The company that stopped taking your data policy at its word - and started reading the code instead.
Here is a fact that should make any general counsel slightly nauseous: most large companies do not actually know where their data is. They have a privacy policy, which is a document. And they have data, which is a river. The document says the river flows one way. The river, being a river, does whatever it wants - into a third-party analytics tool here, a forgotten export there, a training set for some model nobody remembers approving. The gap between the two is where fines, breaches, and awkward regulator phone calls live.
Relyance AI, founded in San Francisco in 2020, is a company built almost entirely around closing that gap. Its founders make an unusual pair. Abhi Sharma, the CEO, is an engineer - MIT and Carnegie Mellon, a stint at AppDynamics, then co-founder of an edge-AI company called FogHorn that Johnson Controls bought in 2022. Leila Golchehreh is a lawyer - senior counsel at Workday and at the self-driving startup Cruise. One of them knows how data actually moves through code. The other knows what a contract legally requires that movement to be. The company is, in a real sense, the argument those two backgrounds would have.
The product does something that sounds obvious and turns out to be technically hard. It scans an organization's data sources - third-party apps, cloud environments, code repositories, and increasingly AI models - and builds a live inventory and map of where data actually goes. Then it reconciles that map against three things: the customer agreements the company signed, the privacy regulations it's subject to, and the compliance frameworks it claims to follow. When the map and the promises disagree, Relyance AI is the thing that notices.
“Real-time visibility into how and where data is being used compared to customer agreements, global privacy regulations, and compliance frameworks.”
The reason this is hard is the reason it's valuable. Most governance tools ask a company to describe itself - fill in the questionnaire, tag the databases, self-report. Relyance AI's bet, from early on, was that self-reporting is exactly the part you can't trust, so it reads the source code instead. The data map is derived from the systems, not from a form someone filled out under deadline pressure. That is a harder engineering problem and a much better product, because it measures what a company does rather than what it says.
Relyance AI started in privacy compliance and has been steadily following its own logic into AI security. If you can trace where data goes, you can also tell who touched it, why, and whether an AI model ate something it shouldn't have.
Scans third-party apps, cloud, code, and AI models to build a live data inventory and map, then reconciles it against contracts, regulations, and frameworks. The core product.
Traces a piece of data from source code through cloud infrastructure to an AI model, connecting sensitivity, identity permissions, and system behavior in real time.
Correlates data sensitivity, who has access, and how AI agents behave to surface compounding threats that isolated tools tend to miss entirely.
Automates data inventories, RoPAs, DPIAs, data-subject requests, and vendor risk assessments - the paperwork customers say drops 70-80%.
Relyance AI sells to data-intensive enterprises - the kind where a single misrouted dataset is a headline. It reported roughly 30% customer growth in the first half of 2024.
The October 2024 Series B was led by Thomvest Ventures, with M12 - Microsoft's venture fund - and Cheyenne Ventures joining early backers Menlo Ventures and Unusual Ventures.
“There's a version of trust that's a marketing line, and a version that's a data map. Relyance AI builds the second kind.”
Abhi Sharma and Leila Golchehreh start Relyance AI in San Francisco to reconcile what companies do with their data against what they promised.
Backed by Menlo Ventures and Unusual Ventures, it launches to give privacy teams real-time insight into their own codebase.
Data-intensive customers pile in as the data-mapping and privacy-automation capabilities mature.
Thomvest Ventures leads, with M12 and Cheyenne Ventures, to push into AI security and governance.
Launches Data Journeys and the Data Exposure Graph, tracing data from source code through cloud to AI models.
Wins a 2026 award for enterprise data security and reports compressing compliance certainty from days to minutes.
CEO Abhi Sharma co-founded FogHorn, an edge-AI company Johnson Controls acquired in 2022, before starting Relyance AI. Second-time founder energy.
Co-founder Leila Golchehreh is an attorney by trade. The legal half of the team shaped a product that reads contracts as seriously as it reads code.
Rather than trusting a questionnaire, Relyance AI derives its data map from the actual systems - the part of governance you can't fake.
The company's move from privacy compliance toward AI security is less a pivot than a logical extension. Once you can trace where data goes, the question “did an AI model touch something it shouldn't have?” becomes answerable - and in 2025 and 2026, that is the question a lot of enterprises are quietly panicking about. Every company wants to deploy AI. Almost none can tell you what their models were actually fed. Relyance AI happens to have spent four years building exactly the plumbing that answers it.
The business case is framed, cannily, as growth rather than cost. Governance tools usually sell fear: buy this or get fined. Relyance AI's version is that verifiable trust lets you move faster - close the enterprise deal, ship the AI feature, satisfy the regulator - without stopping to reconstruct where your data went from memory. Whether that framing holds up is the interesting question. But with Coinbase, Snowflake, and Notion already on the wall, and a market that increasingly treats data governance as non-optional, the boring, verifiable version of trust is looking like a decent business to be in.
Compiled from public sources incl. Relyance AI, TechCrunch, PR Newswire, Crunchbase & M12. Figures approximate where noted.