Check out all the on-demand sessions from the Intelligent Security Summit here.

Relyance, a San Francisco, California-based startup developing a real-time codebase analysis platform, today emerged from stealth with $30 million raised across seed and series A rounds from Unusual Ventures and Menlo Ventures. Co-CEOs Leila R. Golchehreh and Abhi Sharma say the funding will be used to expand the company’s engineering and sales teams as well as accelerate Relyance’s go-to-market strategy.

In a modern business, code is responsible for moving, managing, and protecting data. The problem is that code is almost continuously changing. Legal, governance, and compliance teams don’t know from moment to moment what the code is doing and whether it’s meeting regulatory and contractual obligations. The faster the business moves, the larger — and more dangerous — that knowledge gap potentially becomes.

Relyance seeks to bring greater visibility to codebases by leveraging natural language processing and compiler-style source code analysis techniques, enabling the platform to understand the semantics of personal data processing as code is written and pushed in organization. The idea is that data governance can be proactively addressed at design time when a system is being built rather than after the fact, establishing a more cross-functional understanding of an organization’s data operations.

“With Relyance AI, legal and privacy teams can speak code and engineering teams can speak contract. Privacy professionals can see in real time how their organization’s code is handling personal and sensitive data, instead of relying on forms and surveys that quickly go obsolete,” Golchehreh told VentureBeat via email.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

Code analysis

Privacy, governance, and risk management challenges pervade the technology industry. The average company has 534,465 files containing sensitive data. At the same time, just 10% of consumers feel they have total control over their personal information.

Underlining the hurdles to overcome, 57% of senior-level executives rank “risk and compliance” as one of the top two risk categories they feel least prepared to address. Mistakes can be costly — the average company spends $10,000 per employee to cover regulatory expenses, and corporations paid out $15 billion in penalties for U.S. regulatory infractions in 2015 alone.

Golchehreh and Sharma, two longtime friends, sketched out the idea for Relyance over a six-hour lunch in San Francisco at the end of 2019, right before the pandemic hit. Both tech entrepreneurs, Sharma comes from a data science and AI background, while Golchehreh has worked as a lawyer and thought leader building data protection programs at organizations including Workday.

“With the explosion of data, we continue to see privacy and data governance as one of the most challenging problems in modern society that needs a fresh, technology-driven perspective. We’re now reinventing the state of the art on privacy and data governance technology from the ground up, seeking to build a generational, mission-driven company,” Sharma told VentureBeat.

Applying AI

Relyance aims to address the challenges with models that analyze a company’s contracts, policies, and requirements, building a representation to lay out constraints and rules and generate compliance records. The representation captures specific data protection requirements, which act as constraint-solvers against which Relyance compares data flows and processing activities. If there’s a misalignment between any of the requirements and reality, the platform raises this for organizations as an insight.

Relyance connects to code repositories, infrastructure tools, and external vendor APIs, inventorying data assets across internal APIs and third-party systems. The platform generates universal records of processing activities, learning things like data types and categories, the purpose of processing, the basis of transfer, security measures, and processing activities. Relyance can detect missing vendor and data processing agreements, invalidated compliance frameworks in agreements, and missing data categories. Moreover, it can surface key terms like security and inspection of codebases by providing visibility into how personal data is shared between internal services and external vendors.

“Our team has deep machine learning and data protection domain expertise in-house. In addition, we work with experienced lawyers to help train, direct, and label our natural language processing models using real data and underlying privacy and legal documents,” Golchehreh told VentureBeat.

Relyance competes with OneTrust, BigID, Ethyca, DataGrail, and Securiti.AI in the $7.39 billion global risk management market, but Sharma believes its technical, code-based approach and abilities set it apart. Current customers include Dialpad, Patreon, and Samsara as well as other “dozens” of other brands in fintech, communications, and gaming.

“The pandemic has effectively shifted everyone online, and there has been an exponential increase in digitization across every dimension. In that respect, the pandemic has dramatically accelerated the need for Relyance’s solution, which offers visibility and transparency into data flows and processing not only across an organization internally, but also into the countless new tools and technologies adopted at breakneck speed. Nearly every aspect of conducting business has become digital and personal data processing is dramatically increasing, all while privacy laws expand across the U.S. and globally. This means organizations need Relyance AI to help manage their privacy and data-protection programs now more than ever,” Leila said.

Relyance has 31 employees and expects to expand to over 50 by the end of the year.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.