Peter Yared had an idea to address data localization three years ago. There were not many signs it would become a hot compliance topic, but Yared knew it was only a matter of time.

Back then, data localization laws primarily existed in authoritarian countries, and Yared's colleagues in Silicon Valley did not see the need to store information within a country's borders when one all-encompassing database would do the trick.

Fast-forward to 2019, and a swath of data localization laws have either passed or are in the midst of consideration. Yared spent those past three years turning his idea into InCountry, a solution designed to help organizations comply with those very requirements.

InCountry launched in May and is deployed in 65 countries. The startup announced July 18 that it had raised $15 million in Series A funding from Singapore's Arbor Ventures, Berlin-based Global Founders Capital, and Mubadala from Abu Dhabi. Arbor Ventures Co-Founder and Managing Partner Melissa Guzy will join InCountry's board as part of the deal. The latest round of funding brings the total capital raised by InCountry to $21 million and makes it the latest tech vendor to recently receive millions of dollars from investors.

The startup helps organizations comply with data localization laws by storing regulated information within any country it operates in. Any regulated data generated from a company's applications will be sent and stored in a facility operated by the startup.

"You take the data you want to put in a certain country and it gets encrypted client side," Yared said. "The data is encrypted within your server and then if you say, ‘Put it in China or Russia,’ the SDK takes care of encrypting the data. We use the same level of encryption most people are using for on-disk encryption. Our SDK encrypts at the same level of encryption before it puts it in a foreign country."

In addition to its new round of funding, the startup announced the launch of its InCountry Borders solution, a code-free tool that strips out personally identifiable information from a dataset when it leaves an application and reinserts it when the information enters the country's borders.

Yared compared the push to comply with data localization rules to what companies had to go through to adhere to the Payment Card Industry Data Security Standard. Organizations that had databases filled with credit card numbers and other payment information had to move the data to a solution that was PCI compliant.

The choice to only handle regulated data, such as payment, health and employee information, was a deliberate one made by Yared and InCountry. Yared said the startup only wanted to work with information covered by standards and laws, such as PCI, the U.S. Health Insurance Portability and Accountability Act and their global counterparts. All other forms of information were out of the question.

"A lot of these countries want to look at interpersonal communication, social media posts and the like. It’s just not something we are interested in being in the middle of," Yared said. "If the Chinese government needs to look at your financial transactions stored with us, I don’t have a problem disclosing that under Chinese law and regulation. I would have a problem disclosing people’s text messages. Ethically, it’s the line we’ve drawn for the company that makes us comfortable operating globally and helping multinationals be compliant in each country." 

Launching a global enterprise is not an easy task, Yared admits. In order for it all to work, InCountry had to buy each data facility, go through the legal work to ensure data localization laws are met, and make sure everyone on vendor chain is ISO, SOC 2 and PCI certified. 

Yared said one of InCountry's strengths is its thorough vendor examination, as the startup does not only vet its own vendors, but also vendor's vendors, as well. It is a time-consuming process for any organization to undertake and one Yared wants InCountry to take on in order to build a relationship of trust with its users.

"The time to vet vendors and re-vet them is very time consuming. If you need to light up a country for business reasons, it could take six months to go through legal, compliance, vendors and risk management. It’s expensive, time consuming and unpredictable," Yared said. "We are doing that work in each of these countries. We are asking people to store regulated data with us, and then it’s likely only with us. Even though we are a startup, we are a compliance and hosting company. That’s what we do. We take it very seriously."

Yared believes the $15 million in funding it received will help InCountry achieve its goals and make its work easier. he said the investment will help the startup hire more staff and continue to grow on an international level. Part of that includes the opening of regional offices in Berlin, Singapore and Abu Dhabi.

"We are a global company with a global perspective, so it was interesting that it was three global enterprises that funded the company this round and very quickly after our launch," Yared said. "We are pretty excited about it."

Yared wants InCountry to grow in conjunction with the data localization landscape. He said the eventual goal is to service more than 200 countries. The regional offices are part of a vision for InCountry that involves learning about the countries in which they operate.

"InCountry isn’t just a name. It’s the thesis of the company," Yared said. "As we go into particular countries, especially the ones we are going into deeply, we want to partner with regulators, local law firms and have people on the ground that understand the market."

Photo courtesy of InCountry.