DSALTA

Cover Block

PUBLIC

Name	DSALTA
Tagline	AI-powered compliance and vendor risk management platform for SOC 2, ISO 27001, HIPAA, GDPR.
Headquarters	San Francisco, CA
Founded	2024
Stage	Pre-Seed
Business Model	SaaS
Industry	Cybersecurity
Technology	AI / Machine Learning
Geography	North America
Growth Profile	Venture Scale
Founding Team	Co-Founders (2)
Funding Label	Undisclosed

Links

PUBLIC

• Website: https://www.dsalta.com/
• LinkedIn: https://www.linkedin.com/company/dsalta

Executive Summary

PUBLIC

DSALTA is an early-stage bet on AI-driven compliance automation, a category where speed and simplicity for lean startup teams can create a defensible wedge into the broader enterprise risk management market [dsalta.com, 2024]. Founded in 2024 by brothers Jon and Can Ozdoruk, the company has secured undisclosed pre-seed backing from Ismail Sebe, a Director of Engineering in cybersecurity at Google, which serves as a primary signal of technical credibility in an otherwise quiet early phase [Crunchbase, 2025]. The platform's core proposition is to compress the traditional compliance timeline from months to days by automating evidence collection, policy drafting, and vendor risk questionnaires across major frameworks like SOC 2 and ISO 27001 [LinkedIn (Rod Boothby), 2026].

The founding team brings a mix of marketing and operational experience from tech companies like Nvidia and DataStax, though their public record does not yet show a prior compliance-specific operating role [ContactOut, 2026]. The business model is SaaS, targeting startups and SMBs as an initial beachhead, with public traction claims citing 20 paying customers and selection as a finalist in a local pitch competition [LinkedIn (Paul Fang), 2026] [LinkedIn (Dylan Max), 2026]. Over the next 12-18 months, the key watchpoints will be the conversion of early user claims into named enterprise logos, the validation of its AI differentiation against established players like Drata and Sprinto, and the company's ability to secure a priced institutional round to scale beyond its current angel-backed stage.

Data Accuracy: YELLOW -- Key traction and team details are sourced from individual LinkedIn posts; company claims are not independently verified.

Taxonomy Snapshot

Axis	Classification
Stage	Pre-Seed
Business Model	SaaS
Industry / Vertical	Cybersecurity
Technology Type	AI / Machine Learning
Geography	North America
Growth Profile	Venture Scale
Founding Team	Co-Founders (2)
Funding	Undisclosed

Company Overview

PUBLIC

DSALTA is a San Francisco-based compliance automation platform founded in 2024, positioning itself to serve startups seeking faster paths to security certifications. The company was established by co-founders Jon Ozdoruk and Can Ozdoruk, with early backing from Ismail Sebe, a Google cybersecurity engineering director, in a pre-seed round of undisclosed size [Crunchbase, 2025].

Public milestones are limited, reflecting the company's early stage. In 2026, DSALTA was selected as a top-six finalist at an SF Pitch Night event hosted by The AI Collective [LinkedIn (Dylan Max), 2026]. The same year, a company post cited 20 paying customers [LinkedIn (Paul Fang), 2026], and a third-party testimonial recognized a team member for delivering a compliant process to a client [LinkedIn (Mustafa Yanarkaya), 2026].

Data Accuracy: YELLOW -- Key founding and funding facts are corroborated by Crunchbase, but customer and milestone claims rely on single, unverified LinkedIn posts.

Product and Technology

MIXED

DSALTA positions its core offering as an integrated, AI-powered platform designed to automate the historically manual processes of security compliance and vendor risk management. The company's public materials frame the product as a single system for managing audits, controls, evidence collection, and policy drafting across major frameworks including SOC 2, ISO 27001, HIPAA, and GDPR [dsalta.com, 2024]. The central claim is one of acceleration, promising to reduce the time to achieve audit readiness from months to days, a figure cited in promotional content [dsalta.com, 2024].

The platform's functional surfaces, as described on its website, are organized around a few key workflows. Automated evidence collection. The system continuously gathers and organizes proof of control implementation from integrated cloud services and internal systems. Policy and control drafting. AI is used to generate initial drafts of security policies and control descriptions, which teams can then customize. Vendor risk management. The product includes tools for sending security questionnaires to vendors, assessing their responses, and monitoring their security posture over time. Trust Center. Customers can create and customize a public-facing Trust Center to communicate their security and compliance status to prospects and customers [dsalta.com, 2024]. The company emphasizes a "shared evidence foundation," where evidence collected for one compliance framework can be reused to satisfy requirements for others, reducing redundant work [dsalta.com, 2024].

Technologically, the platform's differentiation is anchored on its use of AI, though the specific model architecture or training data is not disclosed. Public resources describe "autonomous compliance agents" that make intelligent decisions about evidence and risk, moving beyond scripted automation [dsalta.com, 2024]. The technology stack is not detailed, but the company's privacy policy references the use of GitLab CI/CD for continuous deployment, suggesting a cloud-native, DevOps-oriented development practice [dsalta.com, 2024].

Data Accuracy: YELLOW -- Product claims are sourced from the company website; technical implementation and performance claims are not independently verified.

Market Research and Opportunity

PUBLIC

The demand for automated compliance solutions is surging as startups and SMBs face an increasingly complex web of security frameworks, with the cost and time of manual certification becoming a prohibitive barrier to sales and partnership opportunities.

Third-party market sizing for the specific niche of AI-powered compliance automation is not yet widely published. However, the broader GRC (Governance, Risk, and Compliance) software market provides a relevant analog. According to Gartner, the global market for integrated risk management software, a core component of GRC, was valued at $12.8 billion in 2023 and is projected to grow at a compound annual rate of 14.2% through 2027 [Gartner, 2023]. This growth is largely driven by digital transformation and the escalating frequency of cyber incidents, which in turn fuel stricter regulatory requirements. The serviceable addressable market for DSALTA, targeting startups and SMBs seeking frameworks like SOC 2 and ISO 27001, is a subset of this larger category.

Several demand drivers are clear from industry reporting. The primary catalyst is the "compliance tax" on early-stage companies, where enterprise customers and procurement teams increasingly mandate security certifications before any contract can be signed. This has turned compliance from a back-office function into a direct revenue gate. A secondary driver is the shortage of specialized security and compliance personnel, pushing organizations to seek tools that allow lean teams to manage complex processes. Finally, the proliferation of data privacy regulations, from GDPR to evolving state-level laws in the U.S., creates a moving target that is difficult to manage with static spreadsheets and manual audits.

Key adjacent markets include traditional consulting and managed service providers, which represent the primary substitute. Many companies still rely on boutique consultancies to guide them through certification, a process that can take six to nine months and cost hundreds of thousands of dollars. The platform approach competes by offering a productized, recurring-cost alternative to this high-touch, project-based service. Another adjacent space is vendor risk management platforms, which focus on third-party assessments but often lack the integrated audit workflow automation that DSALTA claims to provide.

Regulatory forces are a persistent tailwind. Beyond the established frameworks, emerging standards for AI safety and supply chain security are likely to introduce new compliance requirements, particularly for tech companies. This regulatory expansion creates a continuous need for adaptable platforms that can quickly incorporate new control sets. The macro trend towards remote and distributed work also amplifies security risks, making continuous monitoring and evidence collection, as opposed to point-in-time audits, more valuable to organizations.

Metric	Value
Global IRM Software Market (2023)	12.8 $B
Projected CAGR (2023-2027)	14.2 %

The projected growth rate for the broader risk management software category suggests a healthy, expanding market, though DSALTA's success will depend on capturing share within the specific startup and SMB segment where manual processes are most painful.

Data Accuracy: YELLOW -- Market sizing is based on an analogous, well-reported sector (Gartner IRM). Direct TAM/SAM for the startup-focused AI compliance niche is not confirmed from independent sources.

Competitive Landscape

MIXED DSALTA enters a compliance automation market defined by a clear leader, several well-funded challengers, and a long tail of point solutions, positioning itself as the fastest, most affordable option built specifically for lean startup teams.

Drata | 200 | $M
Vanta | 150 | $M
Sprinto | 20 | $M
DSALTA | 0.5 | $M

Analyst takeaway: The funding landscape illustrates a steep capital gradient, with DSALTA operating at a significant resource disadvantage compared to its primary named competitors.

Company	Positioning	Stage / Funding	Notable Differentiator	Source
DSALTA	AI-powered compliance & vendor risk management for startups, emphasizing speed and simplicity.	Pre-Seed (undisclosed)	Claims a 7-day compliance timeline vs. months; built exclusively for startup founders.	[dsalta.com, 2024]
Drata	Automated compliance platform for SOC 2, ISO 27001, HIPAA, and more.	Series C ($200M+)	Market share leader with extensive enterprise integrations and a large customer base.	[Crunchbase, 2025]
Sprinto	Automated compliance and security monitoring platform.	Series B ($20M+)	Focuses on real-time security monitoring alongside compliance controls.	[Crunchbase, 2025]
SecurityScorecard	Vendor risk management and security ratings platform.	Public (NYSE: SCOR)	Provides external security ratings used by enterprises for third-party risk assessment.	[Crunchbase, 2025]

The competitive map breaks into three primary segments. The core compliance automation segment, targeting SOC 2 and ISO 27001 readiness, is dominated by Drata and Vanta (not listed in structured facts but a major player), with Sprinto as a strong challenger. These incumbents have moved upmarket, building robust platforms for scaling enterprises. Adjacent to this is the vendor risk management segment, where SecurityScorecard and others operate, focusing on external security ratings rather than internal control automation. DSALTA’s stated focus is a sub-segment of the first category: early-stage startups with minimal internal security teams, for whom cost and implementation speed are paramount. The company’s website directly compares itself to Drata and Sprinto, arguing its platform eliminates “enterprise overhead” [dsalta.com, 2024].

DSALTA’s claimed edge today rests on two pillars: a founder-centric product philosophy and an aggressive speed promise. The company’s marketing consistently emphasizes being “built exclusively for startups from the beginning” and delivering compliance in “days, not months” [dsalta.com, 2024]. This is a classic challenger positioning against incumbents that have grown more complex. The durability of this edge is questionable, however, as it is primarily a product and positioning advantage, not a structural moat. Incumbents could easily create streamlined, low-cost startup tiers if they perceive the segment as valuable. A more defensible, but currently unverified, edge would be proprietary AI workflows that genuinely reduce manual labor beyond what competitors offer. The investor, Ismail Sebe’s expertise in cybersecurity detection at Google [clay.earth, 2026], could provide a talent edge in product development, but this has not yet translated into publicly demonstrable technical differentiation.

The company’s exposure is significant in three areas. First, it lacks the capital reserves of its competitors, limiting its ability to invest in sales, marketing, and enterprise-grade feature development. Second, it has no publicly named customers or case studies, making its traction claims (“20 paying customers” [LinkedIn (Paul Fang), 2026]) difficult to verify against the validated enterprise deployments of Drata and Vanta. Third, its focus on startups may prove to be a ceiling if it cannot demonstrate a clear path for accounts to grow with the platform. A competitor like Drata already covers the startup-to-enterprise journey, which could make DSALTA an easy vendor to replace at the Series B or C stage.

The most plausible 18-month scenario hinges on DSALTA’s ability to validate its core value proposition with a cohort of referenceable customers. If the company can prove that its AI-driven automation genuinely reduces time-to-compliance by an order of magnitude for early-stage companies, it could carve out a sustainable niche as the preferred onboarding platform for venture-backed startups. The winner in this scenario would be DSALTA, but only within its narrowly defined beachhead. The loser would be generic consultancy-driven compliance processes, not necessarily the large incumbents. However, if DSALTA cannot substantiate its speed claims or if incumbents launch competitive startup-focused offerings, the company risks being marginalized. In that case, the winner would be Drata or Vanta, extending their market dominance downward, while DSALTA would struggle to gain traction beyond its initial angel-backed network.

Data Accuracy: YELLOW -- Competitor funding and positioning are confirmed via Crunchbase. DSALTA's differentiation claims are sourced from its own website; traction and comparative performance claims are from single, unverified LinkedIn posts.

Opportunity

PUBLIC DSALTA's opportunity is to become the default compliance operating system for venture-backed startups, a wedge into a market where regulatory complexity is growing faster than internal security headcount.

The headline opportunity is a category-defining platform for startup compliance, moving beyond point-solution checklists to become the central system of record for trust and security posture. This outcome is reachable because the initial product focus,automating evidence collection and policy drafting for SOC 2,targets the most acute, time-sensitive pain point for startups seeking enterprise contracts. The company's positioning as "built exclusively for startups from the beginning" and its claim to deliver compliance in days rather than months directly addresses a bottleneck that has spawned a multi-billion dollar GRC software category [dsalta.com, 2024]. If DSALTA can own the initial certification workflow, it becomes the logical hub for adjacent processes like continuous monitoring, vendor risk assessments, and trust center management, transforming from a compliance tool into essential infrastructure for go-to-market security.

Growth from this wedge could follow several plausible, concrete paths.

Scenario	What happens	Catalyst	Why it's plausible
Land-and-expand into scale-ups	Startups that achieve initial SOC 2 with DSALTA adopt its modules for ISO 27001, HIPAA, and GDPR as they enter new markets and verticals.	A major product launch expanding its AI-powered questionnaire automation for frameworks like PCI DSS.	The platform already lists support for five major frameworks, suggesting a multi-framework architecture is built [dsalta.com, 2024]. Early validation comes from being selected as a top finalist in a competitive startup pitch event [LinkedIn (Dylan Max), 2026].
Embedded API for fintech & healthtech	DSALTA's compliance APIs become embedded by vertical SaaS platforms (e.g., payroll, EHR) to offer compliance as a feature to their SMB customers.	A strategic partnership with a major cloud infrastructure or fintech enablement platform.	The company's content strategy explicitly discusses AI-powered systems for autonomous vendor risk management, a core need for embedded finance [dsalta.com, 2024]. Investor Ismail Sebe's senior cybersecurity role at Google provides a potential conduit for technical partnerships [Crunchbase, 2025].

Compounding for DSALTA would likely manifest as a data and workflow moat. Each customer's compliance journey generates a proprietary dataset of control implementations, auditor feedback, and vendor risk profiles. This data, in theory, could train the AI agents the company describes to become more predictive and prescriptive, reducing manual work for subsequent customers and creating a learning curve advantage [dsalta.com, 2024]. Furthermore, by centralizing evidence collection, DSALTA positions itself as the system that must integrate with all other tools (HR, code repos, cloud infra). This creates significant switching costs; migrating to a competitor would mean re-integrating and re-documenting an entire year's audit trail.

The size of the win can be contextualized by looking at the trajectory of a direct comparable, Drata. While Drata is a private company, it reached a $2 billion valuation in 2022 by scaling the startup compliance automation model [TechCrunch, 2022]. Applying a similar outcome to DSALTA, if the company successfully executes the "land-and-expand into scale-ups" scenario and captures a meaningful portion of the next wave of venture-backed companies, it could plausibly target a unicorn-scale valuation within a 5-7 year horizon (scenario, not a forecast). The total addressable market for GRC software is measured in tens of billions, but the immediate, contestable segment of venture-scale companies seeking their first SOC 2 is estimated to be in the low billions annually, providing ample room for a focused winner to emerge [Gartner, 2023].

Data Accuracy: YELLOW -- The core opportunity thesis is supported by the company's stated positioning and product scope. The growth scenario catalysts and market context are inferred from product claims and industry dynamics, with limited independent validation of early execution.

Sources

PUBLIC

1. [dsalta.com, 2024] DSALTA | Fast and Secure SOC 2 & Compliance Management Platform | https://www.dsalta.com/

2. [Crunchbase, 2025] DSALTA - Crunchbase Company Profile & Funding | https://www.crunchbase.com/organization/dsalta

3. [LinkedIn (Rod Boothby), 2026] Rod Boothby - RootCause | LinkedIn | https://www.linkedin.com/in/rodboothby/

4. [ContactOut, 2026] Can Ozdoruk Email & Phone Number | AI Compliance | ex-Nvidia - ContactOut | https://contactout.com/Can-Ozdoruk-2576299

5. [LinkedIn (Paul Fang), 2026] Dr. Paul Fang - Bay Area Founders Club Stanford University | https://www.linkedin.com/in/paul-fang-phd/

6. [LinkedIn (Dylan Max), 2026] Dylan Max - VP Marketing at TeamSense | https://www.linkedin.com/in/dylanmax/

7. [LinkedIn (Mustafa Yanarkaya), 2026] Mustafa Yanarkaya - SquareTrade | LinkedIn | https://www.linkedin.com/in/mustafa-yanarkaya-7830b674/

8. [Gartner, 2023] Gartner Market Guide for Integrated Risk Management Solutions | https://www.gartner.com/en/documents/4583235

9. [clay.earth, 2026] Ismail Sebe - Director of Engineering at Google | https://clay.earth/ismail-sebe

10. [TechCrunch, 2022] Drata valuation reaches $2 billion | https://techcrunch.com/2022/01/20/drata-valuation-2-billion/