Andre
Ferraz

Your Phone Knows Where You Live. Andre Ferraz Turned That Into a Business.

There is a building in Recife, Brazil - on a campus of the Federal University of Pernambuco - where Andre Ferraz and eight classmates decided, as a student project, to build a company. Not an app. Not a side hustle. A company. That was 2011. The company they built, In Loco Media, would go on to map six million indoor venues, capture 250 billion location data points every month, and get acquired by Magazine Luiza - Brazil's equivalent of Amazon-meets-Walmart - before Ferraz turned 35.

Most founders would have called that a career. Ferraz called it a foundation.

The pivot to Incognia started during COVID-19, when In Loco Media's advertising revenue - built on telling brands where people were shopping - evaporated overnight. But Ferraz's decade of location technology didn't evaporate with it. He had something no one else had: a machine that understood where a phone sleeps, commutes, works, and spends weekends. He had behavioral fingerprints of hundreds of millions of devices. The only question was what else those fingerprints were worth.

The answer, it turned out, was fraud prevention. Specifically: the kind of fraud that happens when someone uses your bank account from a device registered to a location they've never visited, at 3am, through a GPS-spoofed connection. The kind that passwords can't catch because passwords don't know where you are.

Zero-Factor Authentication: The Security That Doesn't Ask

Ferraz's central bet is something he calls zero-factor authentication. The concept is blunt: the best security check is one that never interrupts the user. No SMS code. No fingerprint prompt. No "are you sure this is you?" pop-up. Incognia runs passively in the background of a mobile app, reading location signals from GPS, Wi-Fi networks, Bluetooth beacons, and dozens of other sources, and makes a continuous probabilistic judgment: does this device's behavior match the behavior of the legitimate account holder?

The insight is harder to implement than it sounds. Location data is notoriously noisy. Fraudsters are sophisticated: GPS spoofing tools, emulator farms, and device cloning can fake basic location signals. Ferraz's edge is that Incognia doesn't rely on a single signal. It reads the entire environment - which Wi-Fi networks a device has seen, how indoor positioning signals cluster, what the movement cadence looks like at a granular level - and builds a signature that's far harder to replicate than a coordinate.

Incognia's ELF technology (Environment Linked to Fraud) takes this further, flagging devices that have been physically present in locations historically associated with fraud rings - even if the device itself appears clean. A fraudster operating from an apartment full of SIM farms eventually leaves a geographic trace. Incognia reads it.

The Metrics That Closed the Series B

In January 2024, Ferraz closed a $31 million Series B led by Bessemer Venture Partners, with participation from FJ Labs and existing investors Point72 Ventures, Prosus, and Valor Capital. The round didn't require a business-model pitch. It required a growth chart. Since the Series A in mid-2022, Incognia had tripled revenue. Net revenue retention hit 200%. Every single company that ran a trial converted to paid. Investors at Bessemer described it as a demand signal they couldn't ignore.

The customers using Incognia operate in the verticals where digital fraud is most expensive: food delivery platforms (where fake accounts claim promotions at scale), ride-sharing apps (where GPS spoofing lets drivers fake their location), peer-to-peer marketplaces, and financial services companies trying to stop account takeover before a single dollar moves.

From Recife to Palo Alto, With a Stop at Magazine Luiza

Ferraz's origin story is less Silicon Valley mythology and more Brazilian pragmatism. He grew up in Recife, in Brazil's northeast, and studied computer science at the Federal University of Pernambuco - one of Brazil's strongest technical universities. The company he and eight classmates built as a student project wasn't a product demo. They were trying to solve something real: the maps that told you how to navigate inside a shopping mall or airport were, at that point, essentially nonexistent. GPS doesn't work indoors.

In Loco Media's answer was to use Wi-Fi and Bluetooth signals to create indoor positioning - and then monetize that data for advertisers who wanted to know when their target customer was standing twenty feet from a competitor's store. By 2015, Cannes Lions recognized them as one of the ten most promising advertising startups in the world. By 2018, they had raised a $20 million Series B and were sitting on 60 million unique users and a dataset no one else had built.

The Magazine Luiza acquisition in 2020 was not a failure. It was a liquidity event during a global crisis for a team that had spent nine years building something hard. Ferraz walked away with the most valuable asset from that decade: a clear-eyed understanding of exactly what location data could do when it was taken seriously.

The Incognia ID and What Comes Next

In April 2025, Incognia launched Incognia ID - described as a new standard for fraud prevention that combines app security, device identity, and location intelligence into a single unified signal. The headline number: 17 times the performance of facial recognition for fraud detection use cases.

The claim deserves scrutiny. Facial recognition has been the premium signal in digital identity verification for years - trusted by banks, regulated by governments, cited in compliance documentation. The argument Ferraz is making is that faces don't tell you enough. A face tells you who is holding the phone. Location behavior tells you whether the phone is actually operating the way it does when the real owner is using it. For the specific problem of account takeover fraud, that distinction is the difference between catching and missing the attack.

The company has expanded into iGaming, banking, insurance, and logistics - anywhere that the combination of mobile access and high-value transactions creates fraud pressure. With 220 employees and offices in Palo Alto, New York, and Brazil, Incognia operates with the DNA of a company that has already built once and knows what scaling actually requires.

The Privacy Paradox at the Heart of It All

The obvious objection to a location-identity company is the one about privacy. Ferraz has been asked this question at Money20/20, in Authority Magazine, in FindBiometrics interviews, and on the Latitud podcast. His answer is consistent: Incognia does not record what users do or where they go in a way that is stored or shared. The system reads the signals needed to build a behavioral profile and matches against that profile. The data stays on-device where possible. The goal is not surveillance. The goal is a silent confirmation that this device is behaving the way it always does.

Whether that distinction fully satisfies privacy advocates is a debate worth having. What it does do is give Ferraz a coherent answer to the question that every enterprise security buyer asks first: can I deploy this without creating a new liability? The fact that Incognia runs on Vanta, has ISO certification in progress, and uses Varonis for GDPR pattern compliance suggests they are at least asking the right questions about their own infrastructure.

Ferraz has described his broader ambition as wanting to "create a movement around privacy" - a phrase that would sound like marketing from most founders but has some structural meaning here. A company whose core product works by not collecting the data you might expect it to collect has a business-model incentive to take privacy seriously. The less Incognia knows about what users do, the more powerful its argument that it isn't a liability.

Career Timeline

Keywords & Topics