Today, we are excited to announce our seed funding round, led by Thrive Capital, with participation from Y Combinator, Abstract Ventures, Kima Ventures, and the founders of Datadog, ClickHouse, Front, and Alan, as well as C-level executives from Rippling, Plaid, Vanta, Checkout.com, and more
We’re excited to announce our seed funding round led by Thrive Capital with participation from Y Combinator, the founders of Datadog, Clickhouse, including C-level executives from Rippling, Plaid, Vanta and more.
This isn’t just a financial milestone. It’s a recognition of visionary customers like Gusto, Notion and Ramp who trust Formal to protect their most sensitive data and a bet on every customer who will trust us in the future.
“In a world where success is increasingly defined by one’s ability to safely leverage insights and AI, Formal is the leader to help enterprises secure and take action on their data. Formal has the right combination of talent, momentum, and technical insights required to solve this very difficult problem and help reimagine how every business can build incredible products safely on top of their most sensitive information.”
Security teams are confronted with a growing infrastructure and data problem. The last decade saw a Cambrian explosion of data stores, applications, and data types. Data infrastructure has become increasingly complex, interconnected, and risky! It’s easy to connect sensitive data to third-party services without approval—all it takes is a free trial or a credit card.
Security teams are expected to keep the company’s data safe without hindering productivity. This creates friction in their mission: enable the company’s operations, while simultaneously protecting the business. Today, teams try to solve this problem by gluing together outdated and disparate tools with custom code and manual operations.
Like an interface in your favorite programming language, Formal is an abstraction layer that consolidates visibility and control on data flows in a single place: the network. Formal lets teams create data governance policies in a single language and enforces them across their stack. Formal generates consolidated audit logs in a single format and makes identity management across data stores and applications simple and efficient.
The product is a protocol-aware reverse proxy capable of understanding a wide range of wire protocols (such as Postgres, MySQL, S3, Snowflake, Kubernetes, SSH, and more) and enabling granular control down to the packet level. We call it the Formal Connector.
The Formal Connector is fast and easy to deploy—requiring a single Docker image. It automatically logs every request made by users and classifies PII/PHI data in transit and at rest. The proxy integrates the Open Policy Agent (OPA) policy engine, enabling fine-grained data controls including dynamic data masking, row-level filtering, and field-level encryption.
This approach effectively decouples policy enforcement from the underlying asset (whether a data store or application) and brings it to the network layer, making it more scalable and powerful. Formal enables least-privilege on auto-pilot at the row-level, ensuring data flows only for legitimate reasons.
Visibility is great, but if it’s not actionable, it is useless. We are building a product that solves problems, not just identifies them. Formal is not another “posture management” tool, this approach resonates with our customers who are cutting-edge security and engineering teams. After evaluating legacy vendors and in-house solutions, customers consistently choose Formal because we provide the most detailed visibility and control over their data—what it is and where it’s located—delivering the fastest time-to-value and saving months of valuable engineering resources.
“At Ramp, our vendor selection process mirrors our hiring philosophy. We partner with companies with high product velocity that can support the continually evolving challenges that come with growth.
Formal doesn’t just give us visibility but allows us to implement granular least privilege with contextual data protection. This has allowed us to not only consolidate our control stack but fill gaps other legacy products could not.”
“Formal is a perfect fit for Notion. As an engineering-focused security team, we found Formal’s engineer-first approach to be unmatched in the market. We evaluated Formal against both internally built solutions and other vendors, but we decided to go with Formal due to the completeness of the Formal Connector and the speed of deployment. It took us just a few days to secure hundreds of data stores.”
Mukund Sarma – Senior Director, Product Security at Chime
With the Formal Connector, security teams now have a powerful tool that simplifies the complexity of governing data security across various platforms and protocols. Formal’s solution not only enhances efficiency but also significantly reduces the burden on a teams’ resources, making it a game-changer for organizations striving to secure their data in an ever-evolving threat landscape.
Rob Picard – Founder of Observa and Formal Partner
The Formal team consistently surprises me with a thoughtful and speedy product development cycle, and their ability to deploy the Formal Connector to solve new and unexpected use cases. I find myself mentioning the product often, in conversations about a wide range of hard technical problems needing to be solved.
If securing your company’s data and enabling least-privilege access at the packet level—like Gusto, Notion, and Ramp—is a priority, book an demo with one of our engineers to see how Formal can support you.
And if you’re interested in joining us on this mission, visit our careers page or email us at hello@joinformal.com. This is just the beginning.
Learn the platform in less than an hour. Secure your data stack in less than a day.