Before sharing the map, I would like to quickly touch on the scope of this landscape. My goal is simply to list the B2B tools (SaaS, APIs, SDKs…) which enable businesses to build privacy-friendly & compliant products. This is why you won’t find the myriad of crypto/blockchain projects that aim at replacing existing products with decentralized alternatives (it’s just not the scope of this landscape, I might tackle this aspect later). The map is a work in progress, so don’t hesitate to share with me the companies I have missed directly on Twitter.
I believe that B2B Privacy Tech is a very interesting software category that has a lot of potential. The first reason is obviously the regulations that several governments are growing around privacy (GDPR in Europe, CCPA in California…). I know that a common theme amongst VCs is that regulation such as GDPR hurts startups and benefits big companies:
But I question that, and think:
1. This new regulation actually creates opportunities for startups to build “privacy as a service” products. When I read “compliance costs for US firms estimated at $150b” I don’t see a problem, but rather an opportunity. I also really like this answer from Simon Gu on Twitter:
2. Once this B2B Privacy Tech layer is mature, startups won’t have problems dealing with regulation such as GDPR, and big co won’t have this advantage anymore. Ultimately it will be good for the end-users as well.
3. Finally, I believe the trend toward more privacy-friendly products is going way beyond just regulation. Online privacy is becoming a real issue for which people are more and more educated and demanding. Companies will have no choice but to be more accountable and transparent. Regulation is a symptom, not the cause of this trend.
What. Products in this category help developers encrypt, anonymize or pseudonymize their customers (and other sensitive) data.
Value proposition. Transforming data lowers the risks in case of data breach or data transfer.
- Safer data exchange between partners / services.
- Privacy friendly Machine Learning applied to pseudonymized data sets.
- Safer data transfer (ex: when a user shares his credit card credential online)
A word on Privacy preserving synthetic data (a very interesting field):
Privacy preserving synthetic data consists of entirely artificial and new data points and is guaranteed anonymous, while resembling the statistical properties and structure of the original dataset. It possess the following attributes:
* Properties and statistical information of the original data are mirrored in the synthetic data.
* The data structure of the original data is retained unaltered in the synthetic data.
* It is impossible to identify real individuals in privacy preserving synthetic data.
- KIProtect: “The security layer for Data Science & AI. Enable data-driven teams to easily work with and share sensitive data with guaranteed security and compliance.”
- Statice: “Unlock your data with Statice. Statice allows you to freely work with your customers’ data by securely anonymizing it. This protects your customers and opens up new data-driven opportunities.”
- Very Good Security: “VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.”
- Tonic: “Make data available and secure across your company. Tonic generates realistic synthetic data that looks, feels, and acts like your production data, without any of the scripting, maintenance, or privacy risks.”
- Canopy: “a new personalization architecture for a better internet”
- Tanker: “Tanker is an open-source client SDK that can be embedded in any application. It enables developers to leverage powerful client-side encryption, but without performance loss and assuring a seamless end-user experience.”
- DataFleets: “The World’s Analytics Platform for Private Data. Keep sensitive data safe while simultaneously accelerating data science from idea to production. We Make ML Initiatives Faster & Safer”
- Dropout Labs: “Data Privacy and Artificial Intelligence Working Together. A platform for secure, privacy-preserving machine learning to manage the sensitive, competitive, and regulatory nature of data.”
- Synthesized: “We generate synthetic data that mimics original data, thereby unlocking data’s full potential whilst protecting people’s privacy.”
- Mostly AI: “Go Synthetic! for Big Data Privacy. Unlock your big data assets, while keeping individuals’ privacy 100% safe & secure.”
- Hazy: Hazy generates smart synthetic data that’s safe to use and actually works as a drop in replacement for real data science and analytics workloads.
- Aircloak: Anonymization Solutions for Instant Privacy Compliance. Aircloak Insights is the first GDPR-grade anonymization solution capable of providing high-quality analytics while maintaining strong anonymization.
- Madana: “Unlock the power of data! Use privacy-enhancing technology for secure data analytics.”
Compliance as a Service
What. Companies in this category help businesses comply with regulations such as GDPR and CCPA, particularly on:
- Data Subject Requests (personal data access, rectification and deletion/right to be forgotten).
- Consentment management.
- Access control.
- Data Audit.
- Data breaches report.
Value proposition. The main value propositions of these services are convenience and expertise. Instead of spending time and money developing in-house tools to comply with privacy related requirements, you pay for a product to do the job for you.
Use cases. What’s interesting in this category that you have a myriad of companies with a variety of approaches: from holistic and deeply integrated solutions such as Ethyca, to products which focus on very specific aspects but are lightly integrated to your product such as GDPR Form.
- Ethyca: “End-to-End user data privacy.: Ethyca is Privacy Infrastructure for developer teams to automate compliance with and management of User Data Privacy”
- Metomic: “Data ethics meets design. Compliance shouldn’t mean sacrificing usability. We provide a world-class privacy-by-design API to ethically manage your users’ data.”
- Usermirror: “Reliable services to build privacy-first systems. It’s time to build products that reflect your users without sacrificing their privacy.”
- PrivacyRadius: “Our Intelligent Privacy Platform helps SAAS companies of all sizes protect consumers’ privacy and data rights.”
- Incountry: “InCountry stores your mission critical data in its country of origin without compliance worries”
- TerraTrue: “We’ll soon introduce our Launch Approval tool, which will democratize security and privacy, so that all companies can now seamlessly integrate those core concerns into their product development”
- Datagrail “DataGrail is the only platform purpose-built for sustained data privacy compliance”
- Transcend: ”Transcend’s Data Privacy Infrastructure (DPI) manages your personal data across your distributed data systems and vendors.Our Privacy Center puts your users in the driver’s seat”
- LegalMonster: “Compliance and consent collection made easy. Confused about GDPR and privacy compliance? Legal Monster has your back. Start your privacy journey today and get up and running in no time with our self-service privacy solution.”
- Iubenda: “Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations”
- Segment GDPR Compliance: “Simplify GDPR compliance with Segment. Streamline user deletion and suppression to comply with EU General Data Protection Regulation rights requests.”
- UserCentrics: “Obtain, manage and document consents Your Future-Proof Consent Management Platform”.
Verticalized Privacy Tech
What. The problems and constraints linked to data privacy can be very specific and different from an industry to another, this is why we’ll see verticalized products.
Value proposition: these solutions address the specificities of each industry/field.
- LionX: “LionX provides an SDK that Financial Institutions and FinTechs integrate into their mobile application to help consumers protect their identity and share personal information safely”
- Snip: “Snips provides Private-By-Design, Decentralized Voice Assistant Technology and Solutions.”
- Rectify: Legal Tech. “Rectify enables organizations to safely share data with third parties by automating the removal of sensitive information that is governed by national or foreign regulation“
- MDCLone: “MDClone unlocks healthcare data, enabling limitless exploration, discovery, and collaboration. The future of healthcare is here.”