Embedding Privacy into the Software Development Lifecycle

Vaibhav Antil, Prashant Mahajan, and Jasdeep Cheema are ushering in a new era of data privacy with a next-gen ‘privacy by design’ automation platform.

Sidhant Goyal and Abhishek Mohan

Published August 25, 2022 founders

The advent of social media networks in the early innings of the Internet changed consumer privacy forever. As we hurried to sign up and connect with our friends and family online, social networks raced to capture the valuable data generated by every click and every single field of personal data we shared. Our digital lives quickly became more public than anyone had ever anticipated.

A decade ago, governments started to step in to regulate the misuse of personal data. The EU led the way with GDPR (General Data Protection Regulation) and a growing number of countries are now following suit with strict privacy laws that carry big-ticket penalties for businesses that fail to comply. 

An entire industry of privacy software sprang up in the wake of GDPR. The first-gen solutions were typically reactive: they helped companies understand where sensitive data existed in their software systems at any point in time, so they could take requisite measures to resolve obvious violations. Point in time solutions, however, don’t account for the fact that data is constantly in motion, and more personal data will inevitably be written to a particular data sink over time. It’s hard for companies to be proactive about privacy if the underlying code governing the data flow in the software they use is fundamentally in violation of privacy laws.

Today, we’re excited to announce that Sequoia Capital India is co-leading a $14 million Series A round for, a ‘privacy by design’ automation platform that provides developers the tools they need to detect and embed privacy at the earliest state of product development – and throughout software lifecycles.

In the world of security, code analysis helps developers find and fix vulnerabilities. has used the same approach, but has built their AI engine with privacy in mind. Their first product is a source code scanner, integrable in minutes with tools like Github, Gitlab and Bitbucket. It gives engineers and privacy teams instant visibility into personal data usage by their products, detects the specific variables in code that may represent personal data, and identifies the multiple third-party applications and dashboards storing and processing this data. can predict the specific lines of code, and the corresponding downstream data flows, which are in violation of key legislation and plug them at the source, raising a Jira ticket or a GitHub PR comment for developers to take remediative action.

Compared to the first generation of privacy software,’s approach is proactive and permanent: if code is compliant with prevailing legislation, data sinks served by that code will automatically be compliant too. was founded in 2020 by Vaibhav Antil, Prashant Mahajan and Jasdeep Cheema, who are on a mission to shift privacy left into the hands of developers, so that privacy and engineering teams can better collaborate and win the trust of customers. Shift-left is one of the defining trends of our times – nearly every technical function is now moving into the ambit of the developer, who has emerged as the scarcest and most valuable resource in the tech-enabled enterprise. Companies such as Snyk, in security, Datadog and Grafana, in observability, and Hashicorp and Gitlab, in DevOps, have ridden this trend and created incredible market value.

We’ve known Vaibhav, Prashant and Jasdeep for a long time, and have always been deeply impressed by their passion for privacy. Vaibhav, who serves as CEO, comes from a family of lawyers and has a natural empathy for the key stakeholder, the Chief Privacy Officer, who is typically a legal expert. Both he and Jasdeep became closely acquainted with the pain of privacy compliance in the enterprise at their previous roles at Gaana, a corporate music service, which acquired their startup, Jukebox Studio. Prashant, the CTO, spent more than a decade at Pubmatic, a public ad-tech software company, rising through the ranks from software engineer to Senior Director of Engineering, and has immense empathy for the developer. After spending a few years experimenting in privacy software, they arrived at privacy by design as the optimal solution. They steadily built a top-tier product that has attracted a global customer base of senior executives and individual developers – rare for a startup at this stage of evolution.

Given the founders’ passion for the problem, the clear global tailwinds for consumer privacy, and our conviction that shift-left privacy by design is the only real solution to this conundrum, we believe that has a shot at becoming a unique developer-first privacy company. The era of data privacy has just begun, and we are excited by the impact might have in shaping its future.