Skyflow, which delivers data privacy via an API, raises $45M

Skyflow, a company that make it easier for developers to embed data privacy into their applications, has raised $45 million in a series B round of funding.

Founded in 2019, Skyflow operates at the intersection of two notable technology trends — the API economy and data privacy. As companies transition from monolithic software to a microservices architecture built around smaller, function-based components, APIs (application programming interfaces) are the glue that connects everything together. But as cloud computing continues on its upwards trajectory, businesses face a growing number of data privacy regulations across the globe, putting pressure firmly on software makers to ensure that they are treating their customers’ private information with kid gloves. This has led to scores of investments into startups leading the data privacy charge, with the likes of DataGrailDuality TechnologiesKetch, and all raising sizable sums this year for various privacy-preserving products.

Privacy vaults

Skyflow develops what it calls “privacy vaults” that give developers data security smarts similar to what all the big companies such as Apple, Netflix, or Goldman Sachs offer their customers. Through packaging all this as an API, this positions Skyflow as something akin to Twilio or Stripe — billion-dollar businesses that enable developers to build their own market-leading software without having to develop their own infrastructure from scratch.

“We provide data privacy, security, and compliance as an API, much in the same way Okta provides identity management and Twilio provides telecommunications services,” Skyflow cofounder and CEO Anshu Sharma told VentureBeat. “Companies can simply build our data vault API into their systems and immediately have the same type of data privacy infrastructure leading privacy-centric companies have built for themselves.”

The Palo Alto, California-based company currently offers three core “vaults,” including a general vault for protecting personally identifiable information (PII), and two industry-specific vaults that target the health care and finance sectors. Skyflow also includes a bunch of pre-built integrations out-the-box, including Visa, Experian (credit scores), and Alloy (fraud detection) to support a range of use cases, such as card issuance, card acceptance, customer onboarding, and money transfers — all while ensuring that the company remains compliant with data privacy legislation.

Above: Skyflow fintech data privacy vault

Skyflow had previously raised $25 million, including its $17.5 million series A round last December, and for its series B round the company brought in Insight Partners as lead investor. With another $45 million in the bank, Skyflow is well-financed to embark on a hiring frenzy, with plans to recruit 100 new employees by the end of 2022.

The trust factor

The problem that Skyflow is setting out to solve is one that impacts just about every company in 2021 — how to safely handle customer data without breaching regulations or customer trust.

“Every company today has sensitive data about their customers stored and used in its systems — if the data is compromised, the company faces steep fines and embarrassment, loses customer trust, and then must spend time and money cleaning up the mess,” Sharma said. “Nobody wants to be in the news for a data breach or data misuse — we help companies so they stay out of the headlines for the wrong reasons.”

Underpinning the Skyflow platform is a proprietary “polymorphic encryption engine” that applies different encryption schemes to different types of data, such as Social Security numbers, telephone numbers, and email addresses, which allows businesses to derive value from private information without it ever leaving its encrypted state. Zero-trust security is the name of the game.

“At its core, Skyflow is a data storage for very specific kinds of very sensitive data,” Sharma explained. “Our idea was to secure this data, but also to allow it to be securely used and shareable.”

The “every company is now a software company” mantra is perhaps truer today than it ever has been, but not every company has the resources to maintain a robust data privacy regimen. And the ones that do have the resources won’t necessarily want to develop their data privacy infrastructure from the bottom up.

“Even seemingly simple businesses like selling coffee now have apps, and these apps have ‘order ahead,’ which requires credit card numbers and other data,” Sharma said. “So Starbucks needs the same kind of data protection that banks do. Who’s going to do all this?”