Introduction
Today marks the announcement of Formal's seed funding round, led by Thrive Capital, with backing from Y Combinator, Abstract Ventures, Kima Ventures, and founders from Datadog, ClickHouse, Front, and Alan. The round also includes C-level executives from Rippling, Plaid, Vanta, Checkout.com, and other industry leaders.
This milestone represents more than financial achievement — it validates visionary customers including Gusto, Notion, and Ramp who depend on Formal to safeguard their most sensitive information.
Industry Recognition
Jean-Denis Greze, Former CTO at Plaid, stated: "In a world where success is increasingly defined by one's ability to safely leverage insights and AI, Formal is the leader to help enterprises secure and take action on their data."
Solving the Industry's Most Complex Challenge
Security teams face an escalating infrastructure and data challenge. The past decade witnessed explosive growth in data stores, applications, and data types. Data infrastructure has become increasingly complex, interconnected, and risky. Organizations can inadvertently connect sensitive data to third-party services with minimal friction — requiring only a free trial or credit card.
Security teams must simultaneously protect company data and enable operational productivity, creating inherent friction. Currently, teams attempt resolving this by combining outdated tools with custom code and manual operations.
How It Works
Formal functions as an abstraction layer, consolidating visibility and control of data flows in a single location: the network. Teams can establish data governance policies in one language and enforce them across their entire stack.
The core product is the Formal Connector — a protocol-aware reverse proxy supporting numerous wire protocols including Postgres, MySQL, S3, Snowflake, Kubernetes, and SSH, enabling control down to the packet level.
The Formal Connector deploys rapidly via single Docker image. It automatically logs all user requests and classifies PII/PHI data in transit and at rest. The proxy integrates the Open Policy Agent (OPA) policy engine for granular data controls including dynamic data masking, row-level filtering, and field-level encryption.
This approach decouples policy enforcement from underlying assets, moving it to the network layer for increased scalability and power. Formal enables least-privilege access automatically at row-level, ensuring data flows only for legitimate purposes.
Why Customers Adopt Formal
Visibility without actionability proves useless. Formal builds solutions that resolve problems rather than merely identifying them — it is not another "posture management" tool. This resonates with cutting-edge security and engineering teams who, after evaluating legacy vendors and internal solutions, consistently select Formal for its detailed visibility and control over data location and classification, delivering rapid time-to-value while conserving engineering resources.
Customer Testimonials
Jonathan Aluveaux, Head of Information Systems & Security at Ramp:
"Formal doesn't just give us visibility but allows us to implement granular least privilege with contextual data protection."
Mayank Dhiman, Head of Security Engineering at Notion:
"We found Formal's engineer-first approach to be unmatched in the market. It took us just a few days to secure hundreds of data stores."
Additional Industry Perspectives
Mukund Sarma, Senior Director, Product Security at Chime:
The Formal Connector provides security teams a powerful tool simplifying data security governance across multiple platforms and protocols, significantly reducing resource burden while enhancing efficiency.
Rob Picard, Founder of Observa and Formal Partner:
The Formal team demonstrates thoughtful and rapid product development, consistently deploying the Formal Connector to address varied technical challenges.
What's Next
Organizations prioritizing data security and least-privilege packet-level access should book a demo with Formal engineers to explore implementation. Interested candidates can visit the careers page or contact [email protected] to join the mission.
This represents just the beginning.