. One of the interesting aspects of this round was the participation from several strategic investors including HubSpot, Okta and Next47, the venture firm backed by Siemens. The company has now raised over $39 million, according to Crunchbase data.

That investor interest could stem from the fact that DataGrail helps organizations find data by building connectors to popular applications and then helps ensure that they are in compliance with customer privacy regulations such as GDPR, CCPA and similar laws.

“DataGrail [is really] the first integrated solution with over 900 integrations (up from 180 in 2019) to different apps and infrastructure platforms that allow the product to detect when new apps or new infrastructure platforms are added, and then also perform automated data discovery across those applications,” company CEO and co-founder Daniel Barber explained to me. This helps users find customer data wherever it lives and enables them to comply with legal requirements to manage and protect that data.

Victoria Treyger, general partner at lead investors Felicis Ventures says that one of the things that attracted her to DataGrail was that she had to help implement GDPR regulations at a previous venture and felt the pain first hand. She said that her firm tends to look for startups in large markets where the product or service being offered is a critical need, rather an option, and she believes that DataGrail is an example of that.

“I really liked the fact that privacy management is such a hard problem, and it is not optional. As a business, you have to manage privacy requests, which you may do manually or you may do it with a solution like DataGrail,” Treyger told me.

HubSpot’s Andrew Lindsay, who is SVP of corporate and business development, says his company is both a customer and an investor because DataGrail is helping HubSpot customers navigate the complexity of privacy regulation. “DataGrail’s unique ecosystem approach, where they are integrating with key Saas and business applications is an easy way for many of our joint customers to protect their customers’ privacy,” Lindsay said.

The company has 40 employees today with plans to grow to 90 or 100 by the end of this year. It’s worth noting that Treyger is joining the Board, which already has 3 other women. That shows shows a commitment to gender diversity at the board level that is not typical for startups.

OneTrust, the four-year-old privacy platform startup from the folks who brought you AirWatch (which was acquired by VMmare for $1.5 billion in 2014), announced a $300 million Series C on an impressive $5.1 billion valuation today.

The company has attracted considerable attention from investors in a remarkably short time. It came out of the box with a $200 million Series A on a $1.3 billion valuation in July 2019. Those are not typical A round numbers, but this has never been a typical startup. The Series B was more of the same — $210 million on a $2.7 billion valuation this past February.

That brings us to today’s Series C. Consider that the company has almost doubled its valuation again, and has raised $710 million in a mere 18 months, some of it during a pandemic. TCV led today’s round joining existing investors Insight Partners and Coatue.

So what are they doing to attract all this cash? In a world where privacy laws like GDPR and CCPA are already in play, with others in the works in the U.S. and around the world, companies need to be sure they are compliant with local laws wherever they operate. That’s where OneTrust comes in.

“We help companies ensure that they can be trusted, and that they make sure that they’re compliant to all laws around privacy, trust and risk,” OneTrust Chairman Alan Dabbiere told me.

That involves a suite of products that the company has already built or acquired, moving very quickly to offer a privacy platform to cover all aspects of a customer’s privacy requirements, including privacy management, discovery, third-party risk assessment, risk management, ethics and compliance and consent management.

The company has already attracted 7,500 customers to the platform — and is adding1,000 additional customers per quarter. Dabbiere says that the products are helping them be compliant without adding a lot of friction to the building or buying process. “The goal is that we don’t slow the process down, we speed it up. And there’s a new philosophy called privacy by design,” he said. That means building privacy transparency into products, while making sure they are compliant with all of the legal and regulatory requirements.

The startup hasn’t been shy about using its investments to buy pieces of the platform, having made four acquisitions already in just four years since it was founded. It already has 1,500 employees and plans to add around 900 more in 2021.

As they build this workforce, Dabbiere says being based in a highly diverse city like Atlanta has helped in terms of building a diverse group of employees. “By finding the best employees and doing it in an area like Atlanta, we are finding the diversity comes naturally,” he said, adding, “We are thoughtful about it.” CEO Kabir Barday also launched a diversity, equity and inclusion council internally this past summer in response to the Black Lives Matter movement happening in the Atlanta community and around the country.

OneTrust had relied heavily on trade shows before the pandemic hit. In fact, Dabbiere says that they attended as many as 700 a year. When that avenue closed as the pandemic hit, they initially lowered their revenue guidance, but as they moved to digital channels along with their customers, they found that revenue didn’t drop as they expected.

He says that OneTrust has money in the bank from its prior investments, but they had reasons for taking on more cash now anyway. “The number one reason for doing this was the currency of our stock. We needed to revalue it for employees, for acquisitions, and the next steps of our growth,” he said.

BigID has been on the investment fast track, raising $94 million over three rounds that started in January 2018. Today, that investment train kept rolling as the company announced a $70 million Series D on a valuation of $1 billion.

Salesforce Ventures and Tiger Global co-led the round with participation from existing investors Bessemer Venture Partners, Scale Venture Partners and Boldstart Ventures. The company has raised almost $165 million in just over two years.

BigID is attracting this kind of investment by building a security and privacy platform. When I first spoke to CEO and co-founder Dimitri Sirota in 2018, he was developing a data discovery product aimed at helping companies coping with GDPR find the most sensitive data, but since then the startup has greatly expanded the vision and the mission.

“We started shifting I think when we spoke back in September from being this kind of best of breed data discovery privacy to being a platform anchored in data intelligence through our kind of unique approach to discovery and insight,” he said.

That includes the ability for BigID and third parties to build applications on top of the platform they have built, something that might have attracted investor Salesforce Ventures. Salesforce was the first cloud company to offer the ability for third parties to build applications on its platform and sell them in a marketplace. Sirota says that so far their marketplace includes just apps built by BigID, but the plan is to expand it to third-party developers in 2021.

While he wasn’t ready to talk about specific revenue growth, he said he expects a material uplift in revenue for this year, and he believes that his investors are looking at the vast market potential here.

He has 235 employees today with plans to boost it to 300 next year. While he stopped hiring for a time in Q2 this year as the pandemic took hold, he says that he never had to resort to layoffs. As he continues hiring in 2021, he is looking at diversity at all levels from the makeup of his board to the executive level to the general staff.

He says that the ability to use the early investments to expand internationally has given them the opportunity to build a more diverse workforce. “We have staff around the world and we did very early […] so we do have diversity within our broader company. But clearly not enough when it came to the board of directors and the executives. So we realized that, and we are trying to change that,” he said.

As for this round, Sirota says like his previous rounds in this cycle he wasn’t necessarily looking for additional money, but with the pandemic economy still precarious, he took it to keep building out the BigID platform. “We actually have not purposely gone out to raise money since our seed. Every round we’ve done has been preemptive. So it’s been fairly easy,” he told me. In fact, he reports that he now has five years of runway and a much more fully developed platform. He is aiming to accelerate sales and marketing in 2021.

The company’s previous rounds included a $14 million Series A in January 2018, a $30 million B in June that year and a $50 million C in September 2019.

GDPR and other data protection and privacy regulations — as well as a significant (and growing) number of data breaches and exposées of companies’ privacy policies — have put a spotlight on not just the vast troves of data that businesses and other organizations hold on us, but also how they handle it. Today, one of the companies helping them cope with that data in a better and legal way is announcing a huge round of funding to continue that work. Collibra, which provides tools to manage, warehouse, store and analyse data troves, is today announcing that it has raised $112.5 million in funding, at a post-money valuation of $2.3 billion.

The funding — a Series F, from the looks of it — represents a big bump for the startup, which last year raised $100 million at a valuation of just over $1 billion. This latest round was co-led by ICONIQ Capital, Index Ventures, and Durable Capital Partners LP, with previous investors CapitalG (Google’s growth fund), Battery Ventures, and Dawn Capital also participating.

Collibra was originally a spin-out from Vrije Universiteit in Brussels, Belgium and today it works with some 450 enterprises and other large organizations. Customers include Adobe, Verizon (which owns TechCrunch), insurers AXA and a number of healthcare providers. Its products cover a range of services focused around company data, including tools to help customers comply with local data protection policies and store it securely, and tools (and plug-ins) to run analytics and more.

These are all features and products that have long had a place in enterprise big data IT, but they have become increasingly more used and in-demand both as data policies have expanded, as security has become more of an issue, and as the prospects of what can be discovered through big data analytics have become more advanced.

With that growth, many companies have realised that they are not in a position to use and store their data in the best possible way, and that is where companies like Collibra step in.

“Most large organizations are in data chaos,” Felix Van de Maele, co-founder and CEO, previously told us. “We help them understand what data they have, where they store it and [understand] whether they are allowed to use it.”

As you would expect with a big IT trend, Collibra is not the only company chasing this opportunity. Competitors include Informatica, IBM, Talend, and Egnyte, among a number of others, but the market position of Collibra, and its advanced technology, is what has continued to impress investors.

“Durable Capital Partners invests in innovative companies that have significant potential to shape growing industries and build larger companies,” said Henry Ellenbogen, founder and chief investment officer for Durable Capital Partners LP, in a statement (Ellenbogen is formerly an investment manager a T. Rowe Price, and this is his first investment in Collibra under Durable). “We believe Collibra is a leader in the Data Intelligence category, a space that could have a tremendous impact on global business operations and a space that we expect will continue to grow as data becomes an increasingly critical asset.”

“We have a high degree of conviction in Collibra and the importance of the company’s mission to help organizations benefit from their data,” added Matt Jacobson, general partner at ICONIQ Capital and Collibra board member, in his own statement. “There is an increasing urgency for enterprises to harness their data for strategic business decisions. Collibra empowers organizations to use their data to make critical business decisions, especially in uncertain business environments.”

Almost exactly 4 months to the day after BigID announced a $50 million Series C, the company was back today with another $50 million round. The Series C extension came entirely from Tiger Global Management. The company has raised a total of $144 million.

What warrants $100 million in interest from investors in just four months is BigID’s mission to understand the data a company has and manage that in the context of increasing privacy regulation including GDPR in Europe and CCPA in California, which went into effect this month.

BigID CEO and co-founder Dimitri Sirota admits that his company formed at the right moment when it launched in 2016, but says he and his co-founders had an inkling that there would be a shift in how governments view data privacy.

“Fortunately for us, some of the requirements that we said were going to be critical, like being able to understand what data you collect on each individual across your entire data landscape, have come to [pass],” Sirota told TechCrunch. While he understands that there are lots of competing companies going after this market, he believes that being early helped his startup establish a brand identity earlier than most.

Meanwhile, the privacy regulation landscape continues to evolve. Even as California privacy legislation is taking effect, many other states and countries are looking at similar regulations. Canada is looking at overhauling its existing privacy regulations.

Sirota says that he wasn’t actually looking to raise either the C or the D, and in fact still has B money in the bank, but when big investors want to give you money on decent terms, you take it while the money is there. These investors clearly see the data privacy landscape expanding and want to get involved. He recognizes that economic conditions can change quickly, and it can’t hurt to have money in the bank for when that happens.

That said, Sirota says you don’t raise money to keep it in the bank. At some point, you put it to work. The company has big plans to expand beyond its privacy roots and into other areas of security in the coming year. Although he wouldn’t go into too much detail about that, he said to expect some announcements soon.

For a company that is only four years old, it has been amazingly proficient at raising money with a $14 million Series A and a $30 million Series B in 2018, followed by the $50 million Series C last year, and the $50 million round today. And Sirota said, he didn’t have to even go looking for the latest funding. Investors came to him — no trips to Sand Hill Road, no pitch decks. Sirota wasn’t willing to discuss the company’s valuation, only saying the investment was minimally diluted.

BigID, which is based in New York City, already has some employees in Europe and Asia, but he expects additional international expansion in 2020. Overall the company has around 165 employees at the moment and he sees that going up to 200 by mid-year as they make a push into some new adjacencies.

The customer data platform (CDP) is the newest tool in the customer experience arsenal as big companies try to help customers deal with data coming from multiple channels. Today, Adobe announced the general availability of its CDP.

The CDP is like a central data warehouse for all the information you have on a single customer. This crosses channels like web, email, text, chat and brick and mortar in-person visits, as well as systems like CRM, e-commerce and point of sale. The idea is to pull all of this data together into a single record to help companies have a deep understanding of the customer at an extremely detailed level. They then hope to leverage that information to deliver highly customized cross-channel experiences.

The idea is to take all of this information and give marketers the tools they need to take advantage of it. “We want to make sure we create an offering that marketers can leverage and makes use of all of that goodness that’s living within Adobe Experience platform,” Nina Caruso, product marketing manager for Adobe Audience Manager, explained.

She said that would involve packaging and presenting the data in such a way to make it easier for marketers to consume, such as dashboards to deliver the data they want to see, while taking advantage of artificial intelligence and machine learning under the hood to help them find the data to populate the dashboards without having to do the heavy lifting.

Beyond that, having access to real-time streaming data in one place under the umbrella of the Adobe Experience Platform should enable marketers to create much more precise market segments. “Part of real-time CDP will be building productized primo maintained integrations for marketers to be able to leverage, so that they can take segmentations and audiences that they’ve built into campaigns and use those across different channels to provide a consistent customer experience across that journey life cycle,” Caruso said.

As you can imagine, bringing all of this information together, while providing a platform for customization for the customer, raises all kinds of security and privacy red flags at the same time. This is especially true in light of GDPR and the upcoming California privacy law. Companies need to be able to enforce data usage rules across the platform.

To that end, the company also announced the availability of Adobe Experience Platform Data Governance, which helps companies define a set of rules around the data usage. This involves “frameworks that help [customers] enforce data usage policies and facilitate the proper use of their data to comply with regulations, obligations and restrictions associated with various data sets,” according to the company.

“We want to make sure that we offer our customers the controls in place to make sure that they have the ability to appropriately govern their data, especially within the evolving landscape that we’re all living in when it comes to privacy and different policies,” Caruso said.

These tools are now available to Adobe customers.

With the EU’s sweeping GDPR privacy laws and the upcoming California Consumer Privacy ACT (CCPA), companies have to figure out how to deal with keeping private data private — or face massive fines. Segment announced a new Privacy Portal today that could help companies trying to remain in compliance.

Segment CEO and co-founder Peter Reinhardt says companies have built a false dichotomy between personalization and privacy, and he says that it doesn’t have to be that way. “We’ve noticed that a lot of companies feel this tension between privacy and growth. They basically see a paradox between being either privacy-respectful versus providing a very personalized experience,” he said.

The new Privacy Portal is designed to be a central place where customers can sort their data in an automated way and create an inventory of what data they have inside the company. “By introducing a single point of collection for all the data, it creates a choke point on the data collection to allow you to actually govern that, a single place to inspect, monitor, alert and have an inventory of all the data that you’re collecting, so that you can ensure that it’s compliant, and so that you can ensure that you’ve got consent, and all of those things,” he said.

The way this works is that as the data comes into the portal, it automatically gets put into a bucket based on the level of concern about it. “We are basically giving customers monitoring and a consolidated view over all of the different data points that are coming in. So we have matches that basically look for things that might be PII, and we automatically grade most of them with green, yellow or red in terms of the level of potential concern,” Reinhardt explained.

On top of that, companies can apply policies, based on the grades, say letting anything that’s green or yellow through, but preventing any red data (PII) from being shared with other applications.

In addition, to make sure that the product can connect to as many marketing tools as possible to get the most complete data picture, the company is releasing a new feature called Functions, which lets customers build their own custom data connectors. With thousands of marketing technology tools, it’s impossible for Segment to build connectors for all of them. Functions lets companies build custom connectors in a low-code way in instances where Segment doesn’t provide it out of the box.

The two tools are available to Segment customers starting today.

It turns out GDPR was just the tip of the privacy iceberg. With California’s privacy law coming on line January 1st and dozens more in various stages of development, it’s clear that governments are taking privacy seriously, which means companies have to as well. New York-startup BigID, which has been developing a privacy platform for the last several years, finds itself in a good position to help. Today, the company announced a $50 million Series C.

The round was led by Bessemer Venture Partners with help from SAP.io Fund, Comcast Ventures, Boldstart Ventures, Scale Venture Partners and ClearSky. New investor Salesforce Ventures also participated. Today’s investment brings the total raised to over $96 million, according to Crunchbase.

In addition to the funding, the company is also announcing the formation of a platform of sorts, which will offer a set of privacy services for customers. It includes data discovery, classification and correlation. “We’ve separated the product into some constituent parts. While it’s still sold as a broad-based solution, it’s much more of a platform now in the sense that there’s a core set of capabilities that we heard over and over that customers want,” CEO and co-founder Dimitri Sirota told TechCrunch.

He says that these capabilities really enables customers to see connections in the data across a set of disparate data sources. “There are a lot of products that do the request part, but there’s nobody that’s able to look across your entire data landscape, the hundreds of petabytes, and pick out the data in Salesforce, Workday, AWS, mainframe, and all these places you could have data on [an individual], and show how it’s all tied together,” Sirota explained.

It’s interesting to see the mix of strategic investors and traditional venture capitalists who are investing in the company. The strategics in particular see the privacy landscape as well as anyone, and Sirota says it’s a case of privacy mattering more than ever and his company providing the means to navigate the changing landscape. “Consumers care about privacy, which means legislators care about it, which ultimately means companies have to care about it,” he said. He added, “Strategics, whether they are companies that collect personal data or those that sell to those companies, therefore have an interest in BigID .”

The company has been growing fast and raising money quickly to help it scale to meet demand. Starting in January 2018, it raised $14 million. Just six months later, it raised another $30 million and you can tack on today’s $50 million. Sirota says having money in the bank and seeing these investments helps give enterprise customers confidence that the company is in this for the long haul.

Sirota wouldn’t give an exact valuation, only saying that while the company is not a unicorn, the valuation was a “robust number.” He says the plan now it to keep expanding the platform, and there will be announcements coming soon around partnerships, customers and new capabilities.

Sirota will be appearing at TechCrunch Sessions: Enterprise on September 5th at 11 am on the panel, Cracking the Code: From Startup to Scaleup in Enterprise Software.

As privacy regulations like GDPR and the California Consumer Privacy Act proliferate, more startups are looking to help companies comply. Enter Preclusio, a member of the Y Combinator Summer 2019 class, which has developed a machine learning-fueled solution to help companies adhere to these privacy regulations.

“We have a platform that is deployed on-prem in our customer’s environment, and helps them identify what data they’re collecting, how they’re using it, where it’s being stored and how it should be protected. We help companies put together this broad view of their data, and then we continuously monitor their data infrastructure to ensure that this data continues to be protected,” company co-founder and CEO Heather Wade told TechCrunch.

She says that the company made a deliberate decision to keep the solution on-prem. “We really believe in giving our clients control over their data. We don’t want to be just another third-party SaaS vendor that you have to ship your data to,” Wade explained.

That said, customers can run it wherever they wish, whether that’s on-prem or in the cloud in Azure or AWS. Regardless of where it’s stored, the idea is to give customers direct control over their own data. “We are really trying to alert our customers to threats or to potential privacy exceptions that are occurring in their environment in real time, and being in their environment is really the best way to facilitate this,” she said.

The product works by getting read-only access to the data, then begins to identify sensitive data in an automated fashion using machine learning. “Our product automatically looks at the schema and samples of the data, and uses machine learning to identify common protected data,” she said. Once that process is completed, a privacy compliance team can review the findings and adjust these classifications as needed.

Wade, who started the company in March, says the idea formed at previous positions where she was responsible for implementing privacy policies and found there weren’t adequate solutions on the market to help. “I had to face the challenges first-hand of dealing with privacy and compliance and seeing how resources were really taken away from our engineering teams and having to allocate these resources to solving these problems internally, especially early on when GDPR was first passed, and there really were not that many tools available in the market,” she said.

Interestingly Wade’s co-founder is her husband, John. She says they deal with the intensity of being married and startup founders by sticking to their areas of expertise. He’s the marketing person and she’s the technical one.

She says they applied to Y Combinator because they wanted to grow quickly, and that timing is important with more privacy laws coming online soon. She has been impressed with the generosity of the community in helping them reach their goals. “It’s almost indescribable how generous and helpful other folks who’ve been through the YC program are to the incoming batches, and they really do have that spirit of paying it forward,” she said.