Evervault raises $3.2M from Sequoia, Kleiner for an API to build apps with privacy baked in

Data privacy for apps is typically part of the purview of compliance teams — a model that isn’t always perfect, judging by the number of breaches and the extensive regulation that’s been (and is still being) put in place to force companies and organizations to behave better. Now, in an effort to improve how apps manage data privacy, a startup called Evervault — founded by a 19-year-old in Dublin, Ireland — is building a data protection solution aimed at developers, by way of an API, which aims to bake data protection into the app from the start.

To help get its product out to market, the company today is announcing that it has raised $3.2 million in seed funding from a high-profile set of investors. Led by Sequoia, the round also includes Kleiner Perkins, Frontline, SV Angel and other unnamed backers.

Ultimately, the aim will be to sell Evervault into any app or piece of software that uses PII (personally identifiable information), to help developers build encrypted “data cages” to handle the information from the moment it’s ingested.

“I believe that once data has been ingested, it should be encrypted and never decrypted again,” founder Shane Curran said in an interview. “There’s a philosophical argument to be made over offering privacy at different levels, but we’re looking at the holistic side of things. If your app gets breached, the data will not leak.”

The investor list in this seed round is impressive, but also all the more notable when you consider that Evervault’s product has yet to be released.

Curran, the company’s CEO — and as of the time of writing, only full-time employee — said in an interview that Evervault’s API has been built, but the startup is still working on how to run it efficiently at scale. The funding will be used to help with that, as well as to hire more people for the team. (There are two others joining Curran soon, he said.)

Evervault’s product is notable because it represents a shift in how companies are approaching data privacy.

“It’s moving away from compliance teams because it should be in products from day one,” said Evervault’s 19-year-old founder, explaining why it’s focusing on developer tools.

“Originally, I thought of how to solve data protection from the developer side as a mathematical problem, but it was only having done the research and getting exposed to others in that space that it became something interesting to me,” he added.

A lot of the early work in building so-called “data cages,” Curran noted, was targeted at “crypto anarchists,” but that idea has evolved as data breaches have grown and the concept of data protection has entered the mainstream consciousness. This has opened up an opportunity to build solutions so that companies can continue to operate online as they do but in a way that your data stays private.

“It should be something more reasonable beyond the idea of ‘companies should never touch our data,’ ” he said. The aim with Evervault, he said, is to make a service more secure with regards to personal data, but in a way that doesn’t compromise the experience for the user, or the app/software company itself.

The idea of building a completely new way of handling data protection, while using a method that will let businesses continue operating as they do, is part of what compelled some of this investment.

“Data is king, and the team at Evervault is on a mission to solve the ‘how’ of ensuring data privacy,” said Mamoon Hamid, partner, Kleiner Perkins. “Their developer-first approach ensures that data privacy becomes part of the development fabric, instead of an afterthought left for compliance to troubleshoot. We’re thrilled to partner with Evervault and help build the new internet infrastructure for data privacy.”

On another level, the idea of baking data protection into the app’s code itself also follows on from a bigger trend in building apps, where components are brought in from outside by way of APIs rather than built from the ground up when they are not part of the team’s core competency, or commoditised processes.

It’s the same model we see when apps with voice interfaces might, for example, use NLP from Amazon rather than building that function in-house; or an e-commerce service integrates a payment API from Stripe for transactions.

The Stripe comparison, it turns out, is relevant in more ways than one.

Curran first conceived of the idea that became Evervault when he was just 17, as the basis of what became his top-prize-winning submission for the BT Young Scientist & Technology Exhibition, an annual competition in Ireland. (His original description of the tech was this: “qCrypt: The quantum-secure, encrypted, data storage platform with multijurisdictional quorum sharding technology.”)

This happened to be the same competition that brought attention to Patrick Collison, Stripe’s co-founder and CEO, who in 2005 also won first prize in the Young Scientist Exhibition, when he was also still a student, for having developed a new computer language, CROMA, as a dialect of LISP to simplify coding.

Putting CROMA to one side, Collison went on to co-found and sell one company, Auctomatic, and then start the extremely successful Stripe.

And that is where the two (for now at least) have diverged. Since winning the competition in 2017, Currant has stayed with his original concept to see how much further he could take it.

Jetting off to the Bay Area to pitch it to what he referred to as the “Irish mafia” in Silicon Valley, one coffee led to another, and, before he knew it, he was meeting with tier-one VCs and angels. They not only convinced him to develop his prize-winning idea into a business, but gave him money to do it.

For the record, Curran did finish high school but told me he spent only “a few days” at university before deciding to take a leave of absence to pursue Evervault.

“Shane has a special combination of clear vision, deep thoughtfulness and insatiable curiosity,” said Stephanie Zhan, partner at Sequoia, in a statement. “We are thrilled to partner with Evervault at the seed, to solve for today’s massive data breaches and build simple developer tools for data privacy.”

It’s a pretty classic Silicon Valley story: gifted, young founder starts out with a curious, pure interest in a subject, has a coding breakthrough, turns entrepreneur to leverage that into a startup, then finds funding and business success.

But as with all stories that follow this essentially fairy-tale format, it glosses over some of the challenges: Curran is still only 19, he’s building a company from scratch and his idea remains, essentially, untested as the product has not launched.

“Imposter syndrome is very real,” Curran said, before backtracking a bit. “I mean, I always knew what I wanted to do, but I would have never thought that Sequoia or the others would invest in me. Very spontaneously, this thing just fell together, but then I think, I couldn’t have done it any better. This does set the bar very high, but I’m not complaining.”