Baffle's wordmark, rendered against the navy the company itself favors in its brand palette. Santa Clara, California.
A no-code data protection platform that encrypts, masks and tokenizes sensitive data - across databases, cloud warehouses and now the vector stores behind GenAI - without a single line of application code changed.
Baffle sells a promise that sounds almost too simple: encrypt the data, not the perimeter, and a breach stops being a catastrophe.
Founded in 2015 by Ameesh Divatia and Priyadarshan Kolte, Baffle built its business around a single architectural choice - a transparent proxy that sits between an application and its data. Traffic passes through it, gets encrypted, masked or tokenized on the way, and comes out the other side looking exactly like normal data to the application. No code rewrite. No schema migration. No months-long security project that gets deprioritized the moment a product deadline looms.
That decision has let the company track technology shifts without reinventing itself. It started with on-premises and cloud databases - PostgreSQL, MySQL. It followed enterprise data into cloud warehouses like Snowflake and Amazon Redshift. And in 2023 and 2024, it followed data again, this time into the vector embeddings that power GenAI applications, adding protection for pgvector on PostgreSQL so similarity searches keep working even on encrypted data.
Baffle's platform is built on three overlapping techniques, deployed as a "data security mesh" that can be applied selectively - field by field, table by table - depending on what regulation or risk model demands.
Field- and column-level encryption for databases, with Real Queryable Encryption allowing searches and aggregations on encrypted data without decrypting it first.
Sensitive values are replaced with non-sensitive tokens, keeping data usable for testing and analytics while removing the underlying risk.
Role-based access control determines who sees plaintext versus a masked value, applied at the individual data value level.
Baffle's customer base skews toward industries with the least tolerance for a leaked record: financial services, healthcare, manufacturing and telecom. The company names Saxo Bank, Workiva and Miro among its customers, and says its platform protects over 100 billion records across organizations ranging from Fortune 25 companies to small SaaS vendors.
Sensitive data multiplies across databases, warehouses, and now AI pipelines faster than security teams can lock it down - and traditional encryption tools often require rewriting the applications that touch that data.
A proxy-based platform that encrypts, tokenizes or masks data in transit and at rest, with customers keeping control of their own encryption keys (bring-your-own-key), and no changes required to existing application code.
Where competitors like Protegrity and Thales' CipherTrust offer broad data-centric security suites, Baffle leans on its proxy architecture and "protect once, safe anywhere" positioning - a single implementation intended to support multiple encryption keys and deployment scenarios without separate integrations for each. The company also emphasizes speed of deployment, claiming rollout "in hours, not weeks," and holds SOC 2 Type II certification along with AWS Partner Security Competency status.
| Dimension | Baffle | Typical Legacy Approach |
|---|---|---|
| Application changes | None required | Often extensive rewrites |
| Encrypted data queries | Supported (Real Queryable Encryption) | Usually requires decryption first |
| Key control | Bring-your-own-key (BYOK) | Varies by vendor |
| GenAI / vector data | Supported since 2024 | Largely unaddressed |
| Deployment time | Hours (per company claims) | Weeks to months |
Ameesh Divatia and Priyadarshan Kolte found Baffle in Santa Clara to build data-centric encryption for the cloud.
Baffle raises $6 million in Series A financing led by True Ventures and Engineering Capital.
Co-founder and CEO Ameesh Divatia is accepted into the UC Irvine Samueli School of Engineering Hall of Fame.
Baffle closes a $20 million Series B round led by Celesta Capital, bringing total funding to roughly $35 million.
Baffle unveils a data security and compliance solution built specifically for generative AI pipelines.
Baffle extends Real Queryable Encryption to vector databases, including pgvector on PostgreSQL, to secure GenAI embeddings.
Baffle operates as enterprise B2B software, licensed as a subscription and deployed alongside customer infrastructure, frequently through System Integrator partnerships for large rollouts. It sits within the broader data security and privacy category - alongside data masking, tokenization and encryption key management vendors - but positions itself specifically at the intersection of cloud data protection and, increasingly, AI data security.
The founding team's expertise traces to cryptography and enterprise database systems. Divatia has spent his career in security and networking; Kolte brings the database and systems engineering background needed to make a transparent proxy actually perform at enterprise scale. That combination - security thinking paired with deep database internals - is what let Baffle build queryable encryption instead of the more common "encrypt and lock" approach that breaks application functionality.
Baffle builds a no-code data protection platform that encrypts, masks and tokenizes sensitive data across databases, cloud data warehouses and GenAI pipelines without requiring application code changes.
Baffle was founded in 2015 by Ameesh Divatia (CEO) and Priyadarshan Kolte (CTO).
Baffle has raised approximately $35 million total, including a $6 million Series A and a $20 million Series B led by Celesta Capital in August 2021.
Baffle serves enterprises and SaaS companies in financial services, healthcare, manufacturing and telecom, including named customers such as Saxo Bank, Workiva and Miro, and states it protects over 100 billion records.
Baffle uses a transparent proxy architecture and Real Queryable Encryption, letting applications query encrypted data directly and deploy protection in hours without rewriting code, and now extends this to vector databases used in GenAI.